All In Your Business: Talking Data Governance and Privacy at Development Gateway

image credit

What Does Data Governance and Privacy Mean at DG?

Human rights have moved online as data and technology become increasingly central to how governments operate, and how individuals interact with their governments. While much of the conversation about better data governance and improved data privacy has focused on the private sector (Facebook, Google, etc.) there is much room in the non-profit/international development space to consider our own governance and privacy practices – such as how we can set practical, rigorous standards to safely and ethically manage data use in our work. 

When we say “data governance” at DG, we are referring to the systems through which we manage data. This often includes policies or other documentation that govern the principles, roles, responsibilities, and tools through which we organize both internal data generated by us as individuals, as well as external data generated by users of our tools and strategies. Often (but not always) our documentation will address some or all core issues of data privacy at the same time, such as guidelines around the safe collection, storage, deletion, and sharing of data gathered in the course of our operations.

Conversations We Want to Have

Our work is at the intersection of open data, technological development, and strategic advising to improve data use. We see growing questions about how we as a global community manage, share, reuse, and store data that is integral to our existing and future work. As a mission-driven, non-profit organization that builds user-centered tools, we have been thinking a lot internally about how we can “walk the talk”, setting standards and approaches that reflect our values. The following are just a few examples of conversations we want to have broadly with our peers and partners in the space:

In the Absence of Law

Often in the non-profit/development sector, there are laws that we follow, but we are not always under the same kinds of scrutiny as corporations. We work and engage in geographical and physical spaces where we are driven more often by what is morally and ethically acceptable, more so than what the law prescribes. With this in mind, the question about data privacy in the space DG works in, is very much about how we define responsible and ethical use of data, not only for ourselves, but for the partners we work with. For example, UN OCHA’s Centre for Humanitarian Data has put out extensive guidance on data sharing and collection in humanitarian contexts. What are (or should be) the parallels in the broader international development sector?

Practical Approaches

There is general agreement that data should be used responsibly. Yet there is a significant gap between beliefs and practices. Why? In part because good practices in data governance and privacy can be difficult to adapt and integrate into projects, programs, and policies. This challenge is exacerbated in settings where there are limited time and resources to implement costly privacy audits and complex data management structures. Twitter, and many other content creation companies, have a trust and safety team. Who is responsible for ensuring uniform data privacy at your organization? 

Other Issues We are Seeing

On a broader level, we are seeing trends in data governance and privacy issues that we are curious to learn more about and excited to engage others in:

• The last few years have seen a proliferation of data protection laws being put in place, with the number rising drastically across Latin America and Africa. However, what does that mean for actual enforcement? Are there human and financial resources in place to enforce protection? This will increasingly become an important question as countries shift from “we have a law” to “what should we do with it?”
• The framing around data privacy is too narrow. A lot of laws focus on the individual harm, but we need to document and expand our analysis of community based harm (e.g. ethnic group, religious group, etc.), as well as broader bias in decision making – especially as new and innovative technologies interrupt traditional relationships between governments and communities. 
• In our increasingly interconnected world, data may be collected for a single use/purpose but in practice it can be used, reused, and even resold in ways far beyond what was originally anticipated, and in ways that abridge or violate people’s rights. How can we get better at anticipating future reuse (and what potential harms may come from reuse in inequitable ways)?
• The growth of cloud storage; it is easy and cost-effective, but how does that alter which data protections are applicable, and how communities can query unethical data gathering when it is stored in places they can not easily “see.” This is particularly important for communities in the Global South engaging with cloud companies based out of easy reach in the US, Europe, etc.

Where Are We Going?

The goal over the next year is multifold: we want to look closely at DG’s own internal practices, policies, and learnings, and share externally the practical ways in which DG can “walk the talk” of safeguarding data. As a result, we will be able to share tools and approaches that organizations like us — and the partners we advise — can use to turn theoretical support for data privacy into concrete steps to make data equity a reality. We look forward to discussing our upcoming podcast in which we delve into some of the issues and trends we have identified, so watch this space.