Responsible data in open contracting

/ December 5, 2017

Over the past few months, we’ve been applying our Responsible Data lens to look at challenges in open contracting as part of a portfolio of work with Hivos. We originally published this work in a report in 2017; following feedback, we will be sharing it beginning in 2019 as a series of blog posts. The first one is here, and we’ll update this page with future links as the series progresses.

This year, Hivos’ Open Contracting Program have been moving into the implementation phase of their work together with their local partners. While they’ve been doing that, we’ve been talking with their partners, Hivos core staff, and the community of practitioners using open contracting data to advocate against corruption to understand what responsible data challenges they face in their work on open contracting.

Using a responsible data framework means looking at the power held by different stakeholders, and demanding appropriate levels of transparency relative to that power. Open contracting can be an invaluable way of uncovering corruption and shining a light on hugely important (but often overlooked) procurement processes and deals.

About the contributor

See 's Articles

0 thoughts on "Responsible data in open contracting"

  • Tim Davies says:

    Hey team.

    I was really looking forward to reading this report, so I’m somewhat reluctantly sharing the following feedback: as I fear the report has a lot of conceptual confusion, and glosses over key issues. Whilst I recognise it is framed as preliminary work – I’m left concerns that in not bringing clarity, it risks being damaging, rather than helpful, to work in this field – both on increasing openness, and encouraging responsible data practices.

    As I read through, I jotted down the comments below, which I hope can be taken in the spirit of open constructive critique, and a way to strengthen revisions or future work on responsible open contracting practices.

    ### (1) Scope

    The report opens stating that:

    > Open contracting data includes information about contracts, companies, and tenders, and can also include beneficial ownership data (personal data about people that own companies applying for government tenders).

    Yet this appears to conflate ‘Open Contracting’ and ‘Beneficial Ownership’. Although related, these are two distinct areas of transparency work.

    Open contracting is about disclosure and participation in contracting processes: tenders, awards, contracts and implementation. In terms of the widely used Open Contracting Data Standard, the only fields covering personal data are for the *contact people* at the buyer, bidders or suppliers.

    In my experience, whilst annexes to contracts might contain some named individuals responsible for aspects of project implementation, and some very complex bidding processes might ask for ownership information, I’ve not come across cases of contract documents themselves including details of company beneficial ownership.

    The design of the Open Contracting Data Standard encourages use of identifiers from established corporate registries, which allows linkages to be made to existing public registers of Beneficial Ownership (which exist in only a few countries right now), but in most common usages of the term ‘open contracting data’, the actual details of companies, and their ownership structures, are well out of scope.

    This focus on disclosure of company ownership carries forward when a dichotomy is drawn between privacy claims “that personal data about owners should not be published” and commercial confidentiality claims “that keeping data private is necessary for [a] companies protection”. This needs much more unpacking than it gets in the report:

    **Firstly** – a lot of the personal data that tenders, contracts or contracting processes *might* contain isn’t about the company owners, but about the employees, officers or service users.

    **Secondly** – it’s important to be clear in commercial confidentiality that we’re talking about an argument based on ‘potential harm to the commercial interests’ of the company, not about privacy rights per-se.

    **Thirdly** – when thinking about potential harms from disclosure, it’s important to consider not just individual privacy rights, but also the extent to which contracts *could* contain sensitive social or environmental information.

    To give a real example, earlier this year [we discovered that Gloucestershire County Council was attaching ‘pen pictures’ of care service users to public tender notices (apparently due to poor training of procurement staff in use of their e-tendering systems), when such documents should only have been securely circulated to approved providers on an existing framework]( That tenders to deliver care were taking place, and the value of awards that were made, should be public information: the personal details of the service users should not.

    As another example, we’ve seen cases where ‘direct awards’ of contracts for air tickets have been included in public datasets, giving the names of officials and the exact dates of their upcoming travel. Whilst this may be innocuous data some time *after* the travel has taken place (and as details of public officials travel may often be recognised as relevant public information), when this is published before the travel takes place it could potentially put those officials at risk of burglary, common scams or other harms.

    Overall, in confusing beneficial ownership and open contracting, and lacking a clear typology of the potential harms of disclosure of *specific* aspects of a contracting process (tenders, bids, awards, contract documents, annexes etc), the report fails to target the issues that really matter.

    The brief also looks to target “Responsible data considerations, frameworks, and ‘questions to ask yourself’ when publishing or using data in open contracting ” – yet, in general, publishers and users are very different groups of people, and with very different roles and risks. Any analysis needs to clearly distinguish considerations for publishers from considerations for users.

    ### (2) Strategic considerations

    The chapter on ‘Understanding the ecosystem’ appears to ignore the widespread framing of Open Contracting as a multi-stakeholder process, which can support not only transparency and accountability – but also efficiency and market improvements that governments may (at least rhetorically) want to see. The very design of Open Contracting initiatives is generally rooted in the ability for an increase in transparency to support multiple goals: and this creates a space for activists to create alliances with the business community and others to advocate for at least the disclosure component of open contracting.

    That, in politically contentious environments, information could be used politically – and that in such environments activists need to be careful about the information they use and how – is clearly important to state: but I struggle to see how a responsible lens helps here. This is about responsible and safe activism, and digital and physical security for activists. It’s not clear what framing this element in terms of data brings.

    There is one interesting point buried in this section about provenance: activism that works on the basis of leaked documents, or that cannot trace documents back to an official source, should consider the risk that documents may have been manipulated. Even when documents have not been deliberately manipulated, in environments where information is gained through reactive transparency/FOI, a contract obtained might have been amended without this being publicly known (as again, [we’ve seen in Gloucestershire](, affecting how advocacy can proceed.

    This highlights the importance of equipping actors using contracting data (whether businesses looking at contract renewal dates, or campaigners scrutinising procurement) with good research skills, and recognising that data and information should always be approached critically and sceptically when drawing conclusions.

    ### (3) False dichotomies

    The third section of the report is titled “Open by default, or responsibly open?”

    It’s not clear that there is an ‘or’ here.

    Being open by default does not mean being open always. It simply means that non-disclosure has to be justified, rather than the other way around. The dichotomy seems to have been proposed to ‘stake ground’ for a responsible data narrative – when it would be much stronger to show how a responsible data framing can complement open by default.

    Scattered across this section are a number of relevant reasons to consider restricting access to certain elements of information from a contracting process, but extracting anything actionable to guide: (a) decisions about publication; (b) decisions about use; and (c) design of advocacy strategies, is hard work.

    This section also misses out the critically important issue of existing legal frameworks and data protection capacity levels in the country where open contracting is being implemented. It’s quite different to design Open Contracting interventions in a country with an established Data Protection law, and where public officials are well trained in data protection – from doing so in a context where there is no legal framework, and practices are much less developed.

    When considering the issues of knowledge imbalances, the report’s blind-spot around commercial re-use of data becomes particularly problematic. There is a genuine question to ask about how the better publication of information on tender opportunities, particularly in cases where cross-border procurement agreements are in place, might lead to larger companies, or companies from other countries with comparative advantage, winning more contracts, and funds flowing out of the countries. That said, this is more a question about procurement market liberalisation, than about tender information per-se – albeit it is important to recognise that if lack of access to information has been a barrier to trade – then lowering that barrier can have consequences that should be socially evaluated by advocates.

    ### (4) General reflections

    In fairness, the brief notes that it’s conclusions are *”limited to the insights from practitioners within the Hivos open contracting program, some of whom are just getting started on their open contracting work. That means that they are baseline for learning as the program progresses, are not meant to be exhaustive, and will change as the program progresses.”*.

    Although equally – surfacing considerations about responsible publication and use of open contracting data based solely on interviews with people who self-identify as just starting out – and ignoring wider experience across the field – does not seem an entirely sensible approach. And partial conclusions that are published, whatever the caveats upon them, hang around much longer than their authors might intend.

    At worst, the current report risks damaging the field by failing to provide clarity, and asking scattergun questions without a clear way of mapping those to the particular decisions that are made during by different actors during the development of Open Contracting interventions. From reading I was left with a fear that, in creating uncertainty, it supports inaction: rather than encouraging a responsible approach to build a critically aware ‘open by default’ approach to transparency around public contracting.

    • Zara Rahman says:

      Hi Tim,

      Firstly – thanks for taking the time to share your thoughts on this! We really appreciate it, and it’s very much taken in the spirit intended. As main author, I take full responsibility for any inaccuracies, and can only say that in the future, we’ll have a longer feedback period for sector experts to give feedback. With regards to the major topics mentioned here, we’ll go through and issue corrections and a new version.

      A few general points:

      As you mention towards the end of your comment, we noted in the introduction that the note’s conclusions are limited, and primarily based on discussions with Hivos staff. This is for two reasons: because the scope of work (which was funded by Hivos) was limited to this; and because it was intended to inform Hivos’ work, based on how Hivos is planning to develop its OC programme. That said, I take your point that this could be misunderstood if that framing is missed, and we’ll do what we can to emphasise this further and mitigate this.
      Some of the issues included in the note, and that you mention, are the result of limits imposed by that scope. For example, some interviewees were concerned about personal data being included in contracts, despite the fact that (as you say) only personal data of buyers/bidders/suppliers is mentioned in the OCDS. We included those concerns to reflect the topics mentioned by interviewees.
      I also hear you on the need to distinguish between publication and use of data, and we’ll adjust accordingly.
      We deliberately didn’t include issues around data protection and legal frameworks, and we noted that these are covered in far better detail in the Open Contracting Partnership’s work on confidentiality.

      And now some more specific responses:

      ## Scope:
      You’re totally right on the mix-up between beneficial ownership and open contracting, and we’ll amend this. This was our mix-up and shouldn’t have happened – I take full responsibility.

      ## Strategic considerations
      Many of these concerns mentioned (particularly those around backlash, contentions around alliances, etc) came from interviewees working in extremely politically restrictive countries. I’d push back a little on your suggestion that it’s not useful to frame this in terms of data. As far as I can tell, conducting responsible advocacy when it comes to open contracting is ultimately a lot about data. If the transparency that open contracting facilitates is to lead to accountability, advocates and activists need to use the published data to push for change. Making that ‘push’ is a deeply political (and potentially dangerous) activity in some countries, and people we spoke to expressed deep concern about this. We see all these things as being deeply intertwined – from digital and physical security, to the way in which people are supported and encouraged to use data in their advocacy or activism. I hear you on the intention of OCP being a multi-stakeholder process which could, in certain climates, be a great tool for cooperation and alliance-building – but that requires certain prerequisites that might not always be present.

      ## False dichotomies
      Your point about needing to include issues around commercial re-use of data is well taken. With regards to ‘knowledge imbalances’ the intended point was more around noting that some groups of people (eg. those with higher access to internet/technology) are better equipped with tools needed to make the most of open contracting data in their advocacy. Groups with lower levels of access and technical capacity are less likely to be able to. As we say in the note – “some people will be able to take advantage of the data, and others might not be” – hence the questions around thinking about who could best use that data and how.

      All that to say – we’ll amend on a number of issues and re-publish with a note to thank you for your feedback. And (though I know this has already taken a lot of your time!) if you’d like to hop on a call to talk through anything above, just let me know.

      Thank you again!

  • Tim Davies says:

    Thanks Zara for your reply and response. This is really appreciated.

    Framing issue aside (which is probably more a case of tapping into where the audience for messages are at – and I recognise we have different audiences in mind), I really appreciate the point you are making in the above comment re: the concerns of activists about the risks of pushing on open contracting. Lots to reflect on there.

    Happy to discuss all these ideas more in the New Year.

Leave a Reply

Related /

/ July 26, 2022

Takeaways from our Community Call on Responsible Data for Social Justice Organisations

/ February 15, 2022

Responsible Data Community Retrospective series: 12 articles about the state of the Responsible Data work

/ March 2, 2021

Curating connections in the Responsible Data community