With this case study on developing a responsible data (RD) policy, we want to open a discussion about the process behind developing responsible data policies and share learnings from organisations as they start implementing a new RD policy.
The RD landscape for funders
Earlier this year, The Engine Room led a community research effort for the Open Technology Fund (OTF) to learn about the needs of OTF community members. We were particularly interested in learning about OTF’s needs around collecting, storing, sharing and publishing data about the individuals and projects that they support. The community consultation surfaced a good deal of thoughts about OTF’s relationship with the community’s data, and highlighted a desire for more reflection and transparency around internal processes and priorities.
OTF is a funder that works internationally, and, in general, funders hold an immense amount of data on their grantees and the people grantees work with. As mentioned in a blog post by Tom Walker and Fieke Jansen, “funders need to balance a number of issues when sharing data, including mitigating potential harm to an individual or grantee, safeguarding the reliability of the data when published, and promoting the sharing of data whenever possible.”
With this policy, OTF continue to be part of a growing group of funders thinking about and working on implementing responsible data safeguards. They acknowledge that, as a funder, they have privileged access to data and recognise that it is their responsibility to ensure that all possible measures are taken to reach optimum levels of privacy, security and transparency.
Understanding OTF’s culture and practices
To ensure that the final policy would fit with OTF’s existing way of working, we started by learning more about what makes OTF tick. We conducted institutional interviews with OTF team members about relevant internal data-related systems, policies and practices.
The interviews uncovered internal constraints, concerns and opportunities that could be addressed with the policy. We also conducted a scoping review of existing responsible data policies and desk research to understand OTF’s institutional context.
Developing the policy
Based on this preliminary research, we developed a collection of responsible data challenges and concerns – questions, situations and contexts where it’s important, yet difficult, to practice responsible data. Though some challenges were specific to OTF, many will be familiar to organisations who work in a similar sector.
Informed by these challenges and research findings, we designed the responsible data policy around the following core values:
- Open philanthropy
These core values are based on OTF’s internal value structure and areas that guide the team’s work. In the policy, the values correspond to respective responsible data commitments that OTF commit to upholding through the policy.
Many of the items in the responsible data policy are aspirational, and reflect the need for responsible data practices to be integrated as ongoing behaviours. Responsible data commitments in a policy are commitments to change behaviours that could put an individual’s right to consent, privacy, and security in jeopardy and that arise due to a complex system of needs and constraints.
The aspects we covered in the RD policy are drawn from challenges we heard from OTF staff and community members, and as ever, the publication of a policy is just the first step.
Taken together, the recommendations enable OTF to increase their positive impact, ensuring that the data OTF hold is as useful as possible for their community in a way that respects and protects their rights. The overall aims of the recommendations accompanying the RD policy are to:
- Standardise best practices
- Invest in the team’s collective knowledge about digital security, risk assessment and compliance
- Apply OTF’s open culture to internal decision-making around technology
Circling back around
Particularly in the fast-moving space of internet freedom, as time goes by, context changes. In the policy, OTF recognises that “as the makeup of the Internet Freedom community diversifies, the threat model of its community members shifts along with it.” An integral part of the responsible data policy is acknowledging that the policy is a living document and that it requires iterative reflection. OTF have committed to a yearly reflection and review of the policy and implementation, to scan for areas of improvement, and to adapt the organisation to emerging challenges and opportunities.
This policy is just the beginning of an open conversation around OTF’s responsible data practices and the community’s needs.
Lastly, this responsible data policy is CC-licensed. With this decision, OTF invite others – in particular other philanthropic funders – to copy from and remix the policy, and to use it as a template for reflecting upon how their own data practices impact the communities they serve. With OTF joining the discussion, we look forward to seeing more funders participate and implement responsible data behaviours.