What Real Accountability in the Humanitarian Sector Can Look Like
Humanitarian organisations are bound by a duty to do no harm; however, sometimes in their bid to integrate data technologies into aid provision, they might end up doing more harm than good.
Data breaches are one such instance. When these occur in the humanitarian sector, very sensitive data can end up in the hands of potentially harmful actors. While some humanitarian organisations enjoy immunity from being held legally accountable, most do not; but there is also no common understanding of ‘accountability’ for accountability to be meaningful and actionable.
Due to the sensitive nature of the work and the commonly-held belief that humanitarians are ‘doing good’, humanitarian action has not been subject to regulation in the same ways as other sectors. In the absence of legal reporting requirements for data breaches, humanitarian accountability generally flows towards donors and member states, rather than towards beneficiaries of humanitarian aid.
Humanitarian agencies are bound by their charters, their responsibilities as outlined by country agreements, and – for organisations without privileges and immunities – by domestic laws. There is often no requirement to inform beneficiaries that data collected from them or about them has been accessed, without authorisation, by a third party. In the case of organisations with immunity, even if the beneficiaries learn of a data breach, they cannot sue the organisation for damages or reparations unless the organisation waives its immunity, which is exceedingly rare. In the case of organisations without immunity, the relative power of the organisation and a weak rule of law situation in many contexts can be a barrier to meaningful redress.
For the past seven years, the Responsible Data community has grappled with questions of ethics and accountability in the humanitarian sector, demanding that a breach not cause further persecution. Members of the community have mapped responsible data practices in the humanitarian sector, called on international bodies to help create a safe and inclusive digital future, created resource guides for safe and responsible data collection, and formulated shared strategies to uphold data ethics during the COVID-19 pandemic.
Community members have shown how to bring about greater transparency to data partnerships and promote new models of data protection centring economic development. The community has advanced justice and rights-based approaches to responsibly handing beneficiary data and promoted an equity-based framework. Community members have also uplifted children’s rights by highlighting the need for children’s participation to prevent harms across the data life cycle.
Members of the Responsible Data community have called on humanitarian agencies to acknowledge the possible harms caused by humanitarian innovation and the importance of decolonising humanitarian data practices, emphasising the need to protect group data as humanitarian situations often demand.
Now the question is: What can accountability look like?
For humanitarian aid to move towards justice, agencies can address the power imbalance between givers and receivers. As notions of consent evolve in humanitarian contexts, so can notions of accountability.
Humanitarian aid beneficiaries can be integrated into the process of distributing aid, with real leadership and power in how their data is collected and utilised. In a paper titled “Should international organisations include beneficiaries in decision-making? Arguments for mediated inclusion,” researcher Chris Tenove makes the case that according to the ‘affected interests’ principle, those impacted by governance decisions ought to be included in international organisations’ decision-making processes. In the case of humanitarian data governance, beneficiaries’ normative claim to inclusion would require a ‘mediated inclusion’, wherein representatives can make claims on beneficiaries’ behalf and have a meaningful ability to influence decisions on data collection, processing and storage.
However, even in the absence of a legal requirement, humanitarians have the opportunity to disclose data breaches, offer support to affected data subjects, and promote transparency as they fix systems to maintain trust among beneficiaries. They can share how previous breaches were remedied and demonstrate how they are preparing to mitigate against future harms and adopting safer data collection practices, both during and beyond the COVID-19 pandemic.
Humanitarian organisations can set up internal processes where complaints can be received anonymously, to remedy the fear of backlash, and where both individual and group-level concerns are met. The ICRC Data Protection Commission offers an example of what has been done in this area.
To practice accountability to communities, humanitarian agencies can share and publicise privacy impact assessments prior to data collection, alongside their plans for responding to a breach. Agencies can spell out what responsibility looks like and outline actionable consequences for data breaches.
There is also an opportunity to engage in stronger external accountability. Donors can play an important role in setting data policy priorities and increasing compliance with voluntary certification processes that uphold core humanitarian standards. Such processes could include recurring recertification options, with mid-term reviews and final evaluations by third parties.
Since the current accountability mechanisms still depend a great deal on individual action, there is an opportunity for internal and external bodies to take suo motu, or unprompted, action to review and report on a data breach. Community members have also recommended the creation of an independent investigatory body to examine the extent of legal harm caused by a data breach.
The humanitarian sector still relies on self-regulation and internal compliance. For this reason, grassroots-led accountability efforts can provide essential oversight and counterbalance (as Jennifer Easterday points out in her contribution to this collection). The Responsible Data community – composed of activists, scholars, and other experts – has provided useful guidance and support to humanitarian organisations’ processes over the years. Onwards and upwards to many more years of responsible and equitable data practices!