Responsible Data
reflection stories

In the lead-up to the implementation of the EU’s General Data Protection Regulation (GDPR) in May 2018, small and large organisations alike were abuzz with speculation as to how it would affect them. A much-awaited legislation, the GDPR is a regulation that harmonises and strengthens data protection laws across EU member states. In the year since it went into effect, it is clear that complying with the GDPR has presented a challenge for civil society but that many of the warnings about endless fines for civil society organisations haven’t come to pass. 

Through conversations with responsible data community members and colleagues, we heard much excitement around the GDPR. Though few, if any, would argue it is perfect, the GDPR represents a step forward in concretising legal and regulatory mechanisms to enforce responsible data practices. Given how strongly these concepts align with many civil society missions, we asked ourselves, “How can the GDPR be used to support the work of civil society?” The stories that follow are meant to serve as an exploration of this question, shedding light on how the GDPR — and similar data protection legislation — presents an opportunity for civil society to not only examine their own data practices, but hold others to account.

We were able to carry out this project with the support of the Open Society Foundations and hope that the stories can serve as inspirations for reflection, learning and the development of new ways of leveraging data protection legislation.

Read Overview

Through the various Responsible Data Forum events over the past couple of years, we’ve heard many anecdotes of responsible data challenges faced by people or organizations. These include potentially harmful data management practices, situations where people have experienced gut feelings that there is potential for harm, or workarounds that people have created to avoid those situations. But we feel that trading in these “war stories” isn’t the most useful way for us to learn from these experiences as a community. Instead, we have worked with our communities to build a set of Reflection Stories: a structured knowledge base on the unforeseen challenges and (sometimes) negative consequences of using technology and data for social change. We were able to do this with the support of Hivos. We hope that this can offer opportunities for reflection and learning, as well as helping to develop innovative strategies for engaging with technology and data in new and responsible ways.  

Read Overview Download Overview

The Reflection Stories


Access to treatment for HIV/AIDS patients


Mental health-related alerts from Twitter


Amplifying narratives from Twitter


Verification of social media

Data collection

Building a tech tool for sensitive data


Recognising uncertainty in statistics

Data Protection Stories, Overview

Data protection reflection stories: an overview

Data Protection Stories

Investigating apps that share personal data to Facebook without consent

Data Protection Stories

Building collective momentum to challenge the ad tech industry

Data Protection Stories

Helping individuals take control of their data

Data Protection Stories

Addressing stalkerware and gender-based abuse through data protection law

Data Protection Stories

Data rights for workers in the gig economy

Data Protection Stories

Improving data practices from the inside out