Lucy Bernholz, Kelly Church, Natasha Duarte, and Zara Rahman discuss responsible data, power, and the role of data and ethics in tech for good
A recent exploration of responsible data (RD) practice in the nonprofit sector shows a deep disconnect between two opposing visions of data in social change work: one, rights-based and respectful of the individual ownership of data; and the other, data-centric and focused on transactional exchanges of development gains in return for data access and monetization.
Findings suggest that RD is rarely handled effectively, even in organizations that recognize the need to improve their compliance with RD principles. “Responsible data” is also such a new concept that it lacks organizational compliance mechanisms or even broad understanding. Meanwhile, polarized approaches to RD have created inconsistencies across platforms and projects that would make it impossible for data subjects to make informed decisions about who should get their data and how it would be managed.
The consultation that informed this conversation was conducted by the Good Data Collaborative funded by a 2016 Digital Impact Grant, and was a joint project with SIMLab, the CDT, Future of Privacy Forum (FPF) and The Engine Room.
Audio Podcast and Transcript
Download the transcript (PDF), watch the discussion using the media player, or listen by using the audio player below or by visiting the Digital Impact podcast on iTunes.
[powerpress]
Highlights
- We’re in this together: ‘Responsible Data’ is a concept that outlines our collective duty to think about the umbrella of ethical, legal, social, and privacy-related challenges that come from using data in new and different ways in advocacy and social change. Responsible data should be a conversation, and people should openly express their questions, concerns, and things they don’t understand.
- Systems thinking is required: Responsible Data encompasses a variety of issues which are sometimes thought about separately. Using the Responsible Data framework acknowledge that in order for any of them to be truly addressed, they need to be considered together.
- The data dichotomy is real: There are many examples of how tech and data are helping to improve lives. There’s also lots of evidence of how it’s doing exactly the opposite in many ways. And sometimes that’s intentional and malicious actors but sometimes it’s also through unintended consequences of well-intended actions. We need Responsible data to help people think through proactively what the unintended consequences of their actions are.
- Be proactive and intentional: Organizations should develop a plan for collecting data and an end-of-life policy for what they collect, thinking through where it will be kept, how long they will keep it, and who will be responsible for deleting it. Organizations should also limit access to sensitive data and run regular audits to track who is accessing that data, and why.
- Take a breath: Organizations are collecting and reporting data too quickly. They should instead be clear at the start about what they need versus what is already available. There is very little data minimization happening and organizations are asking additional questions they think could be potentially useful in the future, which often puts beneficiaries or end users at risk.
- Data have created an ecosystem of actors: Very few organizations do everything with the data they use (collection, handling, and analysis). Consultants, service providers, and donors are all frequently involved. Third party services should be compared for their security promises and guarantees, including encryption and two-factor authentication.
- Take inventory and respect people’s time: Organizations benefit from policies that prioritize data minimization, and they should limit their data collection to what they need to carry out their missions. Some questions have already been answered; the information may reside elsewhere.
- Responsible data needs all hands on deck: Practices should be extended beyond upper management to include field staff, volunteers, and interns, who often work with data-vulnerable populations. Everyone, including board members who routinely handle sensitive financial and programmatic data, should follow responsible data practices, attend trainings, and sign written agreements. Finally, responsible data needs to be a first-order priority, and not an afterthought or considered apart from the mission.
Speaker-Recommended Resources
- Digital Impact
- Digital Impact Toolkit
- Designed to help nonprofit organizations and foundations use digital data ethically, safely, and effectively
- Digital Impact Toolkit
- SIMLab
- Good Data Collaborative Consultation Report
- Consultation report on responsible data practice in civil society
- Context Analysis Framework
- Framework for context analysis of inclusive technology in social change projects
- Good Data Collaborative Consultation Report
- Center for Democracy & Technology (CDT)
- Can Data Collaboratives Improve Nonprofit Data Governance?
- Blog post by CDT’s Joseph Jerome
- Our Data Bodies
- Five-person team concerned about how digital data is collected, stored, and shared by governments and corporations
- The Legal, Policy, and Technical Landscape Around Data Deletion
- CDT paper explores why companies should implement sound technical and policy processes to formalize their practices
- Two Factor Auth (2FA)
- List of websites and whether or not they support two-factor authentication
- Can Data Collaboratives Improve Nonprofit Data Governance?
- The Engine Room and Responsible Data (RD) Forum
- Responsible Data Forum
- Community for those committed to using data safely and ethically for social change; a space to share challenges and develop practical ways of tackling them
- Why Big Data Needs Thick Data
- A researcher’s discoveries while conducting ethnographic research at Nokia
- Looking back at the GDPR community call and sharing resources
- RD community forum discussion on the implications and challenges of the General Data Protection Regulation (GDPR)
- Responsible Data reflection stories: an overview
- A structured knowledge base on the unforeseen challenges and (sometimes) negative consequences of using technology and data for advocacy
- Responsible Data Forum
- From the Audience
- Responsible Data Hackpad
- Shared document curated by participants of MERL Tech
- Responsible Data Hackpad
- Other Resources
- General Data Protection Regulation (GDPR)
- Website created to educate the public about the main elements of the GDPR
- Responsible Data Management
- Oxfam training pack for humanitarian organizations on managing program data
- Oxfam Responsible Program Data Policy
- Approved in April 2015 by Oxfam’s Executive Board
- General Data Protection Regulation (GDPR)