Address Privacy and Security Guides
Are you on-board with the concept of Principle 8, but aren’t sure how to begin incorporating it into your work? Check out these guides recommended by members of the working group to help get started:
International Conference of Data Protection and Privacy Commisioners
The International Standards of the Protection of Personal Data and Privacy, developed by the International Conference of Data Protection and Privacy Commissioners in 2009, defines a set of principles and rights guaranteeing the effective and internationally uniform protection of privacy with regard to the processing of personal data and the facilitation of the international flows of personal data needed in a globalized world.
International Committee of the Red Cross
The Professional Standards for Protection Work (2nd edition) reflect shared thinking and common agreement among humanitarian and human rights agencies (UN, NGOs and Red Cross and Red Crescent Movement). The standards were adopted through an ICRC-led consultation process. They constitute a set of minimum standards for humanitarian and human rights agencies, and the ICRC would maintain that the standard of protection that an agency provides should not fall below those set out in this document.
Responsible Data Forum
The Responsible Data Forum is a collaborative effort to develop useful tools and strategies for dealing with the ethical, security and privacy challenges facing data-driven advocacy. RDF activities include organizing events; fostering discussion between communities; developing and testing concrete tools; disseminating useful information; and advocating for advocates and their supporters to improve the way they work with data.
The Forum is a collaboration between Amnesty International, Aspiration, the engine room, Greenhost,HURIDOCS, Leiden University’s Peace Informatics Lab, Open Knowledge and Ushahidi.
United Nations Global Pulse
The United Nations Global Pulse’s Privacy and Data Protection Principles are intended to help ensure that individuals whose data is used are not adversely affected by their research. Because of the constantly-evolving nature of data protection and privacy law, Global Pulse expects these principles to evolve based on experience, industry developments and the comments of interested parties. The United Nations Global Pulse would like to thank all those who provided their valuable commentary during the development of the principles, and during their ongoing process of reviewing a more detailed set of guidelines.
Privacy by Design
Privacy by Design is a concept that was developed by the former Information and Privacy Commissioner of Ontario, Dr. Ann Cavoukian, back in the 90’s, to address the ever-growing and systemic effects of Information and Communication Technologies, and of large–scale networked data systems.
At the time, the notion of embedding privacy into the design of technology was far less popular – taking a strong regulatory stance was the preferred course of action. Since then, things have changed considerably and the Privacy by Design approach is now enjoying widespread popularity.
Privacy by Design advances the view that the future of privacy cannot be assured solely by compliance with legislation and regulatory frameworks; rather, privacy assurance must ideally become an organization’s default mode of operation.
Initially, deploying Privacy–Enhancing Technologies (PETs) was seen as the solution. Today, we understand that a more substantial approach is required – extending the use of PETs to taking a positive–sum, not a zero-sum, approach.
On this website you will find a series of papers, guides and other materials related to the concept of Privacy by Design.
In January 2012, the European Commission proposed a comprehensive reform of data protection rules in the EU. The completion of this reform is a policy priority for 2015. The objective of this new set of rules is to give citizens back control over of their personal data, and to simplify the regulatory environment for business. The data protection reform is a key enabler of the Digital Single Market which the Commission has prioritised. The reform will allow European citizens and businesses to fully benefit from the digital economy.
OECD Privacy Framework
Two themes run through the updated Guidelines. First is a focus on the practical implementation of privacy protection through an approach grounded in risk management. Second is the need for greater efforts to address the global dimension of privacy through improved interoperability. A number of new concepts are introduced, including:
- National privacy strategies – While effective laws are essential, the strategic importance of privacy today also requires a multifaceted national strategy co-ordinated at the highest levels of government.
- Privacy management programmes – These serve as the core operational mechanism through which organisations implement privacy protection.
- Data security breach notification – This provision covers both notice to an authority and notice to an individual affected by a security breach affecting personal data.
Other revisions modernise the OECD approach to transborder data flows, detail the key elements of what it means to be an accountable organisation, and strengthen privacy enforcement. As a step in a continuing process, this revision leaves intact the original “Basic Principles” in Part Two of the Guidelines. On-going work by the OECD on privacy protection in a data-driven economy will provide further opportunities to ensure that its privacy framework is well adapted to current challenges.
Trust Law Connect
The mHealth Alliance, the Thomson Reuters Foundation, Merck, and Baker & McKenzie partnered on a project to better understand privacy and security policy issues related to mHealth and identify gaps that must be addressed to protect health data. The partnership undertook a global landscape analysis of current privacy legislation and regulation was undertaken, with a closer look at a selected group of case study countries in Africa, Asia and Latin America, to establish a baseline for the discussion and provide examples of what different approaches to privacy regulation are already in use. The results of this review show that the world of privacy law is roughly divided into three major camps: (1) omnibus data protection regulation in the style of the European laws that regulate all personal information equally; (2) U.S.-style sectoral privacy laws that address specific privacy issues arising in certain industries and business sectors, so that only certain types of personal information are regulated; and (3) the constitutional approach, whereby certain types of personal information are considered private and inviolate from a basic human rights perspective but no specific privacy regulation is in place otherwise.
Humanitarian assistance is driven by information. From early warnings to needs assessments to final evaluations, information determines priorities and resource allocation. In addition, a crisis drives people to collect and share personal information that they otherwise wouldn’t: the names of missing family, medical conditions and needs, and their current location and that of their homes. In fact, the humanitarian principle of impartiality, requiring aid to be given on the basis of need alone, makes this information essential.
In 2013, the United Nations Office for the Coordination of Humanitarian Affairs (OCHA) examined emerging issues relating to information and communications, particularly the spread of cell phones and connectivity, advanced data analytics and other tools. Humanitarianism in the Network Age, the first UN report to identify information as a basic need in humanitarian response, sketched a vision of a future in which affected people produce and share information in real time with each other and with humanitarian responders, disasters are better anticipated through sophisticated monitoring systems, and accurate data and analysis clear the fog of war.
However, the “Network Age” also comes with risks and challenges. A humanitarian crisis can create a justification for waiving concerns about how information is collected and used, even as cyber-warfare, digital crime and government surveillance rises, particularly in unstable contexts. To deal with these challenges, Humanitarianism in the Network Age recommended that the humanitarian sector develop robust ethical guidelines for the use of information. It specifically called for “do no harm” standards that clearly address liability, privacy and security. This report looks in more depth at these issues and makes recommendations to ensure that emerging technology is used responsibly.