Handbook on Data Protection in Humanitarian Action, 2nd ed. (2020)

Kuner, Christopher; Marelli, Massimo:

Handbook on Data Protection in Humanitarian Action, 2nd ed. (2020)

312 p.

 

ICRC International Committee of the Red Cross, Geneva,

ISBN 978-2-940396-80-1

 

https://shop.icrc.org/download/ebook?sku=4305.01/002-ebook

 

 

 

TABLE OF CONTENTS

ACKNOWLEDGEMENTS …………………………………………………………………………….. 10

FOREWORD ………………………………………………………………………………………………. 11

GLOSSARY OF DEFINED TERMS AND ABBREVIATIONS . ……………………………… 12

PART I – GENERAL CONSIDERATIONS

  1. .INTRODUCTION ………………………………………………………………………………….. 19

1.1 Background ………………………………………………………………………… 20

1.2 Objective …………………………………………………………………………….. 21

1.3 Structure and approach ………………………………………………………… 25

1.4 Target audience …………………………………………………………………… 25

  1. BASIC PRINCIPLES OF DATA PROTECTION …………………………………………… 27

2.1 Introduction ………………………………………………………………………… 28

2.2 Basic data protection concepts ………………………………………………… 31

2.3 Aggregate, Pseudonymized and Anonymized data sets ………………… 33

2.4 Applicable law and International Organizations ………………………… 34

2.5 Data Processing principles ……………………………………………………… 35

2.5.1 The principle of the fairness and lawfulness of Processing …….. 35

2.5.2 The purpose limitation principle ……………………………………………… 36

2.5.3 The principle of proportionality ……………………………………………….. 36

2.5.4 The principle of data minimization ………………………………………….. 38

2.5.5 The principle of data quality …………………………………………………….. 39

2.6 Special data Processing situations ……………………………………………. 39

2.6.1 Health purposes ………………………………………………………………………….. 39

2.6.2 Administrative activities ………………………………………………………….. 41

2.6.3 Further Processing …………………………………………………………………….. 41

2.7 Data retention …………………………………………………………………….. 43

2.8 Data security and Processing security ………………………………………. 43

2.8.1 Introduction ……………………………………………………………………………….. 43

2.8.2 Physical security ………………………………………………………………………… 45

2.8.3 IT security …………………………………………………………………………………… 46

2.8.4 Duty of discretion and staff conduct ………………………………………… 47

2.8.5 Contingency planning ……………………………………………………………….. 48

2.8.6 Destruction methods …………………………………………………………………. 48

2.8.7 Other measures ………………………………………………………………………….. 49

2.9 The principle of accountability ……………………………………………….. 49

2.10 Information ………………………………………………………………………… 50

2.10.1 Data collected from the Data Subject ………………………………………. 50

2.10.2 Information notices ……………………………………………………………………. 51

2.10.3 Data not collected from the Data Subject …………………………………. 52

2.11 Rights of Data Subjects ………………………………………………………….. 53

2.11.1 Introduction ……………………………………………………………………………….. 53

2.11.2 Access ………………………………………………………………………………………… 53

2.11.3 Correction …………………………………………………………………………………… 55

2.11.4 Right to erasure ………………………………………………………………………… 55

2.11.5 Right to object ……………………………………………………………………………. 56

2.12 Data sharing and International Data Sharing ……………………………. 57

  1. LEGAL BASES FOR PERSONAL DATA PROCESSING . ………………………………. 59

3.1 Introduction ………………………………………………………………………… 60

3.2 Consent ………………………………………………………………………………. 61

3.2.1 Unambiguous ……………………………………………………………………………… 62

3.2.2 Timing ………………………………………………………………………………………… 62

3.2.3 Validity ………………………………………………………………………………………… 62

3.2.4 Vulnerability ……………………………………………………………………………….. 62

3.2.5 Children ………………………………………………………………………………………. 63

3.2.6 Informed …………………………………………………………………………………….. 64

3.2.7 Documented ……………………………………………………………………………….. 65

3.2.8 Withholding/withdrawing Consent ………………………………………….. 65

3.3 Vital interest ………………………………………………………………………. 66

3.4 Important grounds of public interest ………………………………………. 67

3.5 Legitimate interest ……………………………………………………………….. 68

3.6 Performance of a contract ………………………………………………………. 70

3.7 Compliance with a legal obligation ………………………………………….. 70

  1. INTERNATIONAL DATA SHARING ……………………………………………………….. 73

4.1 Introduction ………………………………………………………………………… 74

4.2 Basic rules for International Data Sharing …………………………………. 76

4.3 Providing a legal basis for International Data Sharing …………………. 76

4.3.1 Introduction ……………………………………………………………………………… 76

4.3.2 Legal bases for International Data Sharing ……………………………… 77

4.4 Mitigating the risks to the individual ………………………………………. 77

4.4.1 Appropriate safeguards/Contractual clauses ……………………………. 78

4.4.2 Accountability ……………………………………………………………………………. 79

4.5 Data Controller/Data Processor relationship ……………………………… 80

4.6 The disclosure of Personal Data to authorities ……………………………. 80

  1. DATA PROTECTION IMPACT ASSESSMENTS (DPIAS) …………………………….. 83

5.1 Introduction ………………………………………………………………………… 84

5.2 The DPIA process …………………………………………………………………. 86

5.2.1 Is a DPIA necessary. …………………………………………………………………… 86

5.2.2 The DPIA team ……………………………………………………………………………. 86

5.2.3 Describing the Processing of Personal Data ……………………………… 87

5.2.4 Consulting stakeholders ……………………………………………………………. 87

5.2.5 Identify risks ……………………………………………………………………………… 87

5.2.6 Assess the risks ………………………………………………………………………….. 88

5.2.7 Identify solutions ………………………………………………………………………. 88

5.2.8 Propose recommendations ………………………………………………………… 88

5.2.9 Implement the agreed recommendations …………………………………. 88

5.2.10 Provide expert review and/or audit of the DPIA ………………………. 89

5.2.11 Update the DPIA if there are changes in the project ……………….. 89

PART II – SPECIFIC PROCESSING SITUATIONS AND TECHNOLOGIES

  1. DATA ANALYTICS AND BIG DATA …………………………………………………………. 91

6.1 Introduction ………………………………………………………………………… 92

6.2 Application of basic data protection principles …………………………… 97

6.2.1 Purpose limitation and Further Processing ……………………………… 98

6.2.2 Legal bases for Personal Data Processing ……………………………….. 100

6.2.3 Fair and lawful Processing ………………………………………………………. 102

6.2.4 Data minimization …………………………………………………………………… 103

6.2.5 Data security ……………………………………………………………………………. 104

6.3 Rights of Data Subjects …………………………………………………………. 105

6.4 Data sharing ……………………………………………………………………… 106

6.5 International Data Sharing ……………………………………………………. 106

6.6 Data Controller/Data Processor relationship …………………………….. 107

6.7 Data Protection Impact Assessments ……………………………………….. 108

  1. DRONES/UAVS AND REMOTE SENSING . ………………………………………………. 111

7.1 Introduction ……………………………………………………………………….. 112

7.2 Application of basic data protection principles …………………………… 115

7.2.1 Legal bases for Personal Data Processing ………………………………… 115

7.2.2 Transparency/Information ……………………………………………………….. 119

7.2.3 Purpose limitation and Further Processing …………………………….. 119

7.2.4 Data minimization …………………………………………………………………… 120

7.2.5 Data retention ………………………………………………………………………….. 120

7.2.6 Data security …………………………………………………………………………….. 121

7.3 Rights of Data Subjects …………………………………………………………. 121

7.4 Data sharing ……………………………………………………………………… 122

7.5 International Data Sharing ……………………………………………………. 123

7.6 Data Controller/Data Processor relationship …………………………….. 124

7.7 Data Protection Impact Assessments ……………………………………….. 124

  1. BIOMETRICS ……………………………………………………………………………………… 127

8.1 Introduction ……………………………………………………………………….. 128

8.2 Application of basic data protection principles ………………………….. 130

8.2.1 Legal bases for Personal Data Processing ………………………………… 132

8.2.2 Fair and lawful Processing ……………………………………………………….. 135

8.2.3 Purpose limitation and Further Processing …………………………….. 135

8.2.4 Data minimization ……………………………………………………………………. 137

8.2.5 Data retention …………………………………………………………………………… 137

8.2.6 Data security ……………………………………………………………………………. 138

8.3 Rights of Data Subjects …………………………………………………………. 138

8.4 Data sharing ……………………………………………………………………… 138

8.5 International Data Sharing ……………………………………………………. 139

8.6 Data Controller/Data Processor relationship …………………………….. 139

8.7 Data Protection Impact Assessments ……………………………………….. 140

  1. CASH TRANSFER PROGRAMMING ……………………………………………………… 143

9.1 Introduction ……………………………………………………………………….. 144

9.2 Application of basic data protection principles ………………………….. 148

9.3 Basic principles of data protection …………………………………………. 149

9.3.1 Legal bases for Personal Data Processing ……………………………….. 150

9.3.2 Purpose limitation and Further Processing …………………………….. 152

9.3.3 Data minimization ……………………………………………………………………. 153

9.3.4 Data retention ………………………………………………………………………….. 154

9.3.5 Data security …………………………………………………………………………….. 155

9.4 Rights of Data Subjects …………………………………………………………. 156

9.5 Data sharing ……………………………………………………………………… 156

9.6 International Data Sharing ……………………………………………………. 157

9.7 Data Controller/Data Processor relationship …………………………….. 157

9.8 Data Protection Impact Assessments ……………………………………….. 158

  1. CLOUD SERVICES . ……………………………………………………………………………… 161

10.1 Introduction ……………………………………………………………………….. 162

10.2 Responsibility and accountability in the cloud …………………………… 164

10.3 Application of basic data protection principles ………………………….. 165

10.3.1 Legal bases for Personal Data Processing ……………………………….. 165

10.3.2 Fair and lawful Processing ………………………………………………………. 167

10.3.3 Purpose limitation and Further Processing ……………………………. 167

10.3.4 Transparency ……………………………………………………………………………. 168

10.3.5 Data retention ………………………………………………………………………….. 168

10.4 Data security ……………………………………………………………………… 169

10.4.1 Data in transit protection …………………………………………………………. 173

10.4.2 Asset Protection …………………………………………………………………………. 173

10.4.2.1 Physical location …………………………………………………………………………. 173

10.4.2.2 Data centre security …………………………………………………………………… 174

10.4.2.3 Data at rest security …………………………………………………………………… 174

10.4.2.4 Data sanitization ………………………………………………………………………. 174

10.4.2.5 Equipment disposal …………………………………………………………………… 174

10.4.2.6 Availability …………………………………………………………………………………. 174

10.4.3 Separation between users …………………………………………………………. 175

10.4.4 Governance ………………………………………………………………………………… 175

10.4.5 Operational security ………………………………………………………………….. 175

10.4.6 Personnel …………………………………………………………………………………… 176

10.4.7 Development ……………………………………………………………………………… 176

10.4.8 Supply chain ……………………………………………………………………………… 176

10.4.9 User management …………………………………………………………………….. 176

10.4.10 Identity and authentication ……………………………………………………… 177

10.4.11 External interfaces ……………………………………………………………………. 177

10.4.12 Service administration …………………………………………………………….. 177

10.4.13 Audits …………………………………………………………………………………………. 177

10.4.14 Service usage …………………………………………………………………………….. 177

10.5 Rights of Data Subjects …………………………………………………………. 178

10.6 International Data Sharing ……………………………………………………. 178

10.7 Data Controller/Data Processor relationship …………………………….. 178

10.8 Data Protection Impact Assessments ……………………………………….. 179

10.9 Privileges and immunities and the cloud ………………………………….. 179

10.9.1 Legal measures ………………………………………………………………………… 180

10.9.2 Organizational measures ………………………………………………………… 180

10.9.3 Technical measures ………………………………………………………………….. 181

  1. MOBILE MESSAGING APPS . ……………………………………………………………….. 183

11.1 Introduction ……………………………………………………………………….. 184

11.1.1 Mobile messaging apps in Humanitarian Action …………………… 186

11.2 Application of basic data protection principles ………………………….. 187

11.2.1 Processing of Personal Data through mobile messaging apps .. 187

11.2.1.1 Potential threats ………………………………………………………………………… 188

11.2.2 What kind of data do messaging apps collect or store. ………….. 189

11.2.3 How could other parties access data shared

on messaging apps. …………………………………………………………………. 192

11.2.4 Messaging app features related to privacy and security ………… 194

11.2.4.1 Anonymity permitted/no requirement

for authenticated identity ………………………………………………………… 194

11.2.4.2 No retention of message content ……………………………………………… 195

11.2.4.3 End-to-end encryption …………………………………………………………….. 195

11.2.4.4 User ownership of data ……………………………………………………………… 195

11.2.4.5 No or minimal retention of metadata ………………………………………. 195

11.2.4.6 Messaging-app code is open source …………………………………………. 196

11.2.4.7 Company vets disclosure requests from law enforcement ………. 196

11.2.4.8 Limited Personal Data sharing with Third Parties …………………… 196

11.2.4.9 Restricting access through the device’s operating system,

software or specific security patches ………………………………………. 197

11.2.5 Processing of Personal Data collected through mobile

messaging apps ………………………………………………………………………… 197

11.3 Legal bases for Personal Data Processing ………………………………… 198

11.4 Data retention ……………………………………………………………………. 198

11.5 Data Subject Rights to rectification and deletion ……………………….. 199

11.6 Data Minimization ………………………………………………………………. 199

11.7 Purpose limitation and Further Processing ……………………………… 200

11.8 Managing, analysing and verifying data ………………………………….. 201

11.9 Data protection by design …………………………………………………….. 202

11.10 International Data Sharing …………………………………………………… 202

  1. DIGITAL IDENTITY ………………………………………………………………………….. 205

12.1 Introduction ………………………………………………………………………. 206

12.1.1 Authentication, identification and verification:

Who are you and how can you prove it. …………………………………… 208

12.1.2 Digital Identity …………………………………………………………………………. 209

12.1.3 System design and governance ……………………………………………….. 210

12.1.4 Digital Identity in the humanitarian sector:

Possible scenarios ……………………………………………………………………… 211

12.1.5 Digital Identity as foundational identity …………………………………. 212

12.2 Data Protection Impact Assessments ……………………………………….. 214

12.3 Data Protection by Design and by Default ………………………………… 214

12.4 Data Controller/Data Processor relationship …………………………….. 215

12.5 Rights of Data Subjects …………………………………………………………. 216

12.5.1 Right of access ………………………………………………………………………….. 217

12.5.2 Rights to rectification and erasure ………………………………………….. 218

12.6 Application of basic data protection principles ………………………….. 218

12.6.1 Legal bases for Personal Data Processing ……………………………….. 218

12.6.2 Purpose limitation and Further Processing ……………………………. 219

12.6.3 Proportionality ………………………………………………………………………… 219

12.6.4 Data minimization …………………………………………………………………… 220

12.6.5 Data security ……………………………………………………………………………. 220

12.6.6 Data retention ………………………………………………………………………….. 221

12.7 International data sharing ……………………………………………………. 221

  1. SOCIAL MEDIA . …………………………………………………………………………………. 223

13.1 Introduction ………………………………………………………………………. 224

13.1.1 Social media in the humanitarian sector ……………………………….. 224

13.1.2 Social media and data …………………………………………………………….. 226

13.1.2.1 What data are generated on social media and how. ………………. 226

13.1.2.2 What data can be shared with third parties. …………………………… 228

13.1.2.3 What data can law enforcement and government

authorities obtain. ……………………………………………………………………. 229

13.2 Data Protection Impact Assessments ……………………………………….. 230

13.3 Ethical issues and other challenges …………………………………………. 232

13.4 Data Controller/Data Processor relationship …………………………….. 233

13.5 Basic data protection principles …………………………………………….. 234

13.5.1 Legal bases for Personal Data Processing ……………………………….. 234

13.5.2 Information ……………………………………………………………………………… 235

13.5.3 Data retention ………………………………………………………………………….. 236

13.5.4 Data security ……………………………………………………………………………. 237

13.6 International data sharing ……………………………………………………. 237

  1. BLOCKCHAIN ……………………………………………………………………………………. 239

14.1 Introduction ………………………………………………………………………. 240

14.1.1 What is Blockchain. ………………………………………………………………… 240

14.1.2 Types of Blockchain ………………………………………………………………… 242

14.1.3 Blockchain in practice …………………………………………………………….. 244

14.1.4 Humanitarian use cases …………………………………………………………. 246

14.2 Data Protection Impact Assessments ………………………………………. 248

14.3 Data Protection by Design and by Default ……………………………….. 249

14.4 Data Controller/Data Processor relationship …………………………….. 250

14.5 Basic data protection principles …………………………………………….. 252

14.5.1 Data minimization …………………………………………………………………… 252

14.5.2 Data retention ………………………………………………………………………….. 253

14.5.3 Proportionality ………………………………………………………………………… 253

14.5.4 Data security ……………………………………………………………………………. 254

14.6 Rights of Data Subjects …………………………………………………………. 255

14.6.1 Right of access ………………………………………………………………………….. 255

14.6.2 Right to rectification ……………………………………………………………….. 255

14.6.3 Right to erasure ………………………………………………………………………… 256

14.6.4 Restrictions of Data Subjects’ rights ………………………………………. 257

14.7 International data sharing ……………………………………………………. 257

Annex: Decision-making framework for Blockchain

in humanitarian action …………………………………………………………. 258

  1. CONNECTIVITY AS AID . …………………………………………………………………….. 263

15.1 Introduction ………………………………………………………………………. 264

15.1.1 Overview of connectivity as aid interventions ………………………. 264

15.1.2 Operational context …………………………………………………………………. 265

15.1.3 Multiple stakeholders and partnerships ………………………………… 266

15.2 Data Protection Impact Assessments ………………………………………. 268

15.3 Data Controller/Data Processor relationship ……………………………. 269

15.4 Basic data protection principles …………………………………………….. 270

15.4.1 Legal bases for Personal Data Processing ……………………………….. 270

15.4.2 Data security ……………………………………………………………………………. 271

15.4.3 Data retention ………………………………………………………………………….. 272

15.4.4 Information ……………………………………………………………………………… 273

15.5 International data sharing ……………………………………………………. 273

  1. ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING ……………………… 275

16.1 Introduction ……………………………………………………………………….. 276

16.1.1 What are Artificial Intelligence and Machine Learning. ………. 276

16.1.2 How do Artificial Intelligence and Machine Learning work. …. 277

16.1.3 Artificial Intelligence in the humanitarian sector …………………. 279

16.1.4 Challenges and risks of using Artificial Intelligence …………….. 280

16.2 Data Protection Impact Assessment ……………………………………….. 281

16.3 Application of basic data protection principles …………………………. 282

16.3.1 Purpose limitation and Further Processing ……………………………. 282

16.3.2 Fair and lawful Processing ………………………………………………………. 283

16.3.2.1 Lawfulness …………………………………………………………………………………. 283

16.3.2.2 Fairness v. bias ………………………………………………………………………….. 285

16.3.2.3 Transparency …………………………………………………………………………….. 286

16.3.3 Data minimization …………………………………………………………………… 287

16.3.4 Data retention …………………………………………………………………………. 288

16.3.5 Data security …………………………………………………………………………… 289

16.4 Rights of Data Subjects ………………………………………………………… 290

16.4.1 Right to be informed ………………………………………………………………. 290

16.4.2 Right to erasure ………………………………………………………………………… 291

16.4.3 Rights in relation to automated decision-making …………………. 291

16.5 Data Controller/Data Processor relationship …………………………….. 293

16.5.1 Accountability ………………………………………………………………………….. 293

16.5.2 Liability …………………………………………………………………………………….. 293

16.6 International Data Sharing …………………………………………………… 294

16.7 Data Protection by Design and by Default ……………………………….. 294

16.8 Ethical issues and challenges ……………………………………………….. 296__