Handbook on Data Protection in Humanitarian Action, 2nd ed. (2020)
Kuner, Christopher; Marelli, Massimo:
Handbook on Data Protection in Humanitarian Action, 2nd ed. (2020)
312 p.
ICRC International Committee of the Red Cross, Geneva,
ISBN 978-2-940396-80-1
https://shop.icrc.org/download/ebook?sku=4305.01/002-ebook
TABLE OF CONTENTS
ACKNOWLEDGEMENTS …………………………………………………………………………….. 10
FOREWORD ………………………………………………………………………………………………. 11
GLOSSARY OF DEFINED TERMS AND ABBREVIATIONS . ……………………………… 12
PART I – GENERAL CONSIDERATIONS
- .INTRODUCTION ………………………………………………………………………………….. 19
1.1 Background ………………………………………………………………………… 20
1.2 Objective …………………………………………………………………………….. 21
1.3 Structure and approach ………………………………………………………… 25
1.4 Target audience …………………………………………………………………… 25
- BASIC PRINCIPLES OF DATA PROTECTION …………………………………………… 27
2.1 Introduction ………………………………………………………………………… 28
2.2 Basic data protection concepts ………………………………………………… 31
2.3 Aggregate, Pseudonymized and Anonymized data sets ………………… 33
2.4 Applicable law and International Organizations ………………………… 34
2.5 Data Processing principles ……………………………………………………… 35
2.5.1 The principle of the fairness and lawfulness of Processing …….. 35
2.5.2 The purpose limitation principle ……………………………………………… 36
2.5.3 The principle of proportionality ……………………………………………….. 36
2.5.4 The principle of data minimization ………………………………………….. 38
2.5.5 The principle of data quality …………………………………………………….. 39
2.6 Special data Processing situations ……………………………………………. 39
2.6.1 Health purposes ………………………………………………………………………….. 39
2.6.2 Administrative activities ………………………………………………………….. 41
2.6.3 Further Processing …………………………………………………………………….. 41
2.7 Data retention …………………………………………………………………….. 43
2.8 Data security and Processing security ………………………………………. 43
2.8.1 Introduction ……………………………………………………………………………….. 43
2.8.2 Physical security ………………………………………………………………………… 45
2.8.3 IT security …………………………………………………………………………………… 46
2.8.4 Duty of discretion and staff conduct ………………………………………… 47
2.8.5 Contingency planning ……………………………………………………………….. 48
2.8.6 Destruction methods …………………………………………………………………. 48
2.8.7 Other measures ………………………………………………………………………….. 49
2.9 The principle of accountability ……………………………………………….. 49
2.10 Information ………………………………………………………………………… 50
2.10.1 Data collected from the Data Subject ………………………………………. 50
2.10.2 Information notices ……………………………………………………………………. 51
2.10.3 Data not collected from the Data Subject …………………………………. 52
2.11 Rights of Data Subjects ………………………………………………………….. 53
2.11.1 Introduction ……………………………………………………………………………….. 53
2.11.2 Access ………………………………………………………………………………………… 53
2.11.3 Correction …………………………………………………………………………………… 55
2.11.4 Right to erasure ………………………………………………………………………… 55
2.11.5 Right to object ……………………………………………………………………………. 56
2.12 Data sharing and International Data Sharing ……………………………. 57
- LEGAL BASES FOR PERSONAL DATA PROCESSING . ………………………………. 59
3.1 Introduction ………………………………………………………………………… 60
3.2 Consent ………………………………………………………………………………. 61
3.2.1 Unambiguous ……………………………………………………………………………… 62
3.2.2 Timing ………………………………………………………………………………………… 62
3.2.3 Validity ………………………………………………………………………………………… 62
3.2.4 Vulnerability ……………………………………………………………………………….. 62
3.2.5 Children ………………………………………………………………………………………. 63
3.2.6 Informed …………………………………………………………………………………….. 64
3.2.7 Documented ……………………………………………………………………………….. 65
3.2.8 Withholding/withdrawing Consent ………………………………………….. 65
3.3 Vital interest ………………………………………………………………………. 66
3.4 Important grounds of public interest ………………………………………. 67
3.5 Legitimate interest ……………………………………………………………….. 68
3.6 Performance of a contract ………………………………………………………. 70
3.7 Compliance with a legal obligation ………………………………………….. 70
- INTERNATIONAL DATA SHARING ……………………………………………………….. 73
4.1 Introduction ………………………………………………………………………… 74
4.2 Basic rules for International Data Sharing …………………………………. 76
4.3 Providing a legal basis for International Data Sharing …………………. 76
4.3.1 Introduction ……………………………………………………………………………… 76
4.3.2 Legal bases for International Data Sharing ……………………………… 77
4.4 Mitigating the risks to the individual ………………………………………. 77
4.4.1 Appropriate safeguards/Contractual clauses ……………………………. 78
4.4.2 Accountability ……………………………………………………………………………. 79
4.5 Data Controller/Data Processor relationship ……………………………… 80
4.6 The disclosure of Personal Data to authorities ……………………………. 80
- DATA PROTECTION IMPACT ASSESSMENTS (DPIAS) …………………………….. 83
5.1 Introduction ………………………………………………………………………… 84
5.2 The DPIA process …………………………………………………………………. 86
5.2.1 Is a DPIA necessary. …………………………………………………………………… 86
5.2.2 The DPIA team ……………………………………………………………………………. 86
5.2.3 Describing the Processing of Personal Data ……………………………… 87
5.2.4 Consulting stakeholders ……………………………………………………………. 87
5.2.5 Identify risks ……………………………………………………………………………… 87
5.2.6 Assess the risks ………………………………………………………………………….. 88
5.2.7 Identify solutions ………………………………………………………………………. 88
5.2.8 Propose recommendations ………………………………………………………… 88
5.2.9 Implement the agreed recommendations …………………………………. 88
5.2.10 Provide expert review and/or audit of the DPIA ………………………. 89
5.2.11 Update the DPIA if there are changes in the project ……………….. 89
PART II – SPECIFIC PROCESSING SITUATIONS AND TECHNOLOGIES
- DATA ANALYTICS AND BIG DATA …………………………………………………………. 91
6.1 Introduction ………………………………………………………………………… 92
6.2 Application of basic data protection principles …………………………… 97
6.2.1 Purpose limitation and Further Processing ……………………………… 98
6.2.2 Legal bases for Personal Data Processing ……………………………….. 100
6.2.3 Fair and lawful Processing ………………………………………………………. 102
6.2.4 Data minimization …………………………………………………………………… 103
6.2.5 Data security ……………………………………………………………………………. 104
6.3 Rights of Data Subjects …………………………………………………………. 105
6.4 Data sharing ……………………………………………………………………… 106
6.5 International Data Sharing ……………………………………………………. 106
6.6 Data Controller/Data Processor relationship …………………………….. 107
6.7 Data Protection Impact Assessments ……………………………………….. 108
- DRONES/UAVS AND REMOTE SENSING . ………………………………………………. 111
7.1 Introduction ……………………………………………………………………….. 112
7.2 Application of basic data protection principles …………………………… 115
7.2.1 Legal bases for Personal Data Processing ………………………………… 115
7.2.2 Transparency/Information ……………………………………………………….. 119
7.2.3 Purpose limitation and Further Processing …………………………….. 119
7.2.4 Data minimization …………………………………………………………………… 120
7.2.5 Data retention ………………………………………………………………………….. 120
7.2.6 Data security …………………………………………………………………………….. 121
7.3 Rights of Data Subjects …………………………………………………………. 121
7.4 Data sharing ……………………………………………………………………… 122
7.5 International Data Sharing ……………………………………………………. 123
7.6 Data Controller/Data Processor relationship …………………………….. 124
7.7 Data Protection Impact Assessments ……………………………………….. 124
- BIOMETRICS ……………………………………………………………………………………… 127
8.1 Introduction ……………………………………………………………………….. 128
8.2 Application of basic data protection principles ………………………….. 130
8.2.1 Legal bases for Personal Data Processing ………………………………… 132
8.2.2 Fair and lawful Processing ……………………………………………………….. 135
8.2.3 Purpose limitation and Further Processing …………………………….. 135
8.2.4 Data minimization ……………………………………………………………………. 137
8.2.5 Data retention …………………………………………………………………………… 137
8.2.6 Data security ……………………………………………………………………………. 138
8.3 Rights of Data Subjects …………………………………………………………. 138
8.4 Data sharing ……………………………………………………………………… 138
8.5 International Data Sharing ……………………………………………………. 139
8.6 Data Controller/Data Processor relationship …………………………….. 139
8.7 Data Protection Impact Assessments ……………………………………….. 140
- CASH TRANSFER PROGRAMMING ……………………………………………………… 143
9.1 Introduction ……………………………………………………………………….. 144
9.2 Application of basic data protection principles ………………………….. 148
9.3 Basic principles of data protection …………………………………………. 149
9.3.1 Legal bases for Personal Data Processing ……………………………….. 150
9.3.2 Purpose limitation and Further Processing …………………………….. 152
9.3.3 Data minimization ……………………………………………………………………. 153
9.3.4 Data retention ………………………………………………………………………….. 154
9.3.5 Data security …………………………………………………………………………….. 155
9.4 Rights of Data Subjects …………………………………………………………. 156
9.5 Data sharing ……………………………………………………………………… 156
9.6 International Data Sharing ……………………………………………………. 157
9.7 Data Controller/Data Processor relationship …………………………….. 157
9.8 Data Protection Impact Assessments ……………………………………….. 158
- CLOUD SERVICES . ……………………………………………………………………………… 161
10.1 Introduction ……………………………………………………………………….. 162
10.2 Responsibility and accountability in the cloud …………………………… 164
10.3 Application of basic data protection principles ………………………….. 165
10.3.1 Legal bases for Personal Data Processing ……………………………….. 165
10.3.2 Fair and lawful Processing ………………………………………………………. 167
10.3.3 Purpose limitation and Further Processing ……………………………. 167
10.3.4 Transparency ……………………………………………………………………………. 168
10.3.5 Data retention ………………………………………………………………………….. 168
10.4 Data security ……………………………………………………………………… 169
10.4.1 Data in transit protection …………………………………………………………. 173
10.4.2 Asset Protection …………………………………………………………………………. 173
10.4.2.1 Physical location …………………………………………………………………………. 173
10.4.2.2 Data centre security …………………………………………………………………… 174
10.4.2.3 Data at rest security …………………………………………………………………… 174
10.4.2.4 Data sanitization ………………………………………………………………………. 174
10.4.2.5 Equipment disposal …………………………………………………………………… 174
10.4.2.6 Availability …………………………………………………………………………………. 174
10.4.3 Separation between users …………………………………………………………. 175
10.4.4 Governance ………………………………………………………………………………… 175
10.4.5 Operational security ………………………………………………………………….. 175
10.4.6 Personnel …………………………………………………………………………………… 176
10.4.7 Development ……………………………………………………………………………… 176
10.4.8 Supply chain ……………………………………………………………………………… 176
10.4.9 User management …………………………………………………………………….. 176
10.4.10 Identity and authentication ……………………………………………………… 177
10.4.11 External interfaces ……………………………………………………………………. 177
10.4.12 Service administration …………………………………………………………….. 177
10.4.13 Audits …………………………………………………………………………………………. 177
10.4.14 Service usage …………………………………………………………………………….. 177
10.5 Rights of Data Subjects …………………………………………………………. 178
10.6 International Data Sharing ……………………………………………………. 178
10.7 Data Controller/Data Processor relationship …………………………….. 178
10.8 Data Protection Impact Assessments ……………………………………….. 179
10.9 Privileges and immunities and the cloud ………………………………….. 179
10.9.1 Legal measures ………………………………………………………………………… 180
10.9.2 Organizational measures ………………………………………………………… 180
10.9.3 Technical measures ………………………………………………………………….. 181
- MOBILE MESSAGING APPS . ……………………………………………………………….. 183
11.1 Introduction ……………………………………………………………………….. 184
11.1.1 Mobile messaging apps in Humanitarian Action …………………… 186
11.2 Application of basic data protection principles ………………………….. 187
11.2.1 Processing of Personal Data through mobile messaging apps .. 187
11.2.1.1 Potential threats ………………………………………………………………………… 188
11.2.2 What kind of data do messaging apps collect or store. ………….. 189
11.2.3 How could other parties access data shared
on messaging apps. …………………………………………………………………. 192
11.2.4 Messaging app features related to privacy and security ………… 194
11.2.4.1 Anonymity permitted/no requirement
for authenticated identity ………………………………………………………… 194
11.2.4.2 No retention of message content ……………………………………………… 195
11.2.4.3 End-to-end encryption …………………………………………………………….. 195
11.2.4.4 User ownership of data ……………………………………………………………… 195
11.2.4.5 No or minimal retention of metadata ………………………………………. 195
11.2.4.6 Messaging-app code is open source …………………………………………. 196
11.2.4.7 Company vets disclosure requests from law enforcement ………. 196
11.2.4.8 Limited Personal Data sharing with Third Parties …………………… 196
11.2.4.9 Restricting access through the device’s operating system,
software or specific security patches ………………………………………. 197
11.2.5 Processing of Personal Data collected through mobile
messaging apps ………………………………………………………………………… 197
11.3 Legal bases for Personal Data Processing ………………………………… 198
11.4 Data retention ……………………………………………………………………. 198
11.5 Data Subject Rights to rectification and deletion ……………………….. 199
11.6 Data Minimization ………………………………………………………………. 199
11.7 Purpose limitation and Further Processing ……………………………… 200
11.8 Managing, analysing and verifying data ………………………………….. 201
11.9 Data protection by design …………………………………………………….. 202
11.10 International Data Sharing …………………………………………………… 202
- DIGITAL IDENTITY ………………………………………………………………………….. 205
12.1 Introduction ………………………………………………………………………. 206
12.1.1 Authentication, identification and verification:
Who are you and how can you prove it. …………………………………… 208
12.1.2 Digital Identity …………………………………………………………………………. 209
12.1.3 System design and governance ……………………………………………….. 210
12.1.4 Digital Identity in the humanitarian sector:
Possible scenarios ……………………………………………………………………… 211
12.1.5 Digital Identity as foundational identity …………………………………. 212
12.2 Data Protection Impact Assessments ……………………………………….. 214
12.3 Data Protection by Design and by Default ………………………………… 214
12.4 Data Controller/Data Processor relationship …………………………….. 215
12.5 Rights of Data Subjects …………………………………………………………. 216
12.5.1 Right of access ………………………………………………………………………….. 217
12.5.2 Rights to rectification and erasure ………………………………………….. 218
12.6 Application of basic data protection principles ………………………….. 218
12.6.1 Legal bases for Personal Data Processing ……………………………….. 218
12.6.2 Purpose limitation and Further Processing ……………………………. 219
12.6.3 Proportionality ………………………………………………………………………… 219
12.6.4 Data minimization …………………………………………………………………… 220
12.6.5 Data security ……………………………………………………………………………. 220
12.6.6 Data retention ………………………………………………………………………….. 221
12.7 International data sharing ……………………………………………………. 221
- SOCIAL MEDIA . …………………………………………………………………………………. 223
13.1 Introduction ………………………………………………………………………. 224
13.1.1 Social media in the humanitarian sector ……………………………….. 224
13.1.2 Social media and data …………………………………………………………….. 226
13.1.2.1 What data are generated on social media and how. ………………. 226
13.1.2.2 What data can be shared with third parties. …………………………… 228
13.1.2.3 What data can law enforcement and government
authorities obtain. ……………………………………………………………………. 229
13.2 Data Protection Impact Assessments ……………………………………….. 230
13.3 Ethical issues and other challenges …………………………………………. 232
13.4 Data Controller/Data Processor relationship …………………………….. 233
13.5 Basic data protection principles …………………………………………….. 234
13.5.1 Legal bases for Personal Data Processing ……………………………….. 234
13.5.2 Information ……………………………………………………………………………… 235
13.5.3 Data retention ………………………………………………………………………….. 236
13.5.4 Data security ……………………………………………………………………………. 237
13.6 International data sharing ……………………………………………………. 237
- BLOCKCHAIN ……………………………………………………………………………………. 239
14.1 Introduction ………………………………………………………………………. 240
14.1.1 What is Blockchain. ………………………………………………………………… 240
14.1.2 Types of Blockchain ………………………………………………………………… 242
14.1.3 Blockchain in practice …………………………………………………………….. 244
14.1.4 Humanitarian use cases …………………………………………………………. 246
14.2 Data Protection Impact Assessments ………………………………………. 248
14.3 Data Protection by Design and by Default ……………………………….. 249
14.4 Data Controller/Data Processor relationship …………………………….. 250
14.5 Basic data protection principles …………………………………………….. 252
14.5.1 Data minimization …………………………………………………………………… 252
14.5.2 Data retention ………………………………………………………………………….. 253
14.5.3 Proportionality ………………………………………………………………………… 253
14.5.4 Data security ……………………………………………………………………………. 254
14.6 Rights of Data Subjects …………………………………………………………. 255
14.6.1 Right of access ………………………………………………………………………….. 255
14.6.2 Right to rectification ……………………………………………………………….. 255
14.6.3 Right to erasure ………………………………………………………………………… 256
14.6.4 Restrictions of Data Subjects’ rights ………………………………………. 257
14.7 International data sharing ……………………………………………………. 257
Annex: Decision-making framework for Blockchain
in humanitarian action …………………………………………………………. 258
- CONNECTIVITY AS AID . …………………………………………………………………….. 263
15.1 Introduction ………………………………………………………………………. 264
15.1.1 Overview of connectivity as aid interventions ………………………. 264
15.1.2 Operational context …………………………………………………………………. 265
15.1.3 Multiple stakeholders and partnerships ………………………………… 266
15.2 Data Protection Impact Assessments ………………………………………. 268
15.3 Data Controller/Data Processor relationship ……………………………. 269
15.4 Basic data protection principles …………………………………………….. 270
15.4.1 Legal bases for Personal Data Processing ……………………………….. 270
15.4.2 Data security ……………………………………………………………………………. 271
15.4.3 Data retention ………………………………………………………………………….. 272
15.4.4 Information ……………………………………………………………………………… 273
15.5 International data sharing ……………………………………………………. 273
- ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING ……………………… 275
16.1 Introduction ……………………………………………………………………….. 276
16.1.1 What are Artificial Intelligence and Machine Learning. ………. 276
16.1.2 How do Artificial Intelligence and Machine Learning work. …. 277
16.1.3 Artificial Intelligence in the humanitarian sector …………………. 279
16.1.4 Challenges and risks of using Artificial Intelligence …………….. 280
16.2 Data Protection Impact Assessment ……………………………………….. 281
16.3 Application of basic data protection principles …………………………. 282
16.3.1 Purpose limitation and Further Processing ……………………………. 282
16.3.2 Fair and lawful Processing ………………………………………………………. 283
16.3.2.1 Lawfulness …………………………………………………………………………………. 283
16.3.2.2 Fairness v. bias ………………………………………………………………………….. 285
16.3.2.3 Transparency …………………………………………………………………………….. 286
16.3.3 Data minimization …………………………………………………………………… 287
16.3.4 Data retention …………………………………………………………………………. 288
16.3.5 Data security …………………………………………………………………………… 289
16.4 Rights of Data Subjects ………………………………………………………… 290
16.4.1 Right to be informed ………………………………………………………………. 290
16.4.2 Right to erasure ………………………………………………………………………… 291
16.4.3 Rights in relation to automated decision-making …………………. 291
16.5 Data Controller/Data Processor relationship …………………………….. 293
16.5.1 Accountability ………………………………………………………………………….. 293
16.5.2 Liability …………………………………………………………………………………….. 293
16.6 International Data Sharing …………………………………………………… 294
16.7 Data Protection by Design and by Default ……………………………….. 294
16.8 Ethical issues and challenges ……………………………………………….. 296__