Early stage prototyping: consent and data minimisation for those affected by humanitarian crisis
This project aims to introduce a mobile case management tool across Oxfam’s Middle East humanitarian response with local and global partners to capture, analyse and respond to feedback data to inform the response and give those affected voice for improved support and services.
Over the past couple of months, Oxfam and IF started to explore ideas about how and when to record personal data and get consent from people affected by humanitarian crisis such as conflict, famine or natural disaster. Following IF’s interviews and workshops with Oxfam staff, IF approached this by designing prototypes that look at how aid organisations might:
- Get meaningful consent from people affected by humanitarian crisis to share data about them (and if that’s even possible)
- Minimise the collection and use of information about vulnerable people
The purpose of the prototypes is not to offer definitive solutions, instead they aim to inform a conversation about how consent and data minimisation could work in these contexts. They also aim to bring to life some of the hard problems around data, privacy and design that are inherent in the context of vulnerable people.
Starting with feedback
To understand how programme services are performing, Oxfam has been developing Your Word Counts – a project which seeks to support field staff in capturing the currently undocumented feedback which is received face-to-face from the people with whom Oxfam work with in their humanitarian programmes. Field staff and/or community volunteers record feedback using a mobile survey form as part of a wider mobile case management system which works to refer feedback to Oxfam or partner technical teams at the point of collection.
The feedback is used to prioritise improvements to the programme and to allow humanitarian responses to be more accountable and responsive for services provided; ultimately improving real life outcomes for communities in crisis. Your Word Counts was used as the starting point for thinking about consent and data minimisation.
Right now, we get consent for using the data submitted to Your Word Counts with the ‘opt-in to consent’ design pattern. From IF’s work in other sectors, it’s clear that people don’t have the time to give meaningful consent and understand the risks or benefits of sharing information in every situation. It’s clear from reviewing other studies on the subject, that informed consent isn’t the same over the world.
There is often a power relationship at play when consenting to share data. People may believe that consent is a condition for accessing a service. This is especially important to consider for vulnerable people – like those affected by conflict, famine or natural disaster.
With this in mind, we wanted to explore what delegating consent to another party might look like. For example, delegating responsibility to a friend or family member, a group representative of the community or an organisation that matches their values. This could include a community committee, like a Citizen’s Jury – a small group, representative of a population, who are given the time and information to decide when and how data is shared.
This prototype raises several questions. How can you help people understand the control they are delegating? How do you make people accountable for making decisions on someone else’s behalf?
Proof of permission
Giving people proof they’ve shared information, could help them have more control over the process – for example proving that they reported a broken toilet. It’s also useful to explore if proof of permission could make organisations more transparent about the types of data they collect and their permissions to use it.
The consent receipt is a prototype to help illustrate this thinking. The receipt is a paper document, meaning it doesn’t rely on someone having access to a device or the internet.
The receipt only contains pseudo-anonymous data about the person who has given feedback, with little or no personally identifiable information. Should someone lose their receipt, it could not be tracked back to them. They can reasonably deny the receipt is about them.
There are some interesting things to explore here. How could someone change their mind after they’d consented? How can someone still exercise their rights to consent and transparency if they lose the receipt?
Sometimes information about vulnerable people is collected by staff, without them actually meaning to. For example, an aid worker taking a photograph to document access to clean water in a camp, could also capture people’s faces.
Using this example, IF looked at how the software could automatically recognise faces in a photo and blur them out. They also explored how technology could map text into data driven documents and then recognise what’s being typed. The software could then automatically strike out people’s names and standardise the other information into clear actions.
Automation like this could help aid workers minimize the amount of information they collect about vulnerable people. This could help staff protect the identities of the people they are providing vital services to.
This is increasingly important when thinking about new technologies and new rights, like the ones European Union’s General Data Protection Regulation will bring in. Oxfam believes it’s critical to empower people affected by humanitarian crisis to understand and exercise their digital rights.