This post marks the launch of a Digital Identity series here on Digital@DAI. It is a pivotal topic to many of our technical areas: from health service provision, to cash transfers, and voter registration. It is also a topic garnering increased attention with the debate over privacy and data security—and the global refugee crisis reinforcing the opinion that there is “no single factor that affects a person’s ability to share in the gains of global development as much as having an official identity.”
Over the next few months, we will look at some of the issues and opportunities around Digital ID in the development space. Today, we look at informed consent: what it means to the development sector, the difficulty of getting it, and what we can do to make sure we aren’t leaving people behind, while respecting their privacy and the security of their data.
What is Informed Consent?
Informed consent is an ethical (and in some cases, legal) mechanism ensuring that individuals voluntarily provide information with full knowledge of relevant risks (UNOCHA). In the case of digital identity, this means the individual is aware of the use of his or her digital identity and its associated data trails, informed, and able to understand the decisions made through the use of his or her data.
Why Do We Care About Informed Consent?
Of course, the principal answer relates to ethical considerations and good development practice: like with the collection of any personal data, we would ensure we have the full consent of the individual as data is theirs to give.
Informed consent is also vital for transparency and accountability: If we—as a development or humanitarian organisation—are collecting personal data, informed consent supports us in our quest to be honest with beneficiaries and confident that we are accountable to our actions. As the World Bank ID4D principles state, ensuring user literacy regarding legal identification systems can foster a culture of understanding and trust.
But there seems to be a gap in the unequivocal need for informed consent, and assertions of the difficulty of getting it in the development and humanitarian sectors. So if this is the case, what could we be doing to bridge this gap?
Educating the User: Getting to Informed
Providing digital identity recipients with education on the who, what, when, where, and why of their data collection is a great first step. But where does our responsibility end? Is it enough to provide someone with information and hope they read, listen, and understand it?
Think about your reaction when you are alerted to a new update on your iPhone, and Apple includes tens of pages of terms and conditions that are incomprehensible. Do you accept them because not doing so would take away a resource that is valuable to you? Or accept as it is too much to read? Or do you take the time to try and understand?
This gives us an idea of how our project beneficiaries might feel when presented with a load of information on data collection risks and opportunities. Often, they are at a huge disadvantage: perhaps not having a concept of what data is, let alone the nuances around why they should be cognizant of how it is shared.
Perhaps it is up to digital identity providers and project implementers to make sure the information is understood, not just provided. This would make sense, considering that only by having a full grasp of the implications on giving their data can people give truly informed consent. If you read our recent post on the missing Digital Principle, you will know we care deeply about educating the user.
Of course, providing meaningful education be a real challenge in contexts where the beneficiaries may not be digitally literate or are in a situation that makes it hard for them to say no. The United Nations Office for the Coordination of Humanitarian Affairs outlines this in its cybersecurity report. It argues that informed consent cannot be obtained in humanitarian emergencies due to both the urgency and the technology illiteracy and complexity of digital identity data. Imagine how hard it would be to give informed consent if you have no experience with technology yet are asked to understand what biometric data is and what the implications are of it being shared with different types of organizations. If that stands in the way of you getting aid, you can imagine where your priorities might lie.
Always Offer Alternatives
What “informed” truly means in practice may be different dependent on the context. There is so much to consider and getting informed consent can often seem impracticable or even impossible.
Unsurprisingly, we have no answer to the question of where our responsibility lies and how to get truly informed consent in these contexts. Informed consent in humanitarian settings is something that has a been a real challenge, but yet is a challenge that needs to be taken seriously. What we can do is make sure—wherever possible—that we offer the option of opting out, offer alternatives, and that we are confident in the safety of the beneficiaries’ data. Last summer, SimPrints outlined some privacy measures that any organization can implement, which is a great starting point for collecting and managing data.