In late 2019 and early 2020, DAI and our partner Caribou Digital worked closely with the former U.K. Department for International Development, now the Foreign, Commonwealth & Development Office) to analyse identification and registration systems in protracted and recurrent crises. For those interested in reading more about the research, the report can be found here.
In this blog—the second in the series—we will dig into data protection and the potential consequences of increasing centralisation. Through an assessment of the literature and existing practice, our research team found that implications of fragmented management information systems (MIS) can be grouped into the following thematic areas: political, protection, legal and ethical, commercial, and operational. As there are numerous risks and benefits of increased centralisation of MIS (our previous blog outlined some of the arguments), we cannot possibly provide an exhaustive list here. But in this post, we will give an overview of some of the considerations, including where care needs to be taken before proceeding; where the political economy must be assessed; and where more data needs to be collected.
HSNP Kenya Project: beneficiary registration with ID.
There is widespread recognition in the literature of the potential for politicisation of identification and registration data and political manipulation and control of databases by host governments, particularly during crises. However, this does not seem to translate into a recognition of the risks “in real life.” Whilst there is little other than anecdotal evidence of government manipulation of personal data, single or centralised datasets carry increased risks due to the significant amount of data in one place. The implications of political access to personal data include discrimination (e.g. using personal data to withhold benefits from a minority ethnic group) or personal security risks (e.g. using personal data to locate a targeted population who are under threat of personal attack).
The specific governance environment and conflict sensitivities, as well as the political economy of aid, can also define what the risks of further centralisation are. The challenges of transition from, or interoperability between, humanitarian and government management information systems must be considered in the context of the political economy: government capacity and budget, data protection policies and their enforcement, technical capacity of government, trust between citizens and government, government role in the conflict, and so on.
Protection encompasses the obligations to beneficiaries, such as protection of their data. There are numerous ways in which an individual’s data can be accessed, such as hacking by an opposition group or accidental data leak through human error. Single systems, as they are often a merger of numerous systems, tend to have the security of the least common denominator. Like centralised systems, single systems also have one point of vulnerability. Federated databases are generally lower in risk than centralised systems since they do not have a single point of attack and failure, and because they have multiple layers of security, assuming secure design and appropriate data sharing agreements and standards are followed.
Proportionality and data sharing are also key considerations in terms of protection. A large dataset, such as that of a single or centralised repository, is attractive for any actor seeking to better understand the context or needs. There is also potential for mission creep, as increasing amounts of data need to be collected to satisfy the increasing number of organisations that are party to the database. Similarly, ever-increasing interoperability may serve to increase the number of organisations with which the personal data is shared. To do this, the organisation responsible for the MIS must have the individual’s permission to share their data with each party. The implications of third-party provider’s data can also be significant: for instance, concerns have been raised over humanitarian agency partnerships with controversial organisations such as Palantir or Facebook’s digital currency Libra.
One potentially positive aspect of protection deemed possible by interoperability is that of fairness. Some claim that by reducing duplication in assistance, interoperability can facilitate fairness, accountability, and transparency in social assistance. However, there is little evidence out there on a) the significance of the problem of duplication (or “double-dipping”) and b) whether a centralised MIS would solve this problem, insofar as it exists.
Legal and Ethical
There are numerous legal and ethical concerns around the increased centralisation of management information systems. As is the case in digital governance more broadly, there is consensus that humanitarian assistance is digitising faster than the legal and ethical frameworks governing this digitisation. There may not be a sufficient legal framework in the country to govern data collection and storage, the government may not have the authority (in practice) to monitor and enforce the laws, or there may be capacity concerns. Indeed, the conversation around digital governance is a huge one, with consensus on the concerning lack of regulation and action to date. The technology industry has largely come up with nonbinding codes of ethics and standards on digitisation, most of which are not grounded in law. In the humanitarian and development sectors, there is a proliferation of guidance for ethical data collection (the one by the International Committee of the Red Cross is very comprehensive), ethics around biometric data collection (e.g. Oxfam), etc., but no clear legal framework that is internationally binding.
The main commercial benefit of increased centralisation of MIS is de-duplication (i.e. ensuring that the same beneficiary does not receive multiple benefits, either from the same programme or across programmes). As noted earlier, evidence of duplication in humanitarian assistance is few and far between, but there is a sense that where systems can speak to one another automatically, these efficiency gains may be valuable. However, initial data sharing is often done manually, leading to inefficiency and a human resource burden. The costs of these additional steps may significantly outweigh any savings from reduced duplication of assistance.
The promise of de-duplication and resulting cost savings can be attractive for the donor, making single or interoperable MIS or the use of biometrics an attractive sell for implementers. Indeed, the principal driver for increased interoperability or moves towards a single system, according to the vast majority of key informants interviewed, is that of efficiency.
Operational improvements are often cited as a key benefit of integrated or centralised MIS, following growing interest in the humanitarian and development sectors for the superior competence, efficiency, and sustainability of technologies.
Increased centralisation and therefore larger quantities of data could provide opportunities for trend identification to inform better planning and response. If data are updated regularly, and systems can capture the dynamics around vulnerability (including poverty and other lifecycle vulnerabilities), centralised systems may better serve those vulnerable to shocks.
However, the increased attention to data may lead to reduced efficiency and effectiveness in registration. Data used for comparison or analysis needs to be uniform. In a centralised MIS, this would mean more questions may need to be asked of beneficiaries to cover the needs of different organisations to be held in one MIS. This is likely to further slow down the registration process for individuals.
As noted in our previous blog, the risks and benefits of greater interoperability are not well understood. Our research demonstrated how little some actors on the ground understand data protection policies, recognise the risks of potential political interference in personal data, or have evidence to support the arguments in favour of greater interoperability. Since country level and international data protection policies, laws, and regulations are insufficient to protect the personal data of the most vulnerable, humanitarian and development actors must be even more aware of the risks posed for those most vulnerable.
Note: Though this research was funded through the U.K. Government’s Better Assistance in Crises programme, the views expressed in this blog are entirely those of the authors and do not necessarily represent the government’s views or policies.