[Read more session reports and live updates from the 12th Internet Governance Forum]
The session was opened by the moderator, Mr Jacobo Quintanilla, Community Engagement Adviser International Committee of Records (IRC), who briefly introduced the key issues of the session: first, consent and the lawfulness of processing data; second, lawfulness of processing data for the use of biometrics; and third, handling sensitive data, and ethics.
Mr Massimo Marelli, Head of Data Protection Office, ICRC, then emphasised the work of the ICRC with the Brussels Privacy Hub and various stakeholders, that resulted in a Handbook giving guidance about using certain technologies in humanitarian work. This mulitstakeholder approach with different communities and actors is, in his opinion, key to the success of the work. He also pointed out that data protection is the tool that is used to safeguard the principle of ‘no harm’ in the digital world.
Moving to the first topic, that of consent, Mr Marelli highlighted that consent should be the free expression of the will of an individual, who is well aware of all the consequences. However in this regard he questioned whether consent is really in accordance with these standards when we are talking about new technologies where we are not fully aware of how they function. Or, for example, how can we say that we give free consent if that consent is a precondition of receiving food?
After this brief overview of consent issues, Ms Alessandra Pierucci, Chair, Consultative Committee of Convention 108, said that traditionally consent is one of the pillars of data protection, and as such it is mentioned in the European charter of fundamental rights. The point is that consent really has to reflect the will of the individual and cannot be just a bureaucratic matter, or something collected for practical reasons. Also, consent as a legal basis can be used only where appropriate, so we should avoid situations where there may be an imbalance of powers.
Ms Alexandrine Pirlot De Corbion, Advocacy Officer, Privacy International, continued the discussion by speaking about alternatives to consent. She said that there are other legal bases for using personal data in humanitarian actions, such as protecting vital interests (eg: security of people) or when processing is based on the grounds of public interest. Finally, she emphasised the importance of data protection impact assessment for data controllers in humanitarian actions.
Ms Marie-Charlotte Roques-Bonnet, Director of Privacy EMEA, Microsoft, mentioned the topic of consent in relation to big data, and highlighted the importance of paying attention to having informed consent where all risks have been considered.
Moving to the second topic and the use of biometric data in humanitarian actions, Ms Pirlot De Corbion mentioned the problems that biometric data brings in terms of personal data, and how it can be used for surveillance purposes, as well as raising ethical concerns. Moreover, there are questions of safeguards for these data, and control over them. She pointed out that in the end biometric data should be part of the protocols of sensitive data, which can only be used based on very strong consent.
Mr Bryan Ford, Associate Professor, EPFL, reflected on major privacy challenges that humanitarian organisations are facing. In the first place he emphasised the security challenges faced by EPFL when using convenient tools in their communications. Furthermore there are the issues of the management of the data itself, and storage of the data.
Coming to the question of ethics, Mr Marelli stressed that it is important to note that we cannot test and fail with personal data, because here we are dealing with living individuals, not applications. For this reason privacy impact assessment is crucial. Ms Pierucci followed this by speaking about the importance of transparency and the role of human intervention.
Finally, Mr Ford ended the session with the strong message that we must not underestimate the power of humanitarian organisations in influencing the type of products which the private sector will build, and that we must push the private sector to ensure more transparency.
By Adriana Minović