In late 2019, The GovLab and UNICEF launched Responsible Data for Children (RD4C), an initiative providing guidance, tools, and leadership to support the responsible handling of data for and about children. We shared the first outputs from the initiative in November, including an annotated collection of Selected Readings on RD4C, a report synthesizing lessons learned from field-based research and our review of the literature, and the RD4C Principles. Across the RD4C initiative, we seek to enable governments, communities, development actors, and others to put the best interests of children and a child rights approach at the center of their data activities.
In this piece, we highlight 10 key takeaways from the Selected Readings on RD4C. Our review of the literature focused on policies, technical guidance, and other relevant documentation driving activity in the space. The review was ecosystem-wide, considering not only global policies uniquely focused on children’s data, but also documentation with any relevant guidance or lessons learned. For example, the review looked at documentation on a specific topical domain (e.g. guidance on handling data about refugee children) or policies guiding more general development or humanitarian action that featured some reflection on data handling.
The ten takeaways included below reflect the key areas of focus as well as the emerging narratives that are present in today’s writings on the subject. This overview and summary is neither fully comprehensive of the many topics associated with children and data, nor should it be read as an endorsement of all the arguments and recommendations posed in the literature. For each takeaway, we link to and summarize how relevant works discuss the issue.
Takeaways from the Literature on RD4C
1. Data can be a powerful resource to protect and improve children’s lives.
UNICEF’s Data for Children Strategic Framework begins by arguing “smart demand, supply, and use of data drives better results for children.” UNICEF’s Ethical Considerations When Using Social Media for Evidence Generation makes a similar point. It finds value in social media data for amplifying humanitarian organizations’ ability to increase their situational awareness, bolster real-time monitoring capacities, and crowdsource relevant insights. The United Nations Office for the Coordination of Humanitarian Affairs (UNOCHA) Data Responsibility Guidelines state data is a critical component of humanitarian response and suggests the management of digital data relating to crisis contexts, affected people, and humanitarian response operations allows the humanitarian community to respond in a more effective and efficient manner. Other potential benefits of data for children represented in the literature include mitigating risks of children dropping out of school and enabling family reunification, among other topics. Additionally, Global Kids Online, an international research project funded by UNICEF and WePROTECT Global Alliance, created a series of method guides addressing the fact that digital media environments increasingly mediate a host of activities and experiences important to children’s cognitive, emotional, and social well-being.
2. Data about children requires an additional duty of care in comparison to data about adults, and responsible data approaches must accordingly adhere to higher standards and security measures—in part because of potential long-term and unknown consequences of data’s use.
The Technical Working Group on Data Collection on Violence Against Children studied over 80 documents on ethical issues around data and children and found that Privacy and Confidentiality represented a top concern across a variety of framework and guideline types.
A similar point is repeated in UNICEF’s Ethical Research Involving Children in Humanitarian Settings documentation. In this piece, UNICEF’s writers argue the collection and use of children’s data occurs in contexts with complex and inequitable power relations. These power asymmetries should be considered when pursuing the beneficial use of children’s data. In the same piece, the authors note children in humanitarian settings are subject to additional vulnerabilities beyond those that are ordinally occurring for children. Namely, challenges arising from structures for children’s support and development breaking down in such settings.
World Vision International’s Data Protection, Privacy, and Security for Humanitarian & Development Programs acknowledges the complexities of data protection in humanitarian contexts, but also argues it is “incumbent on this sector to strive toward the highest level of integrity, ethics, and technical ability” to ensure the responsible handling of data on children given their higher degree of vulnerability.
UNICEF’s Children and the Data Cycle: Rights and Ethics in a Big Data World posits the voices of the world’s children and those who advocate on their behalf are absent in an era of increasing dependence on data science and big data. Due to the potential for severe, long-lasting and differential impacts on children, the document argues child rights need to be integrated into the agenda on ethics and data science.
Furthermore, as described in Child Privacy in the Age of Web 2.0 and 3.0, questions and challenges still remain regarding the applicability of concepts and provisions, like GDPR’s “right to be forgotten,” to children and their data, adding additional complexity. More than just a concern for digital activities, the ongoing accumulation of data about children throughout their lifetime can create a variety of unforeseen risks and challenges.
3. Responsible data approaches for children should encompass 1) measures to determine and communicate the potential value of data for those beneficiaries; 2) actions to ensure data protection and a legal basis for data activities; and 3) efforts to ensure that the potential value outweighs identified risks.
In UNOCHA’s Building Data Responsibility into Humanitarian Action, data responsibility goes beyond the aims of data protection and privacy. It encompasses principles, policies, and tools aimed at unlocking the value of data in humanitarian contexts while mitigating risks and avoiding harms. The UN Global Pulse’s Privacy and Data Protection Principles embraces similar ideas, such as a) Purpose Compatibility and Risk and Harm Assessment; and b) Risk Mitigation, as central concerns for its responsible use of data. These principles underline the importance of understanding value as well as risks of data for humanitarian and development work.
UNICEF’s Children and the Data Cycle: Rights and Ethics in a Big Data World raises concerns on privacy and loss of control of personal data over data’s lifespan. It also highlights the problem of direct or inadvertent discrimination and profiling, scope creep, and technological dependency, and provides approaches to address ethical issues in the child data cycle. Regarding metadata, the International Committee of the Red Cross (ICRC) and Privacy’s International’s “Doing No Harm” in the Digital Era identifies robust risk assessment and mitigation strategies that humanitarian organizations must develop to ensure that their use of new technologies does not result in any harm.
The Framework for Data Sharing in Practice, from UNOCHA and Protection Information Management (PIM), highlights a Joint Benefit and Risk Assessment to systematically and collaboratively assess data sharing’s value and risks and modify actions accordingly.
4. Digital and connected identifiers can be useful for providing personalized services, but can also create additional, significant risks to children and their families.
Data-driven digital identities are seen as game-changers across contexts but especially for children and other vulnerable groups. As described in UNICEF’s State of the World’s Children 2017 report, “as more and more children go online around the world, [digital technology] is increasingly changing childhood.”
These sentiments are repeated in other documents. In its Privacy Impact Assessment of Cash Based Interventions, the United Nations High Commissioner for Refugees (UNHCR) highlights the issues of profiling and social sorting as risks in the increased generation, sharing, and use of beneficiaries’ identity information. Responsible Data’s Development Book echoes these concerns, explaining that while data in the wrong hands can put individuals at risk, even data in the “right” hands can lead to discrimination or exclusion. Categorization or documentation of individuals can have unintended consequences even when actors are not acting maliciously.
For adults, biometric identifiers are driving increasing parts of the responsible data literature. A working paper from the International Labour Office guides social protection practitioners seeking to create efficiency benefits from highly sensitive biometric identifiers while mitigating risks. The Center for Global Development, meanwhile, produced guiding documents on biometric identity information collection. These materials advocate for upfront privacy impact assessments to identify potential sensitivities related to data use. These researchers also outlined principles on inclusion, robust and responsive design, and accountable governance of identifiers and provide good-practice examples from countries at the forefront of ID management. Even in 2010, the Columbia Human Rights Law Review published a note highlighting the risks of collecting biometric data from refugees. More recently, ICRC noted that when biometric data collection is linked to services, such as those provided to refugees, consent cannot be viewed as free and fair.
UNICEF is taking a considered approach to the use of biometrics. Its report, “Faces, Fingerprints and Feet: Guidance on assessing the value of including biometric technologies in UNICEF-supported programmes,” provides decision-makers with key questions and criteria to ensure critical assessment and due diligence on benefits and risks of investments in biometrics.
5. Children and their needs and interests should be at the center of any data collection intervention.
Human-centered design is a common element of many responsible data strategies. The Engine Room, a research center, published the Handbook of the Modern Development Specialist, which focuses especially on the issue of human-centric data practices as key to responsible data use in development. With relevance for famine relief in general, not just relating to children, Oxfam’s Responsible Program Data Policy premises itself on the idea that responsible data practices at their core must safeguard people’s rights and ensure dignity throughout the data collection and use process.
The Interagency Guidelines for Case Management & Child Protection recommend users prioritize the best interests of the child. In reference to the Convention on the Rights of the Child, it makes clear that the best interests of the child should be “the basis of all decisions and actions taken.”
Responsible Data’s Development Book notes the increasing reliance on quantification in development work may be motivated by funders, governments, financial incentives, or research goals. However, it argues a critical approach to avoid the use of “data for data’s sake.”
Regarding social media, just one small part of the data ecosystem, UNICEF’s Ethical Considerations When Using Social Media for Evidence Generation states it is no longer sufficient for users of data and technologies to leave ethical reflection to subject-matter experts. Rather, child advocates who use social media data need to be brought into the conversation and to understand and reflect on the ethical implications of the use and potential outcomes of adopting these technologies and the data they generate.
6. Broadly applicable frameworks and guidelines can help to establish good practices, but recognition of regional context and norms are often key when seeking to ensure the responsibility of data approaches involving children.
UNICEF’s Data for Children Strategic Framework’s five principles include “different data are appropriate for different uses and contexts.” Similarly, a resolution on Privacy and International Humanitarian Action agreed at an international conference of data protection and privacy commissioners committed members to consider the specific needs of international humanitarian actors operating in different contexts and with different externalities at play. In other words, a one-size-fits-all approach is not realistic.
Responsible Data’s Development Book suggests a number of questions and issues to consider, but notes a project’s context determines the challenges its sponsors will face. While defining “sensitive personal data,” Privacy International’s Guide for Policy Engagement on Data Protection states there is no exhaustive list of what constitutes sensitive personal data and recommends special consideration for categories such as financial data, society security, and data relating to children. Privacy International also argues that national and local contexts should also be considered; for example, caste information is treated as highly sensitive personal data in India.
Global Kids Online’s report Addressing Diversities and Inequalities calls attention to how the conceptualizations of social actors and their locations may be rich in international contexts where there has been prior research on a variety of aspects. However, these conceptualizations, when applied in other contexts, can lead to overly broad characterizations and even stereotyping. It can imply, for instance, there is an “average 12-year-old.” Still, it is also clear certain responsible data standards and principles are non-negotiable even if certain good practices depend on the context.
7. The participation of and consultation with children and their caregivers around the collection and use of children’s data is an important component of data responsibility.
A paper in Conflict and Health, for example, highlights the need to consult with beneficiaries and data subjects. The authors make clear this engagement can be a complex undertaking that is highly dependent on context, especially in humanitarian settings. Additionally, The Signal Code from the Harvard Humanitarian Initiative echoes this argument, including “the right to data agency” as one of its five human rights associated with humanitarian information activities. Similar views are found in the Organisation for Economic Co-operation and Development’s (OECD) Privacy Guidelines, which includes individual participation in its eight Basic Principles of National Application. Global Kids Online’s method guide suggests children should be actively involved in the research process when research pertains to children’s opportunities. It also argues for deploying participatory and child-centered approaches to enable policy-makers and practitioners to design initiatives that respond to children’s needs.
Finally, USAID’s Considerations for Using Data Responsibly at USAID states its team must respect the agency of its data subjects in all humanitarian efforts. Ensuring children and their caregivers can exert meaningful agency over children’s data is, however, a significant challenge, as unforeseen data linkages and re-uses can emerge over time.
8. The consent of data subjects and their caregivers is important, but obtaining meaningful consent is a complex and, at times, impossible undertaking when dealing with children, especially in fragile humanitarian settings.
The Global Protection Cluster, European Commission, and USAID Interagency Guidelines for Case Management & Child Protection encourages actors to seek informed consent and/or informed assent, demonstrating both the importance of consent and the challenge of obtaining it in certain situations. The ICRC Handbook on Data Protection in Humanitarian Action also highlights the importance of consulting children in decisions that affect them but notes humanitarian actors must take “particular care” to ensure children understand the risks and purported benefits of the collection and use of their data, otherwise the consent they provide will not be meaningful. Indeed, a subsequent article in Humanitarian Law & Policy describes how ICRC does not operate under the belief “consent provides a legally valid basis for data processing in many emergency situations.”
Meanwhile, UNICEF’s Children and the Data Cycle: Rights and Ethics in a Big Data World explains approaches adopted to ensure the realization of the rights of adolescent should differ from those adopted for younger children. Consent policies, UNICEF argues, ought to recognize children’s development, including their increasing competencies, analytical capacities and agency. In another report, Child Privacy in the Age of Web 2.0 and 3.0, UNICEF outlines national, regional, and international consent provisions, noting the adoption of some norms aimed at protecting children’s privacy and their personal information pre-date the advent of the Internet.
9. Responsibilities around the ethical use of children’s data are ill-defined and distributed. Greater cooperation and improved partnerships could be a means for addressing these challenges.
Improved collaboration could help to address these challenges. Mapping and Comparing Responsible Data Approaches, developed by the Centre for Innovation and The GovLab, highlights the need for leadership and inter-agency coordination around data responsibility to drive good practice and improve coordination and cooperation. The Global Food Security Cluster and UN OCHA Field Guide to Data Sharing also makes clear that effectively leveraging data in humanitarian contexts is a joint effort, requiring good practices and collaboration across organizations, as well as across sectors. The Principles for Digital Development also culminate with the push for organizations leveraging technology to provide services to children to be more collaborative. Finally, a joint report prepared for UNICEF, UNHCR, and the ICRC also points to the value of data sharing in enhancing “coordination and collaboration across agencies” tasked with providing services to vulnerable children.
10 Low quality and/or unrepresentative data could negatively impact the responsible use of data. A focus on accuracy is essential if data will be used to inform decision-making affecting children.
Though not specifically focused on children’s data, the European Union (through GDPR), the International Organization for Migration, and UNHCR, respectively, all consider data accuracy as central principles for responsible data handling. In line with the Principle on Data Accuracy, UNOCHA’s Data Responsibility Guidelines include determining accuracy and integrity of data as a necessary step when collecting and receiving data. The Center for Democracy & Technology, a technology nonprofit advocacy and research center, reviewed 18 data use frameworks and recognized the Data Quality Principle, which states personal data should be relevant to the purposes for which it is used, and, to the extent necessary for those purposes, should be accurate, complete, and kept up-to-date as a consistent and foundational principle.
A lack of comparable data can also create issues. The Global Agenda for Children’s Rights in the Digital Age, for example, notes the challenges involved in using data to benefit children’s lives resulting from the lack of comparable baseline data related to policies and programs, as well as issues of transferability regarding solutions developed in the Global North and their applicability in the Global South. Global Kids Online’s Addressing Diversities and Inequalities method guide also notes research questions transferred (e.g. from the global North to the global South, or from wealthy neighborhoods to impoverished ones) without providing attention to local and international inequalities can generate contaminated knowledge.
Our Selected Readings on RD4C will continue to grow and evolve over time. Please do share any materials that you feel should be included in our reading list. With your help, we will seek to maintain a useful and current curation of important literature in the field. Please send your suggestions to [email protected].