Many data sharing initiatives for social good involve sharing potentially sensitive data. This includes information about people known as “personal data”—such as their age, gender, behaviors, or location—and requires a higher standard of protection*. Public understanding of personal data protection has evolved beyond simple aggregation and anonymization to include technical solutions that seek to protect people from being identified or targeted through access to data about them. (See more information about this topic in Proteins.)
Data protection regulations around the world seek to mitigate the risks associated with collection and use of personal data. These typically set out to govern three areas: legal rules regarding use and sharing of personal data, rights of the people whose data is being shared or used, and the penalties for unlawful use and misuse.
In the absence of such regulations or when existing rules are unclear, partnerships seeking to share personal data can develop policies that protect people from harm. For example, the Implementation Network for Sharing Population Information from Research Entities (INSPIRE) is a network of Health and Demographic Surveillance Sites in East Africa which uses longitudinal population studies to come up with data-driven insights into health-related questions. Since the health data collected by its members qualifies as personal data, INSPIRE’s internal policies require that all data be anonymized before sharing it with the network.
*Put simply, personal data can be defined as specific information about ‘an identifiable person’, such as name or location. Source: Assessing risks when sharing data - a guide #OPEN
Sharing sensitive data with international organizations for public good
Initiatives under international organizations are governed by the charter of their parent organization which provides the regulations around data protection. The Humanitarian Data Exchange (HDX) is a platform for sharing humanitarian data administered by the UN Office for the Coordination of Humanitarian Affairs (UNOCHA)’s Centre for Humanitarian Data. Such data can contain a lot of sensitive information, such as lists of health workers in conflict zones. Given the UN’s privileges and immunities, the Centre for Humanitarian Data is not subject to national or regional data protection legislation. The primary regulatory frameworks governing the HDX are relevant UN data protection regulations such as the UN Principles on Personal Data Protection and Privacy and the Inter-Agency Standing Committee Operational Guidance on Data Responsibility in Humanitarian Action. In compliance, HDX has developed policies to protect sensitive information and procedures for identifying sensitive data on the platform.