Collecting personal data: First do no harm

Making All Voices Count Research Spotlight

Image: UNAMID

Many civic tech initiatives involve ‘crowdsourcing’ information from publics — gathering and combining ‘citizen voice’ in order to monitor public services for example. The organisations that play this role — whether in government or civil society — are intermediaries that are aiming to hold public institutions to account. New research on ‘crowdsourcing intermediaries’ asks an important question: how accountable are these intermediaries to the citizens whose data they use? The researchers, Evangelia Berdou of the Institute of Development Studies in the UK and Cathy Shutt looked at twenty of these intermediaries in nine countries in Africa, Asia and Europe. They found that in half them failed to tell people enough about how their data would be used and handled. The findings of this research should be of interest to both donors and practitioners operating in civic tech, especially those that deal in governance, transparency and accountability.

Why you should care

There is an ethical obligation (and a legal one in South Africa, as well as other territories) for organisations to handle the personal information of their users responsibly. Civic tech projects are not exempt from this, despite tending to think of themselves as the “good guys”.

The gist of it

This research report examines how crowdsourcing intermediaries, manage the collection and treatment of citizen-reported data. The report works to turn the conversation around (“shift the spotlight”) from one that tends to focus on whose voice is represented, to an examination of the policies and principles within the intermediaries themselves. In the sample, only 50% of the projects had published a privacy policy at all. This, the researchers suggest, indicates a significant gap between the contemporary discourse around privacy, and how civic tech organisations are applying (or not) the principles of responsible data use and privacy.

Report summary

Crowdsourcing intermediaries collect and analyse citizen feedback using digital platforms, with a view to supporting positive change. As the writers themselves highlight in their introduction, the difference in their approach to this research was a shift in focus — from whose voice is included (representation) to how these voices — and the personal information therein — are collected and handled (privacy and gatekeeping).

From this, three key themes emerged:

1. The role of crowdsourcing intermediaries as gatekeepers of citizen-generated data
2. The accountability of crowdsourcing intermediaries to citizens who contribute data, especially in terms of data policies
3. The factors that influence the pathways of individual crowdsourcing intermediaries

This summary focuses on the privacy aspects of the research . They write:

“The analysis of website content also highlighted privacy concerns, and challenges about how transparent and accountable crowdsourcing intermediaries are to their participants on the basis of the information they make available on their websites. Only 10 out of the 20 websites studied included a privacy policy; six did not explain the sequence of actions that were triggered by submitted reports; and only two made the information they collected available in a format suitable for further analysis. These and other findings suggest that there is much to be done to ensure that those who seek accountability on behalf of others are equally accountable to them.”

What was done?

The researchers took a mixed-methods approach, combining both content analysis of website text (capturing web content in PDF form and then analysing it), with four qualitative case studies. The web content elements were then assessed within a conceptual framework incorporating reading and concepts from both the fields of media and communications, and social accountability and governance.

What happened?

The report describes how these crowdsourcing intermediaries express citizen voice, including which tools, practices and policies they have in place to manage this — with a view to assessing their transparency about privacy , and ultimately their accountability to their users.

Some of the questions the researchers raise include:

• Do they clearly explain any steps taken to ensure the anonymity of contributors?
• Do they articulate clearly the rules for moderation and publication?
• Do they explain what actions, if any, citizen contributions will trigger?

What did the researchers learn?

Only half of the projects had published their privacy guidelines or policies. Only seven out of twenty talk about how or when collected or crowdsourced information will be shared with the authorities tasked with addressing the targeted issue, but even these often fail to provide clarity on how much personal information about the users (or “reporters”) will be provided to these authorities.

Just two of the sites are transparent about the fact that they can be compelled by legal authorities (ordered by courts) to release personal data. See table below for the full analysis.

Conclusions

Among the broader conclusions of the report, the findings on privacy and data use transparency and accountability showed a “substantial gap” between the prevailing privacy discourse and the actual implementation of these privacy best practices in crowdsourcing intermediary projects. These projects tended to publish more information on teams involved in the project than clarity on data use after submission, or what actions will be triggered by a report.

One clear outcome of the research is that it is not enough to ask users to trust that a civic tech project is more ethical or responsible than a corporate or state entity. And there are significant “real world” implications or consequences to the data shared. The writers of this report give the example of those who report corruption, arguing that they have “more to lose if their identity is revealed than those who have reported the existence of a pothole in their street”.

The researchers acknowledge that sometimes the communication platform limits the ability of the intermediary to share privacy information or policies. They suggest taking steps to make this information more accessible, within the platform or via other channels.

One remedial action they suggest is prompting users to “visit a website, or listen to a recorded message that explains clearly and succinctly how their anonymity is protected”. They also recommend bringing intermediaries together to discuss these issues and to develop potential solutions, arguing that “[b]ringing actors together physically or virtually to do this could encourage the co-creation of appropriate standards”.

[Editor’s note: The Civic Tech Innovation Network is convening an event focused on this issue on 19 July 2017, in Johannesburg. For more on the event, click here.]

They continue:

“[I]n the age of big data, where information about citizens can be collected and combined from many different sources — including website cookies and social media accounts — careless data handling can render citizens vulnerable to data profiling and targeting (Solove 2004; Gandadharan 2012).”

For more details, you can access the research report here.

Project: Research report for Making All Voices Count

Publication: “Shifting the spotlight: understanding crowdsourcing intermediaries in transparency and accountability initiatives”

Authors: Evangelia Berdou, Cathy Shutt

• Link: http://www.makingallvoicescount.org/publication/shifting-spotlight-understanding-crowdsourcing-intermediaries-transparency-accountability-initiatives/
• Download (PDF, 992 KB): https://opendocs.ids.ac.uk/opendocs/bitstream/handle/123456789/12836/RReport_ShiftingSpotlight_Online.pdf