PLJ Diaries: Discussing Data Privacy in The Hague
by Derval Usher
Last week I had the pleasure of attending the very first Annual Meeting of UN Global Pulse Privacy Advisory Group. The meetings took place in the fantastically appropriate setting of the International City of Peace and Justice in The Hague, Netherlands, hosted by Leiden University. This was the first time the Privacy Advisory Group, which is a group of 24 privacy experts from a vast array of backgrounds and geographies met face to face with the objective of helping catalyze the ecosystem around big data for development and humanitarian action.
The two days of discussions and plenary sessions were at first a little daunting for the non-legal experts present as data privacy and protection are highly technical. However, it quickly transpired that regulatory frameworks across the globe are trailing the advances in technology and undoubtedly there was much to discuss. Questions were posed about the risks associated with the use of big data, and how to evaluate the benefits of using data in certain scenarios in proportion to those risks?
During one of the working sessions of the Group, all participants were presented with case studies of current Global Pulse projects and asked to fill out a Big Data Privacy Impact Assessment (PIA) taking into consideration examples of using public social media, radio content and aggregated mobile data for development and humanitarian causes. The PIA can be used to assess risks, understand utility, legitimate aim and proportionate use of big data when evaluating a potential project in the global development or humanitarian context. It raises not only legal and privacy related concerns but it also integrates considerations from technical, engineering and policy perspectives. As part of the review of the draft PIA, participants also explored questions that relate to the use of de-identified and aggregated data for a specific purpose, considering potential violations of human rights or other misuses of data along with the risks of not using data in a particular context. Points with regard to remedy mechanisms have also come up. The PIA will be revised with all the feedback and comments gathered from the participants and the final version of the PIA will be shared widely with UN agencies, research and public sector.
My colleague and I were delighted to participate on behalf of Pulse Lab Jakarta, and we were even more pleased to have been joined by five guests from Indonesia including two representatives from government (Bappenas), two representatives from the Indonesian telecommunications regulator (BRTI) and an expert from academia (UNPAD) who is assisting the drafting of Indonesia’s new data privacy law. They attended the meeting as observers, and were able to contribute very practical expertise and perspectives.
We look forward to taking what we learned from this meeting and applying it to the Indonesia context. To continue the dialogue, Pulse Lab Jakarta will be hosting our own data privacy seminar in Indonesia.
Overall what I took from these meetings is that data privacy and data protection is an important matter that requires further investivation, particularly when it comes to the uses of big data in humanitarian and development contexts. Certainly, more guidance and practical solutions are needed. I am very proud that our organization considers data privacy a priority area, and ensures that data is handled in a responsible and lawful manner. Big congratulations to our colleagues in New York for organizing this really important meeting. Where are we meeting next?