Responsible Data for Children

RD4C Brief

The Importance of Principles Data responsibility is growing ever more complex. There is no standard operating procedure or one-size-fits-all approach that can guarantee responsible and effective data handling. Institutions and researchers have released an array of data responsibility tools and platforms, but the utility of these tools depends on the context in which they are deployed.  Given the contextual nature of data responsibility, many institutions look to principles as a “north star” toward which to organize their efforts. Responsible data principles can provide practitioners with guidance and support without being overly prescriptive. Principles provide a framework of good practices while giving practitioners the space to adapt and refine their activities based on the unique situation in which they operate.   The IASC Principles  On February 3, 2021, the Inter-Agency Standing Committee — the preeminent humanitarian forum in the United Nations system — released its Guidance on Data Responsibility in Humanitarian Action. The Guidance includes the Principles for Data Responsibility in Humanitarian Action as well as recommended practices that can help humanitarian actors meet them. Below, we include the Principles with condensed descriptions from the original IASC guidance. IASC Principles for Data Responsibility in Humanitarian Action Accountability: “...[H]umanitarian organizations have an obligation to account and accept responsibility for their data management activities.” Confidentiality: “Humanitarian organizations should implement appropriate organizational safeguards and procedures to keep sensitive data confidential at all times.”  Coordination and Collaboration: “Coordinated and collaborative data management entails the meaningful inclusion of humanitarian partners, national and local authorities, people affected by crisis, and other stakeholders in data management activities…” Data Security: “Humanitarian organizations should implement appropriate organizational and technical safeguards, procedures and systems to prevent, mitigate, report and respond to security breaches.” Defined Purpose, Necessity and Proportionality: “Humanitarian data management and its related activities should have a clearly defined purpose…[T]he management of data in humanitarian response should be relevant, limited and proportionate – in terms of required investment as well as identified risk – to the specified purpose(s).” Fairness and Legitimacy: “Humanitarian organizations should manage data in a fair and legitimate manner, in accordance with their mandates, the context of the response, governing instruments, and global norms and standards, including the Humanitarian Principles. Legitimate grounds for data management include, for example: the best interests of people affected by crisis, consistent with the organization’s mandate; public interest in furtherance of the organization’s mandate; the vital interests of communities and individuals not able to make a determination about data management themselves…” Human Rights-Based Approach: “Data management should be designed and implemented in ways that respect, protect and promote the fulfilment of human rights, including the fundamental freedoms and principles of equality and non-discrimination as defined in human rights frameworks, as well as the more specific right to privacy and other data-related rights, and data-specific rights promulgated in applicable data protection legislation and other applicable regulation.” People-Centered and Inclusive: “Affected populations should be afforded an opportunity to be included, represented, and empowered to exercise agency throughout data management whenever the operational context permits.” Personal Data Protection: “Humanitarian organizations have an obligation to adhere to (i) applicable national and regional data protection laws, or (ii) if they enjoy privileges and immunities such that national and regional laws do not apply to them, to their own data protection policies.” Quality: “Data quality should be maintained such that users and key stakeholders are able to trust operational data management and its resulting products. Data quality entails that data is relevant, accurate, timely, complete, up-to-date and interpretable…” Retention and Destruction: “Sensitive data should only be retained for as long as it is necessary to the specified purpose for which it is being managed or as required by applicable law or donor audit regulations. When its retention is required, safe and secure storage should be ensured to safeguard sensitive data from being misused or irresponsibly exposed.” Transparency: “Data management in humanitarian response should be carried out in ways that offer meaningful transparency toward stakeholders, notably affected populations.” The RD4C Principles  In 2019, The GovLab and UNICEF established the Responsible Data for Children Initiative (RD4C). RD4C seeks to highlight and support best practice in the handling of data for and about children work; develop practical tools to assist practitioners in evaluating and addressing risks and challenge; and encourage a broader discussion on actionable principles, insights, and approaches for responsible data management to improve children’s lives  The GovLab and UNICEF developed the RD4C Principles to support organizations in stewarding data collected, stored and prepared, shared, analyzed, and used to save children’s lives, defend their rights, and help them fulfill their potential from early childhood through adolescence. Rather than duplicate or contradict, the IASC Data Responsibility Principles and RD4C Principles fulfill different functions. Whereas the IASC Data Responsibility Principles address responsible handling of data about all demographies in humanitarian settings, RD4C focuses specifically on how organizations can address children's data. Indeed, the RD4C Principles provide practitioners with a roadmap for implementing and embodying the IASC Data Responsibility Principles in their work with children’s data.  Below, we outline the RD4C Principles (or the 7 Ps) and reflect on how the implementation of each RD4C Principle can help practitioners adhere to the IASC Data Responsibility Principles in their engagements with children and their data. Comparative Assessment RD4C Principles Related IASC Principle(s) Implementation  Purpose-Driven: Identifying and specifying why the data is needed and how the intended or potential benefits relate to improving children’s lives. Defined Purpose, Necessity and Proportionality  Both the RD4C and IASC Principles emphasize that responsible data practices begin by being purpose-driven. A clearly defined purpose can help practitioners avoid misuses of data and organize their efforts around achieving a well-established goal or objective.  Practitioners will also be better positioned to align their downstream data practices with responsible data principles — such as Proportionality — if they are working toward a well-established purpose that can benefit children’s lives.  Participatory: Engaging and informing individuals and groups affected by the use of data for and about children. Coordination and Collaboration Transparency A Participatory approach involves collaboration and transparency, both of which are represented in the IASC Principles.  First, practitioners should seek input from and collaboration with relevant stakeholders in the design and implementation of a data initiative. These stakeholders can include children, their caregivers, and the communities in which they live as well as partners, donors and other key actors.  Second, a Participatory approach necessitates a level of transparency and effective communication to ensure that the intended beneficiaries of a data initiative and other relevant parties are kept abreast of new developments.  Professionally Accountable: Operationalizing responsible data practices and principles by establishing institutional processes, roles, and responsibilities. Accountability Confidentiality Fairness and Legitimacy Data responsibility rests upon individual and organizational accountability. Professional Accountability entails establishing and adhering to policies and procedures that place personnel in the best position to handle data fairly and legitimately, guard against inappropriate or harmful activities, and ensure that children’s data under their charge remains secure.  People-Centric: Ensuring the needs and expectations of children, their caregivers, and their communities are prioritized by actors handling data for and about them. People-Centered and Inclusive  Data can play an important role in driving effective decision-making, improving service delivery, and increasing efficiency, among other benefits. Given these facts, practitioners handling data for and about children should ensure that the needs, interests, and expectations of people—including children and their caregivers in particular—are prioritized. When making decisions regarding data handling activities, practitioners should center practices that demonstrably serve children’s interests — in an inclusive manner that takes into account vulnerable or marginalized communities — over more process-oriented benefits that could be created through data, such as efficiency gains. Prevention of Harms Across the Data Life Cycle: Establishing end-to-end data responsibility by assessing risks during the collecting, storing, preparing, sharing, analyzing, and using stages of the data life cycle. Data Security Personal Data Protection Quality Risks of both misuse and missed use of data for and about children can emerge at different stages of the data life cycle. Issues related to data security, such as breaches, unauthorized access, and other intentional or incidental misuses of data can occur at each stage of the data life cycle and require targeted strategies for mitigation. At each stage, practitioners also face challenges in preventing harms that could arise from both personal data about children as well as group, aggregated, or statistical data about children. Practitioners should also recognize data quality as a key element impacting end-to-end data responsibility. An adequate level of data quality can help practitioners to prevent harms and capitalize on opportunities to improve children’s lives with data. Poor data quality can create significant, compounding risks and negatively impact decision-making across the data lifecycle.  Proportional: Aligning the breadth of data collection and duration of data retention with the intended purpose. Retention and Destruction The collection and retention of children’s data should be relevant, limited, and adequate to what is necessary for achieving intended purposes. As indicated by the IASC Principle of Defined Purpose, Necessity and Proportionality, the issue of proportionality is closely related to and defined by the core purpose of data activities involving children. While important for all data subjects, proportional data handling and appropriate decision-making regarding the retention and destruction of data is paramount for children. Disproportionate initial data collection or longer-term retention can exacerbate children’s actual or potential vulnerabilities and pose risks to their future prospects.  Protective of Children’s Rights: Recognizing the distinct rights and requirements for helping children develop to their full potential. Human Rights-Based Approach The Universal Declaration of Human Rights states that children are “entitled to special care and assistance,” and the Convention on the Rights of the Child outlines additional rights and entitlements that are unique to childhood. Data practices involving children must take into account these additional rights, as well the unique risks that irresponsible data practices can pose to children.  The RD4C Principles and the IASC Principles on Data Responsibility in Humanitarian Action provide development and humanitarian practitioners with a set of complementary, mutually reinforcing frameworks to guide safe and effective data handling. Watch this space for additional reflections and guidance on applying these and other responsible data principles and practices that can minimize instances of both misuse and missed use of data for and about children.     [Photo Credit: UNICEF/UN0277463/Bindra]

Related Initiatives

Child protection, as defined by UNICEF, is the prevention of, and response to, exploitation, abuse, neglect, harmful practices and violence against children. To support their mission for a world free of harm against children, UNICEF recently published the second edition of its Child Protection Strategy 2021 – 2030 (CPS), setting the agency’s approach to child protection for  the new decade.  In this edition of the CPS, UNICEF continues  tackling global issues ranging from conflict and migration to poverty and inequality. It pays special attention to emerging challenges such as climate change, political polarization, and the COVID-19 pandemic. The CPS also discusses the Fourth Industrial Revolution, associated data-related challenges, and approaches that can improve child protection and advance responsible data for children. By including these measures in their long term strategy, UNICEF reinforces its commitment to responsible data practices. The CPS begins this discussion by reviewing new challenges to children’s welfare posed by recent technological developments like biometric technology, artificial intelligence and digital connectivity. These challenges include increased surveillance, data misuse, online abuse and bullying. The CPS suggests some ways to mitigate these problems through innovative information management systems, inter-agency tools and rights- and results-based accountability systems.  Beyond deploying technological resources to improve the quality of data, the CPS programme also aims to strengthen community engagement with caregivers, children and adolescents, reflecting the Participatory RD4C Principle to strengthen data collection efforts. Engaging with such important groups can empower those using the CPS to identify metrics of concern and effectively acquire and process data to make stronger inferences, especially as they pertain to the conditions of disadvantaged groups in society.  In addition to providing innovative technologies and community engagement strategies, the CPS programme also seeks to strengthen the RD4C Principles of Professionally Accountable and the Prevention of Harms across the Data Life Cycle through the use of audits and progress reviews. This move helps improve data governance and build more robust accountability systems. The CPS’s work is governed by a set of technical guidelines, which outline how to evaluate and effectively use different types of data in the context of children’s issues, as well as how to responsibly finance data and research work.   By including measures to counteract the negative impacts on children of the Fourth Industrial Revolution and the increased handling of potentially sensitive data for and about children, UNICEF’s Child Protection Strategy institutionalizes responsible data practices when it comes to the welfare and safety of children. Given the CPS often informs different countries’ child protection laws, the hope is that the addition of responsible data practices to the CPS will motivate countries around the world to follow in suit and adopt similar policies and practices in the future to advance responsible data for children around the world.   Read the UNICEF Child Protection Strategy here.

UNICEF Innocenti Film Festival

From October 21–24, 2021, UNICEF Innocenti will host the second UNICEF Innocenti Film Festival (UIFF) to showcase “narratives of childhood from around the world.” UIFF will feature films that “promote deep reflection on the experiences that shape childhood —  within the individual, in the family, the community, in institutions and societies, of both the Global South and North.” The final program will be released soon.  The hybrid film festival will feature live socially distanced screenings in Florence, Italy at the Cinema La Compagnia, as well as on-demand virtual screenings. The films will be complemented by public dialogues with filmmakers, UNICEF personnel, and others. UIFF 2021 follows the inaugural 2019 edition, which featured over 30 films presented by filmmakers across the world. The 2019 selections included short and feature length documentaries and dramas, as well as animated films.  One of the 2019 selections, Mohamed Kenawi’s MINOR’S HOPE, puts a human face on many of the issues explored in the RD4C initiative. Kenawi’s documentary short follows three teenage asylum seekers after their arrival in Rome. The boys seek out work and a sense of belonging in their new home and rely on the support of a supervisor at their reception center. The film clearly demonstrates how the boys’ integration into their new home relies on the safe and effective collection, handling, and use of potentially sensitive information. The boys would struggle to forge a new life in Italy absent this information; faulty handling of this information could create risks to the boys’ safety or status in the country.  A recent UNICEF Child Protection Learning Brief also explores important lessons learned for supporting children on the move.  You can watch MINOR’S HOPE below.

Related Initiatives

Use and reuse of children’s data can bring opportunities and better and more targeted services, but can also create challenges and potentially serious harm if these data are mishandled and misused. Maximising the benefits gleaned from data and preventing the misuse of data requires laws, policies, frameworks and agreements that set clear benchmarks for use of children’s data as well as responsible actions from companies and organisations processing children’s data.   UNICEF has recently undertaken two major initiatives to address these requirements.  The Responsible Data for Children Initiative (RD4C), carried out in collaboration with the GovLab, supports best practice in data responsibility; identifies challenges and develops practical tools to assist practitioners in evaluating and addressing them; and encourages a broader discussion on actionable principles, insights, and approaches for responsible data management.   UNICEF’s Office for Global Insight and Policy project on Good Governance of Children’s Data focuses primarily on legal and policy frameworks related to data, and corporate data policies. We recently took a closer look into what it would take to ensure that robust laws and policies are in place to protect children’s data, resulting in a Manifesto, or a call for action to international and national bodies to prioritise children’s issues in data governance frameworks. Both the RD4Cand the Good Governance projects place children’s rights in the centre: one of the seven principles of the RD4C project asks for a recognition of children’s distinctive rights in handling of children’s data in practice; the Manifesto calls for centrality of children’s rights in international frameworks, national and corporate policies.   In our work, we drew on a series of discussion papers on different aspects of children’s data governance authored by a working group of 17 experts, including the GovLab’s Andrew Young, who authored a paper on Responsible group data for children.  Other issues these papers unpack relate to child data governance gaps highlighted by Covid-19; the surveillance of children by governments to support national security and public order priorities; data-driven marketing to children by global brands on digital platforms and services popular with young people; the responsibility of technology companies to incorporate safety into the design of their products likely to be used by children; children’s data processing in an education context used to teach them, surveil them and make predictions about their abilities; and a fiduciary approach to children’s data governance.    The Manifesto proposes ten action points to improve global data governance for children, grouped around three critical areas. The first set of action points (1-3) calls for the strengthening of norms, standards and principles; the second set of action points (4-7) refers to requirements to put these frameworks, laws and policies into practice; and the third set of action points (8-10) describes some of the enablers of good data governance for children: PROTECT children and their rights through child-centred data governance. PRIORITIZE children's best interests in all decisions about children's data. CONSIDER children’s unique identities, evolving capacities and circumstances in data governance frameworks.   SHIFT responsibility for data protection from children to companies and governments.   COLLABORATE with children and their communities in policy building and management of their data.   REPRESENT children’s interests within administrative and judicial processes, as well as redress mechanisms.   PROVIDE adequate resources to implement child-inclusive data governance frameworks.   USE policy innovation in data governance to solve complex problems and accelerate results for children.   BRIDGE knowledge gaps in the realm of data governance for children.   STRENGTHEN international collaboration for children’s data governance and promote knowledge and policy transfer among countries.   You can read the manifesto in full here, as well as the background papers that informed its development here. UNICEF convened a webinar about the manifesto which you can watch here.   For further information or to discuss implementation of the manifesto at a national level please contact Jasmina Byrne, Chief of Policy at UNICEF OGIP at [email protected] and Emma Day at [email protected]