Protecting individuals’ Personal Data is an integral part of protecting people’s life, integrity and dignity, and especially so during humanitarian crises. The circumstances in which humanitarian organizations operate during humanitarian crisis response create special security and safety challenges and as such, Personal Data protection is of fundamental importance for Humanitarian Organizations working in these settings. Indeed, in settings of conflict, data processes carry risks to the beneficiaries of whom information is collected, as well as to the humanitarians who have or use that information. The risks vary by context, time, and people involved, and may include immediate or delayed threats to life, security, identity, or freedom, individually or collectively.
In this deliverable, we provide a detailed review of the principled, systematised, and collaborative processes that aim to collect, process, analyse, store, share, and use personal data and information to enable better disaster response. We make extensive use of the comprehensive Handbook on Data Protection for Humanitarian Action (HDPHA 2017), co-edited by Christopher Kuner (Free University of Brussels, Belgium) and Massimo Marelli (ICRC), as well as other relevant sources from international agencies and response organizations, and academic literature.
Following a detailed presentation of data protection issues and measures, we elaborate the data protection measures that should be taken by a humanitarian organization intending to use the iTRACK system for tracking and monitoring its operations. Two possible usage scenarios for the iTRACK system are envisioned: (1) iTRACK is used by a humanitarian organization who has acquired the iTRACK system; (2) one of the iTRACK consortium partners, once the project is completed, offers iTRACK as a service to humanitarian organizations and manages the service. For both cases, we elaborate the data protection responsibilities of the humanitarian organizations as well as the service providers.
Finally, as there is a growing consensus that data protection measures are at the core of humanitarian work, and increasingly form the fundamental basis of humanitarian information management, we expect that compliance of humanitarian organizations with GDPR requirements will only be a matter of time, and we hope that our review of possible data protection measures will be helpful in achieving that goal.