You are a member of the public interested in inter-organisational disaster response collaboration?
You might want to learn more about the following topics:
This Section addresses options and aspects that could be addressed when thinking about involving the public into disaster risk management and emergency planning.
In many EU Member States, applications have been developed for civil protection authorities to warn and/or instruct the public. However, at the moment these applications usually apply to the national level and are not necessarily interoperable. An overview can be found below:”
In general, volunteering can take shape in offering physical help or assisting through digital means, including the provision of volunteered geographical information (VGI). Volunteering here can be either formalized and connected to existing response groups (e.g. Standby Task Force) or informal and spontaneous.
The following reports give a good overview over the topics:
Crowd-sources data: data protection and ethical aspects
Citizens in transboundary Crisis
When working with citizen data or crowd-tasked data, privacy and data protection considerations are key. Specific ethical and privacy considerations involving citizens must be made when acting in transboundary crisis situations. These include citizens’ rights such as the right to privacy, dignity and data protection as well as transparent pathways to redress adverse impacts that activities may have on citizens. More detailed considerations are included below.
Personal data protection and privacy considerations for working with data about or produced by the public:
Information generated by the public through social media and citizen sensors are becoming increasingly valuable resources for situational awareness during disasters, as well as for understanding community preparedness needs in disaster planning. Research around such tools has lead to a range of recommendations:
- Allow volunteers to contribute content only after they are registered and authenticated, preferably with multi-factor methods. Permission management and two-step verification tools can help with this.
- While much of the data is aggregated in ways that do not automatically reveal authors, content could be sensitive and users could infer identities or allow for the tracking of the original source. There are a range of pseudonymisation tools that can help mitigate such risks found at this Often, the raw content of any contributed data should be kept confidential, with only summaries shared.
- Keep a record of your data processing activities, no matter how small, a process for which can be found here: https://www.cnil.fr/en/record-processing-activities. Ensure these are regularly audited.
- Ensure the platforms encryption and privacy enhancing technologies are sufficient so as to not risk a data breach.
- Provide data protection and quality guidelines and frameworks for crisis crowdsource volunteers, to support data gathering, processing, storing, re-use, sharing, archiving, destruction, and address third party risks. These can also support you in working with crowdtasking in developing procedures for assessing accuracy and relevancy of contributed data as well as consistency frameworks.
- Allow volunteers to request to be anonymous, decide when to (or not to) disclose their locations, and choose how to be contacted.
- Respect a volunteer with different privacy conceptions, and almost expect they might work under a different culture of privacy as they are often scattered across the globe.
- While photographs are valuable, they often carry personal data as they are taken and geotagged using a personal mobile phone. Ensure appropriate procedures are in place and followed for removing the meta-data from photographs, even if they do not include people. This includes developing techniques for assessing if the photograph is trustworthy privacy (e.g. assessing it is from the right time and place) without compromising the volunteer’s privacy.
- If personal data is to be retained, have clearly defined, in advance, retention periods and purposes, as well as deletion procedures.
France’s CNIL and the UK’s ICO offer insightful practical advice:
If working with crowdsourced data, understand that even location data can be personal data. If you use this data you must think of the risks to the persons involved and mitigate them. A good infographic as to the process can be found here: PDF
If the crowd tasking involves cloud-based services, unique challenges emerge around lack of transparency and understanding where data is stored. Many crowd-based citizen tools are used globally, and thus it is unclear if they all meet GDPR standards. CNIL offers recommendations as to what to consider prior to engaging with such services and data.
When needing to anonymise data and publish it, particularly when possibly dealing with freedom of information requests, the UK ICO offers a code of practice.
Some guidance or codes of conduct exists to help address the ethical challenges faced when using this data. For example:
‘Towards a Code of Conduct: Guidelines for the Use of SMS in Natural Disasters’ (GSMA, 2013 ).
- They recommend that agencies should only engage in crowdsourcing unless you have the capability to act on the data received. Doing otherwise can damage credibility with those you protect or raise false expectations.
- They also suggest that any platform that might be used for gathering information from the public should be assessed in relation to the local media context, and data literacy, distribution/diversity of potential volunteers, and reliability of networks.
IFRC’s ‘How to Use Social Media to Better Engage People Affected by Crises’
- Know what resources and processes you need to have in place, such as training for how to consistently assess data from the public, key decision-makers around this data, social media guidelines (including how to address negative comments or rumours).
- Decide what you are going to measure and how, in discussion with the volunteers who have specific local knowledge that could be valuable.
- Define what successful data collaboration looks like in advance, in order to engage in feedback loops.
OECD’s ‘The Role of Social Media in Crisis Preparedness, Response and Recovery’
- Conduct joint training with these volunteers in order to share a common language and robust skills.
- Active dialogue with communities outside of data gathering can help build awareness of each other’s approach to risks and resilience.
- Effectiveness depends on penetration and reach of these platforms and the volunteers within the communities served. It can sometimes be greater liability to have partial/incomplete/exclusionary data than no data.
- Technology designers and users need to have clarity over what about any individual (end-user or public) their tool gathers, stores, and shares in what contexts.
- In particular, consider crowd-taskers and the publics: Autonomy, Dignity, Privacy, Data Protection and Informed Consent, Justice, Do No Harm, Non-discrimination, and Trust.
- All collaborations must proactively engage with the public throughout their activities to ensure the considerations above are accounted for and any adverse impacts are mitigated.
- When communicating with the public, collaborations must adapt and incorporate a transparent and reflexive stance. For example, they must disclose how the data is compiled, classified, and contextualised (Leurs and Shepherd, 2017). This openness will in turn encourages trust.
- This engagement and inclusivity will also shed light on how volunteers will engage with the platforms, what kinds of privacy they want to maintain, and their regular practices for doing so.
- If the public is involved (via, for example, social media or crowdsourcing) consent could be necessary for personal data processing of the members of the public. Have a clear understanding of when consent is needed when engaging publicly available data.
- Organisations must also consider societal and cultural differences across borders and how regional transboundary differences affect different decision-making priorities and how that could impact their ability to best serve their communities. Considering privacy is especially important for cross-border situations because while the GDPR has helped to build consistency in data protection practices, it has not erased differences in cultural understandings and approaches to privacy.
Leurs, K. & Shepherd T. (2017). Datafication & Discrimination. In The Datafied Society. Eds. M T Schäfer & K van Es. Amsterdam University Press. Pp. 211-234.
Private sector interaction
The DARWIN project developed guidelines for the design of cross-organisational resilience, helping a private or public company, an authority or government agency either at international, national or local level to develop their own resilience guideline.