Responsible by Design

Julia Keseru

The Responsible Data community is celebrating its 5th birthday this year. This is our first post in a series to explore what’s next for RD.  

Elected officials in fragile contexts often take enormous risks by entering the political arena. Holding office in many countries (like Mexico, for instance) significantly increases the chances of putting one’s life at risk, especially when required to enter personally identifiable information into public databases for the sake of scrutiny. At the same time, access to basic information about politicians and their financial affiliations (such as the companies they own or hold shares in) can be crucial for investigative purposes, uncovering illicit financial flows, fighting against organized crime and more. 

This is just one of the many examples of how our fundamental rights in the digital age are in tension with each other in seemingly irreconcilable ways. 

And yet, our existing solutions to this tension are a bit of a patchwork. On one hand, there are legislations that seem to face this tension head-on but often fall short. For example, our freedom of information laws often contain important privacy exemptions, but those exemptions are repeatedly abused by state actors. On the other hand, many approaches end up ignoring the tension and remaining one-sided. For example, we have both open data policies with only vague (if any) mentions of data privacy and privacy legislation without any considerations around transparency or the right to truth. Even broader normative frameworks like the EU’s General Data Protection Regulation (GDPR) have limitations when it comes to being comprehensive.

To a certain extent, it seems like we try hard to define the thesis in light of the antithesis–e.g. privacy in the face of transparency, openness in the face of ownership, or vice versa–but the synthesis is often missing. 

As AccessNow phrased it in their communique after this year’s RightsCon, “across each issue and sector, human rights must be at the centre of every product design and policy decision. Respect for human rights and the needs of marginalised communities must be foundational, rather than an afterthought, if we hope to prevent avoidable and often irreversible harm.” So what does a more holistic, rights-based approach to working with data in the digital age look like? 

From the perspective of norms and regulations, some argue that the answer is an all-encompassing framework aggregating fundamental principles around how our basic human rights apply to the digital age. In many ways, I agree: I believe that any attempt to provide broader guidance around how our human rights apply in the digital age is welcome and helpful. 

However, it’s clear to me that normative frameworks only make sense when they are adaptable to dramatically different environments. As we’ve said many times before, context matters. Overly generic solutions likely fail if they aren’t 1) tailored to context or 2) baked into the design of a new system from the very beginning. Ask any transparency activist from outside the US and Europe and they will tell you about their struggles of trying to implement open data policies in less tech-savvy contexts or in political contexts with less trust between government and citizens.

Responsible by design 

In the past five years, we have seen Responsible Data become a helpful framework in civil society’s efforts to think more holistically about our fundamental rights in the digital age. Back in 2014, the Responsible Data community was conceived to bring these existing but siloed discussions under one umbrella, enabling conversations to happen across sectors. As a result, the RD community is now a diverse and trusted online community with over 1000 practitioners, activists, academics, technologists and humanitarian workers who share their challenges and design best practices together. 

And while most of the work within the RD community remains focused on civil society and humanitarians, I believe that the very same rights-based approach to designing, implementing and scaling best practices for the use of data could indeed be leveraged by other sectors and stakeholders as well–a responsible by design approach, if you wish.

Let’s take government contracting as an example: Our current public procurement systems rely heavily on contracts that are full of commercially sensitive information (such as trade secrets) and personal data (like supplier’s addresses). This should come as no surprise; they were originally designed in ways that paid no attention to any of the above-mentioned rights. Because of that, government contracts now need to be heavily redacted before they can be made public online. Redacting is neither a reliable nor a straightforward process– it creates ample opportunities for loopholes and abuse, and is a pain for everybody involved. 

A responsible by design approach to contracting would mean that procurement agencies might need to rethink what they want to see in contracts in the first place. For instance, legitimately sensitive commercial data (like the secret ingredients of your award-winning product or a brand new methodology) may not even have to be part of any contract at all, to protect the right to intellectual property. Unit prices, on the other hand, are crucial for public scrutiny and essential to monitoring fair competition and fraud. In the same vein, personally identifiable data (such as the addresses of main point of contacts) may not need to go into government contracts at all – there are other ways to make sure that the potential candidate supplier is identifiable, without jeopardizing people’s safety, security and right to privacy. (See this great report from the Open Contracting Partnership on the most common myths that keep information confidential in public contracting.) 

Many other approaches–both explored and as-of-yet discovered–exist at this point of synthesis. We’re eager to learn from and support others in this space and look forward to sharing what we find. We also encourage you to join the Responsible Data community to share ideas of your own, identify shared challenges and more. 

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.