Achieving Development at the Cost of The Right to Privacy? The Promise and Peril of New Technologies in Social Protection Programmes.
Information and communication technologies and social protection
In recent years, donors, development agencies and poverty reduction initiatives have increasingly turned towards social protection as an effective tool for addressing extreme poverty and accelerating development in the world’s poorest countries. The term refers to the provision of benefits in cash or in kind to secure protection in case of social risks and needs, which take the form of cash transfer schemes, public works programmes, social pensions, school stipends and food vouchers or transfers (ILO 2010:13-15).
Social protection is now a priority initiative both for bilateral aid donors, such as the UK’s Department for International Development,1 the US Agency for International Development and the European Commission as well as for development agencies such as the World Bank and UNICEF.
Nevertheless, a number of significant practical, structural and institutional challenges exist when delivering social protection initiatives in developing countries which often impede the effectiveness of such programmes.
In this context, new technologies are seen to hold enormous potential and promise for improving the reach and effectiveness of social protection programmes. In recent years, a variety of ICTs, such as smart cards, cell phones, mobile ATMs, GPS devices, and biometrics (Devereux and Vincent 2010), have been piloted, particularly in remote and rural areas In addition, social protection systems are gradually being transferred from paper-based to fully electronic systems in many countries, in combination with information derived from multiple and separate social protection initiatives being consolidated into a single registry of social protection beneficiaries. Proponents of the integration of ICTs into social protection programmes cite the following benefits: efficiency and cost-effectiveness; flexibility; access to financial infrastructure; leapfrogging the digital divide; multi-functionality; scalability; and minimizing fiduciary risk and fraudulent access (Devereux and Vincent 2010).
Management Information Systems
Acknowledging the considerable benefits that can be derived from integrating ICTs into the delivery of social protection, the use of information and communication technologies nevertheless also poses a number of risks to beneficiaries’ right to privacy, as extensive and sensitive information is collected, analysed and disseminated about them. In particular, the use of electronic Management Information Systems (MISs) to collate and generate information about social protection beneficiaries and inform targeting, management, reporting and analysis raise serious concerns. MISs facilitate the gathering and storing of extensive amounts of personal data in what are often insecure or high risk environments. Where donors or development agencies administer the scheme, and where private-public partnerships are integrated into the scheme, the potential for abuse of beneficiaries’ personal information is high. There is some confusion around the ownership and use of sensitive personal information collected by social protection programmes; these concerns are particularly serious in low-income countries where data protection laws are weak, or non-existent.
The collation of extensive and sensitive personal information in an MIS presents a number of challenges in respect of privacy and data protection. These include:
- Accuracy of data: Multiple obstacles exist to collecting accurate and comprehensive data in situations in which social protection programmes are administered, including the geographical remoteness of target communities, social exclusion and discrimination, lack of literacy, and the absence of formal registration records. By enabling the digitization and indefinite preservation of potentially inaccurate data, MISs risk reinforcing and institutionalizing such inaccuracies, which may be impossible for beneficiaries to correct.
- Security of data: Ongoing technical support and maintenance of a system is key to ensuring security, and yet requires a level of expertise and capacity that may not be present in donor-run or pilot social protection schemes. Systems that involve the transfer of data via telecommunications networks face additional threats in the absence of encryption or where state authorities are conducting communications surveillance.
- Misuse of data: Any personal information contained in MISs is vulnerable to fraud or theft, as well as transfer to third parties. The higher the sensitivity of the data – data, for example, that reveals or could be paired with other data to reveal ethnicity, religion or political affiliation – the more vulnerable it is.
A further challenge of adapting MISs to social protection programmes is ensuring that the technologies deployed are appropriate to the relevant culture and context. A study of the development of an MIS for the distribution of social protection benefits in St. Kitts revealed that it is “necessary to understand the contexts in which data is collected and used to ensure that the [MIS] will fit within the users’ work environment and be useful to them” (Pitula et al. 2010) Simple assumptions inherent in the design of technology such as the requirement to enter addresses that follow a predefined format may undermine the utility and effectiveness of MISs in developing countries. It is estimated that already in developed countries approximately 25% of MIS projects are failures, and up to 60% have significant undesirable outcomes; in developing countries, this number is likely to be significantly higher (Pitula et al. 2010). Not taking cultural contexts into account may contribute to such failures, which also stem from factors such as cost overruns, insufficiently trained staff, and inadequate processes. Early studies in this field showed that almost all World Bank-funded MIS projects in Africa were reported as partial failure (Heeks 2002).
Similar concerns exist with the move away from cash or in-kind transfers and toward electronic transfer by aid agencies. The card- or mobile-enabled conversion of cash into electronic money has been a hugely successful advancement in the provision of social protection transfers in developing countries. However, numerous risks arise due to the sharing and transfer of personal information with third parties. E-transfers rely on the private sector to provide the telecommunications and financial infrastructure, and to design and maintain the banking and mobile systems upon which e-transfers rely. Electronic cash transfer systems are often run by small NGOs on a pilot basis without concrete structures, extensive legal expertise or sufficient resources to ensure that third party contracts are rigorously analysed and complied with. The likelihood that beneficiary data is being shared and analysed by third parties is thus increased.
The beneficiary data collected for e-transfer programmes is often more extensive than that gathered in conventional aid distributions and is necessarily shared with commercial partners who assist in the distribution of cash via new technological means. The development of sophisticated databases, the sharing of those databases with third parties, and the lack of technical and operational security around the collection, use and sharing of data all create a heightened risk framework, at the heart of which are the very people agencies seek to support.
The risks of deploying MISs and e-transfers in social protection programmes are increased by the absence of legal frameworks and safeguards to regulate the use of data collected under the auspices of such programmes. In most developing countries, data protection legislation is weak or non-existent. Many social protection programmes are established ad hoc, as pilot programmes by development and humanitarian agencies, or under the ambit of bilateral aid agreements, without accompanying legislative or regulatory frameworks. This means that the rights of the beneficiaries in the programme are unprotected, and the administrators of the programme have wide discretion when dealing with beneficiaries’ personal information. In any event, given that many programmes are the result of a collaborative effort by multiple stakeholders—including donors, government actors and international NGOs—there are serious questions about accountability, transparency and avenues for recourse for beneficiaries.
Ensuring privacy in social protection
With increased pressures on aid agencies to improve their monitoring and evaluations and to ensure the efficient disbursement of aid funds, there will be ever increasing pressure to collect data and replace expensive human resources with cheaper technological solutions. Yet increasingly the technologies and techniques adopted by bilateral donors and international funding agencies are achieving development at the cost of human rights, particularly the right to privacy and protection of personal information. It is essential that the development and humanitarian community has informed and realistic debates about whether a technological system should be developed and deployed in a particular context. Such debates are not only ethical, they are legal, and must confront the compatibility of such technological systems with national, regional and international human rights instruments (as is happening to an extent in Europe). Privacy is of course recognized at both the international and regional levels as a fundamental human right. Importantly, the vast majority of developing countries also have explicit constitutional requirements to ensure that their policies and practices do not unnecessarily interfere with privacy.
One possible route toward greater protection of the right to privacy in social protection programmes is the elaboration of guiding principles on the protection of beneficiary privacy. A leading initiative in this context is the Cash Learning Partnership’s (CaLP) publication Protecting Beneficiary Privacy: Principles and operational standards for the secure use of personal data in cash and e-transfer programmes. The CaLP led a consortium of non-governmental organizations to produce principles and operational standards around protecting beneficiary privacy in cash and e-transfers. Projects like CaLP’s help build toward the goal of international standards around data protection in the development and humanitarian fields. They also illustrate the growing willingness of humanitarian and development organizations to engage with privacy and data protection issues. Even the recognition that there is a problem that requires addressing is a great step toward better practice.
Devereux, Stephen and Katharine Vincent. 2010. “Using technology to deliver social protection: exploring opportunities and risks,” Development in Practice 20(3):367-379.
Heeks, Richard. 2002. “Information Systems and Developing Countries: Failure, Success, and Local Improvisations,” The Information Society: An International Journal 18:2, 101-112.
ILO. 2010. World Social Security Report 2010/2011: Providing coverage in time of crises and beyond. Geneva: ILO.
Pitula, Kristina, Daniel Sinnig and T Radhakrishnan. 2010. “Making Technology Fit: Designing an Information Management System for Monitoring Social Protection Programmes in St. Kitts.” Paper presented at the SALISES 11th Annual Conference Turmoil and Turbulence in Small Developing States: Going Beyond Survival, Port-of-Spain, Trinidad & Tobago, 24-26 March.
ABOUT THE AUTHOR
Carly Nyst is Legal Director at Privacy International where she leads her organization’s engagement with international human rights mechanisms and humanitarian organizations. Prior to joining Privacy International, Carly was the Legal Adviser to the United Nations Special Rapporteur on Extreme Poverty and Human Rights, and Visiting Scholar at the Columbia Law School’s Human Rights Institute. Carly is an Australian-qualified lawyer who has worked in human rights law and advocacy at the national and international levels. She holds an MSc in International Relations from the London School of Economics, and Bachelors degrees in law and international relations from the University of Queensland, Australia.
This commentary originally appeared on the UNRISD website.
- The UK’s Department for International Development collaborates on social protection programmes in Bangladesh, Pakistan, Yemen, the Occupied Palestinian Territories, Ethiopia, Kenya, Mozambique, Rwanda, Uganda, Zambia, Zimbabwe, South Sudan, Ghana, Nigeria and India. See Paul Wafer’s presentation Current DFID engagement on social protection, at the Inter-Agency Show and Tell Meeting 2010 – Social Protection, ILO, May 2010. ↩