Considerations for the International Aid Transparency Initiative
(Please find a .pdf-version of this report via the attachment below)
1. Purpose of this note
The purpose of this note is to provide background and questions for further discussion within the IATI community around “responsible transparency” generally, but also in situations of fragility or crisis and will be taken up through consultations with our community on IATI Connect leading up to a dedicated session at the forthcoming IATI Virtual Community Exchange (12-13 October 2021).
Across the world, governments and other development stakeholders are systematically making more (and more relevant) data open and accessible, providing a valuable asset for social and economic transformation. The belief that data collected and shared by these stakeholders can support positive development outcomes by enhancing service delivery, prioritising scarce resources, holding governments accountable and empowering individual citizens is increasingly predominant in evidence-based decision-making by development and humanitarian stakeholders. Over the past several years, a growing number of actors, including bilateral donors, multilateral organisations, civil society, the private sector and governments of developing economies, have been adopting open data plans, implementing policies, and publishing datasets that previously remained locked away in closed databases. This move toward “open data” is part of a broader global trend toward more data-driven policymaking for development — the ‘data revolution’.”
The International Aid Transparency Initiative (IATI), an open data standard, is a critical actor in the push for more informed, coordinated, coherent and effective decision-making in development and humanitarian policy. The initiative provides a common format for all development partners to voluntarily publish open, reusable information on development cooperation resources to increase the effectiveness and traceability of their funding. IATI, like many other open data initiatives, urges the release of datasets in reusable formats under open licences, seeking to make data findable and datasets interoperable with a view to maximising their reuse both alone and in combination with other datasets.
However, in the case of IATI, as with all open data initiatives, many of the features of open data that increase its value for development can also increase its potential for harm, especially in sensitive political or emergency / humanitarian circumstances. For instance, data could be used for political surveillance and control or discrimination and exclusion, or it may expose sensitive information that may be (or might become) harmful to already vulnerable populations or organisations, especially in fragile, authoritarian and / or conflict-affected settings. Given the potential for misuse of data in these situations, such as the recent transition to new authorities in Afghanistan and Myanmar, a conversation about the balance between transparent data and ‘doing no harm’ to implementing partners, including the possible responsibility of data publishers to remove or restrict their data, has recently been gaining steam.
3. The issue at hand
This juxtaposition between transparent and open data, and the need to protect private or sensitive information is an uneasy balance. The availability of open data pursuant to countries in the midst of political upheaval or humanitarian disaster, which is publicly accessible to parties who may wish to use it for malicious purposes, poses particular challenges in terms of safeguarding privacy and ensuring safety. For instance, datasets may, by their nature, include information about identifiable individuals, including names (of staff, partners, beneficiaries, funders, or organisations, especially common in the case of multilateral organisations, who publish the names of policy officers, etc.); location information (including contact details, addresses or locations); information that would disclose activities or intentions that may conflict with local and / or government sentiments, e.g. human rights, political or religious sensitivities; and other identifying information that could jeopardise individuals’ safety, especially in cases where there is a political or humanitarian emergency. In some cases, there is also a risk that open datasets could be combined to identify sensitive information.
While the fundamental principle for information disclosure in these situations should be weighted toward transparency, it must be recognised that in certain situations, sensitive information that could be or have become harmful given (changes in) the political or security context should be safeguarded. Thus the concept of “responsible data” presents open data initiatives and individual publishing organisations with the choice of maintaining a narrow focus on data availability or considering and addressing the consequences, positive and negative, of broader data accessibility and use.
4. IATI data and ensuring “responsible” transparency: challenges
Though there is a nearly-universally recognised need to balance transparency and privacy / security concerns, the implementation of data responsibility is, in practice, the obligation of publishing organisation, leading to an inconsistent landscape in regard to data sensitivity within and across development and humanitarian contexts. For instance, in the face of the recent transition of authorities in Afghanistan, several bilateral IATI publishers have taken steps to remove or restrict data related to the country. Likewise, some UN agencies have removed data on Afghanistan from their own tools built on IATI data, and others have plans to edit their IATI datafiles to remove any potentially sensitive information. At least one UN publisher has also noted the desire to re-publish certain information after reviewing / modifying the relevant sensitive details. On the other hand, many publishers have chosen simply not to act, preserving the status quo (e.g. at this time of drafting, there are still 1,871 projects related to Afghanistan currently live in IATI’s d-portal, some of which have been restricted).
Protecting sensitive information poses challenges at several levels and within different timeframes for publishers:
Pre-publication, challenges in safeguarding sensitive information within IATI exist at the operational level. Identifying datasets that contain sensitive information and preparing them for publishing can be time and resource intensive. Further, deciding whether datasets contain information capable of leading to the identification of individuals or at-risk organisations, or relevant safety concerns, can be challenging, particularly when it’s not always clear where sensitivities may eventually emerge. In the case of IATI as a voluntary standard, publishers may also establish and apply their own principles as the primary custodians of their data (i.e., in this case, develop an ‘exclusion policy’), further complicating the holistic picture of sensitive information within IATI, and underlining differences across publishers and individual datasets.
Once data is “open” – meaning it has been published under an open license – it may be taken and used by different people in different applications, both online; such as digital, third-party platforms built on IATI data, and offline; such as a dataset downloaded and used for research purposes. As such, even with data removal from the primary source (in this case, the IATI Datastore / Registry), data may be housed in other tools that could still pose a risk for malicious use. In addition, because new technologies can transform older documents published by development cooperation stakeholders into searchable data, these risks relate to more than just the publication of new datasets and can be problematic for previously-published data as well.