The Centre for Internet and Society recently released a groundbreaking paper on the practical, legal and ethical implications of using mobile phone data (CDRs, or Call Detail Records) in emergencies, with Liberia’s experience of the recent Ebola epidemic as the case study. Written by Sean Martin McDonald, the paper is brilliant, insightful and well researched, and is creating a much-needed debate in the humanitarian and responsible data communities. This post is a contribution to that debate. It reflects on just one of the ethical issues surfaced by the analysis, that of consent to data-sharing in the context of humanitarian emergency.
CDRs, as McDonald writes, are one of the most sensitive kinds of digital data available. They are intensely revealing of personal characteristics, showing all kinds of information that not only make people identifiable, but also make it possible to track, locate, monitor and influence behaviour. Consent is key to data protection law, as is understanding the purpose for which data will be shared. The logic of the paper is that for mobile operators to pass such data on to humanitarian organisations (most likely with the national government as intermediary compelling the sharing of the data), individual-level consent would be the most important factor in making sharing possible.
McDonald argues thus:
‘Obtaining consent at point of collection is both a legal requirement in the Liberian context and a commercial practice that has significant precedent for less altruistic means. There is no question that building emergency data use clauses into commercial and public service contracts is both the most straightforward and the most legal way to facilitate the sharing of CDRs, and minimizes virtually every other question that the law compels.’
This argument, although in line with all existing data protection rules and norms, is problematic in a practical context. Consent without purpose limitation – knowing what one is consenting to – is widely judged to be legally (and practically) meaningless. Furthermore, the kinds of context in which mobile data may be shared under ‘emergency data use clauses’ are exactly those where purpose limitation is unlikely and a chain of sharing and reuse may be established under the same premises of urgency that made data shareable in the first place.
For example, a hypothetical case where a large-scale attack, such as an instance of bio-terrorism, occurs in a country, affecting a large portion of the population. The country’s government may authorise data sharing for public safety reasons, allowing international authorities access to CDRs to track who is in need of help or may infect others. National security challenges often, by their nature, lead to national political and governmental instability, so that data released for purposes of care may soon also be seen as necessary for purposes of control – in fact, control often becomes defined as care in emergency situations. Crowd control and disease quarantine are just two obvious examples of this.
In a situation such as this, mobile data may initially be shared in order to track and help people. But in a context of raised control such as military or emergency rule, such data may also become invaluable for tracking and preventing unauthorised population movements, flows of resources and financial transactions, or protest and activism. In these cases, the data would gradually become repurposed in a process that the surveillance field terms ‘function creep’, making people’s consent meaningless if they were only consenting to the data’s use for purposes of care.
To tackle this, lack of consent may in fact be the best strategy. To all intents and purposes, data sharing without consent is illegitimate. However, the argument is precisely that some emergency contexts may make it necessary to share data without being able to get people’s consent. So instead of effectively extending meaningless consent to this kind of data-sharing, perhaps it is more ethical to acknowledge that it is happening without explicit individual consent.