Protracted conflict and unprecedented levels of displacement have broken down the barriers between development and humanitarian work, prompting humanitarian organizations to engage more with social protection systems. While this presents another entry point to support affected populations in the medium- and long-term, it also stresses the importance of the principles of neutrality, impartiality, independence, and humanity in humanitarian action (NIIHA) which, if compromised, could impact the trust of parties to a conflict or affected populations, as well as access to the latter.
In this post, ahead of the ICRC Digitharium’s ‘Digital Dilemmas’ virtual debate on social protection systems, Cristina Quijano Carrasco from the Yale Jackson Institute for Global Affairs explains why it is essential – particularly in this digital age of interoperable systems – that humanitarian organizations consider these challenges in assessing their engagement in social protection programs.
Think of the last time you set up a bank account – what information were you asked to share? Probably your name, current address, phone number, a photo ID and your date of birth, at a minimum. Now imagine you are in a country that has been grappling with armed conflict for most of your life. You and your family were recently displaced from an opposition controlled area to a government controlled area and you are setting up a bank account so you can access cash transfers from a humanitarian organization’s emergency relief programme, which will be a great help to your family. The organization in charge of the programme has made clear that they are committed to taking a principled humanitarian approach to handling your personal data. You trust them, and you wonder, does the bank have any similar obligation? What might happen to your data and who might the bank share it with?
This example hints at the benefits, as well as some of the risks, of humanitarians engaging in social protection, a system of policies or actions aiming to enhance the capacity of all people, but notably vulnerable groups, to escape from poverty and better manage risks and shocks. With a strong potential to tackle pressing humanitarian needs while promoting a wide range of social and economic goals related to sustainable development, social protection systems are increasingly considered a medium- and long-term policy mechanism in situations of protracted conflict, displacement and state fragility. Social transfers, which make up a significant part of wider social protection programmes, are primarily cash-based, and as such generally use regular cash transfers to targeted populations, which has been shown to promote economic empowerment while decreasing poverty and food insecurity.
All forms of humanitarian engagement in social protection systems call for some degree of collaboration with national governments and, in many cases, other organizations and private entities. Interoperability between the humanitarian and social protection sectors, including information sharing, standardized data collection, common database and data sharing agreements, is therefore critical in the management and delivery of services. This includes information related to an identified or identifiable natural person – in other words, personal data – which can include demographic and metadata.
In this context, what are the implications for humanitarian organizations committed to upholding the humanitarian principles of neutrality, impartiality, independence, and humanity in humanitarian action (NIIHA) and engaging with non-humanitarian actors who are not?
Back to basics: a principled approach
To understand how humanitarian engagement with non-humanitarian actors might undermine the NIIHA approach, it is first necessary to understand all four humanitarian principles and how these might be compromised in the context of such engagement.
Impartiality, independence and neutrality are the core principles guiding humanitarian action during armed conflict or other situations of violence. They are mandatory in nature and are enshrined in the Statues of the Red Cross and Red Crescent Movement and Code of Conduct adopted by the ICRC and hundreds of other organizations providing humanitarian assistance. While the three principles are intrinsically related, it is important to draw the differences between them to understand the risks of humanitarian engagement in social protection.
Impartiality refers to non-discrimination, proportionality, and a needs-based approach to decision-making. This means that decisions regarding populations must never be influenced by considerations other than need. Neutrality, on the other hand, refers to humanitarians not taking sides in hostilities or engaging in controversies of a political, racial, religious or ideological nature so that humanitarians can enjoy the confidence of all sides. This allows organizations to act effectively in difficult situations. Finally, independence means that organizations must always maintain their autonomy so that they may be able at all times to act in accordance with their principles.
Humanitarian engagement in social protection is, in principle, a needs-based decision due to the protracted nature of humanitarian needs, thus driven by the impartiality principle. Nevertheless, national authorities and private entities with which humanitarians must engage to succeed at social protection may have different drivers or motivations.
For example, donors and humanitarian actors are increasingly supporting the development of social registries for social assistance programmes, where governments ultimately own the full registry and its data. But national authorities may request additional data on certain populations with the objective of monitoring for national security interests, and refugees may undergo extreme vetting for terrorism, which may lead to the violation of fundamental human rights like non-refoulement.
Similarly, when programmes are cash-based, collaboration with financial institutions is essential for the logistics of the cash transfer. Beneficiaries are often required to open personal bank accounts in order to deposit grants, as in the opening example of this blog. But banks and other financial service providers have profit motivations that can conflict with the principle of impartiality. Personal information could be sold for profit or used for targeted marketing. Financial service providers also have legal obligations to provide certain data to the authorities, including law enforcement. Under this logic, certain populations could be subject to extreme vetting for terrorism or be excluded from social protection programming for not justifying priorities related to citizenship and stability.
The transfer of personal data is a risk to neutrality as well. Interoperability heightens data protection risks such as data breaches or unauthorized sharing of data. If the governments and private entities receiving data from or collaborating with humanitarians either use data inappropriately or unsuccessfully, the humanitarian organization will be implicated, even if it has limited ability to monitor how the data is used by other entities. Furthermore, if the data collected or processed for humanitarian purposes is used at any stage for law enforcement, as in the cases outlined above, the humanitarian organization may no longer be considered neutral by communities, governments, and other organizations, facing repercussions on access and security and limiting their ability to work effectively. And lastly, by engaging in social protection systems, a humanitarian organization may be asked to share data with one of the actual parties to a conflict, which could be particularly problematic in the context of non-international armed conflicts or in the case of displaced populations.
The crux of the matter: independence
It is the principle of independence that is at the heart any question as to whether a humanitarian organization should engage in social protection. It is key that humanitarians retain their autonomy and evaluate their engagement with other actors. This includes critically considering the consequences of sharing information and technologies, as well as anticipating the risks.
While in some cases this may mean turning down any requests that are in conflict with humanitarian principles, in most of them it involves sufficient planning, risk evaluation, risk mitigation and adequate negotiation. There are three key considerations emerging from data protection standards in this regard:
1. Data protection principles
Humanitarian organizations must advocate and ensure that social protection schemes comply with data protection standards. Particularly in the context of the need for interoperability, data should be limited to the minimum amount and extent necessary and collected for a specific purpose. It should be processed and used fairly, lawfully and proportionally. Personal data in humanitarian emergencies is often sensitive and should be used only to the extent it is necessary for the provision of services. Humanitarians need to consider the potential uses of data outside social protection (including targeting, discrimination, and persecution or use for conflict-related purposes) and whether the information being collected is sensitive or could be manipulated to be sensitive, thus putting people at risk.
2. Lawfulness and fairness of processing, and rights of data subjects
Stemming from the fair and lawful use of data, the rights of individuals and populations must not only be respected at all times, but also positioned at the center of decision-making. These include the right to access their information, to correct such information should it be inaccurate, to erase the information if they so desire, and to object.
Data subjects cannot give meaningful consent for unforeseen uses of their personal data, including instances of further data sharing. The more actors with access to the data, the more difficult it becomes for humanitarian organizations to anticipate second-order implications of collected information. Therefore, humanitarian organizations have more difficulty to uphold their rights to access and retract their data. Similarly, this risk increases as more data is collected.
3. Data security
Finally, humanitarian organizations are responsible for ensuring that all the systems in which they participate prioritize data security. This includes questions relating to data storage, access to information and security measures in place.
When supplementing or supporting social protection systems in places with a low data protection infrastructure or standards, it is possible that systems may not be equipped to guarantee data security. Humanitarian organizations need to consider situations where they would not be able to guarantee the security of the data if it were in the hands of other public or private entities, and the consequences of this, including in terms of their position of impartiality, neutrality, and independence.
As humanitarian organizations explore the benefits of their engagement in social protection, they need to consider the risks that this entails. Situations widely vary across the different places where the ICRC and other organizations work. Therefore, identifying and mitigating the risks must be carried out on a contextual basis. Ultimately, considering and applying the principles of the NIIHA approach will ensure that by engaging in social protection initiatives, humanitarian operations do not lead to harm for the population they are looking to serve, or to humanitarian action more generally.
- Jill Capotosto, The mosaic effect: the revelation risks of combining humanitarian and social protection data, February 9, 2021
- Massimo Marelli, Hacking Humanitarians: moving towards a humanitarian cybersecurity strategy, January 16, 2020
- Tina Bouffet & Massimo Marelli, The price of virtual proximity: How humanitarian organizations’ digital trails can put people at risk, December 7, 2018