Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-78c5997874-g7gxr Total loading time: 0 Render date: 2024-11-08T21:48:39.259Z Has data issue: false hasContentIssue false

Index

Published online by Cambridge University Press:  24 October 2024

Edited by
Massimo Marelli
Massimo Marelli
Affiliation:
International Committee of the Red Cross (ICRC) and Universiteit Maastricht, Netherlands
Type
Chapter
Information
Handbook on Data Protection in Humanitarian Action , pp. 343 - 352
Publisher: Cambridge University Press
Print publication year: 2024
Creative Commons
Creative Common License - CCCreative Common License - BYCreative Common License - NCCreative Common License - ND
This content is Open Access and distributed under the terms of the Creative Commons Attribution licence CC-BY-NC-ND 4.0 https://creativecommons.org/cclicenses/

Index

Footnotes are indicated by n. after the page number, and figures by fig.

access right, 15, 3840, 107108, 158, 225226, 266
accountability principle, 35, 60, 63, 151152, 319320
accuracy of data. See quality of data
adequacy findings, 61
administrative activities, data processing for, 28, 305
AI. See artificial intelligence
anonymization and pseudonymization
for artificial intelligence use, 297, 301302, 315
before further processing, 24
blockchain tools as pseudonymized personal data, 251252, 261
cash and voucher assistance beneficiaries’ data, 139140
definitions, 1820, 52n.12
dimensionality problem, 85
for drone-collected data processing, 105
re-identification risk, 1920, 7172, 139140, 297, 301302
anonymous use of mobile messaging apps, 202203
applicable law. See also international data sharing
applicable law, 2021
artificial intelligence
anonymized data, re-identification using, 297, 301302
benefits and applications, 219220, 293, 294295, 298
bias problem, 296, 300301, 309311, 314, 316318
ethical assessment, 329332
HRIA (human rights impact assessment), 324329
data controller/data processor relationship, 299, 319321
data minimization principle, 295, 301, 312314
data protection by design and by default, 329
data subjects’ rights, 309311, 316319
datasets used by applications, 296, 298299, 320
definition and functionality, 290292
DPIAs (data protection impact assessments) for, 296297, 320, 322324
international data sharing, 320322
introduction to topic, 290
legal bases for personal data processing, 302305, 308309, 318
purpose limitation principle and further processing, 296297, 304, 305308, 322
retention of data, 314315
risks and challenges, 292303
securitizing data, 315316
social media data analysis using, 232233, 235, 237, 298, 303306
transparency principle, 304, 308309, 311312, 318
authenticating identities. See identity verification
backup procedures, 32
balancing of data rights and other interests
confidentiality protection, 15, 39
in emergency situations, 1415, 1718, 35, 44, 49
historical record protection, 15, 26, 4041
human rights protection, 1415, 54, 282
proportionality principle, 14, 2426, 122123, 227228, 264
bias problem of artificial intelligence. See under artificial intelligence
Big Brother Watch case, 177178
biometrics. See also identity verification
benefits and applications, 114116
data controller/data processor relationship, 126
data minimization principle, 122123, 227
data subjects’ rights, 124125
DPIAs (data protection impact assessments) for, 117118, 120, 125126
fair and lawful use principle, 120121
generally, 114
legal bases for biometric data processing, 118120, 124
purpose limitation principle and further processing, 121122, 123
retention of data, 123
risks and challenges, 115, 116, 117118
securitizing data, 123124
sharing data, 125126
special protection requirements for data, 116118, 124
types, 115
blockchain
applications in humanitarian sector, 219, 256258, 267
benefits, 250, 252253, 255
data controller/data processor relationship, 261263
data minimization principle, 263264
data protection by design and by default, 260261, 271272
data subjects’ rights, 265268
decision-making framework for deployment, 269272
definition and functionality, 250253
DPIAs (data protection impact assessments) for, 258260, 271
international data sharing, 268269
proportionality principle, 264
retention of data, 264
risks and challenges, 255256
securitizing data, 264265
types, 253255
‘by design’ approach. See data protection by design
cash and voucher assistance
beneficiaries, identity verification, 115
benefits, 131
blockchain technology for, 256, 257, 258, 267
data controller/data processor relationship, 143
data minimization principle, 139140
data subjects’ rights, 141
DPIAs (data protection impact assessments) for, 139, 140, 141, 143144
generally, 130131
legal bases for beneficiaries’ data processing, 136137
personal data collected and generated via, 132135
purpose limitation principle and further processing, 137139
retention of data, 140
risks and challenges, 131134, 256
securitizing data, 140141
sharing data, 141143
checklists for data protection compliance, 1516, 2627
children, 4548, 294295
CISCO Tactical Operations, 278
CLOUD Act (US), 178181, 186
cloud services
benefits and applications, 148
blockchain applications supported by, 264
data controller/data processor relationship, 151152, 154158, 166167
definition, service models and infrastructure, 148, 149151
deletion of data, 150, 155156, 157, 161
DPIAs (data protection impact assessments) for, 152, 153, 156, 165166
fair and lawful use principle, 153
GDPR codes of conduct, 167168
government access to data. See cloud-based data, government access
as international data sharing, 58, 165
legal bases for personal data processing, 152153
privileges and immunities, implications for, 149, 152, 157, 160161, 166167, 186189
purpose limitation principle and further processing, 153154, 159
risks and challenges, 148149
securitizing data. See cloud services, data security
transparency principle, 154155
cloud services, data security
asset protection, 160162
audits and procedures for, 164165
data in transit protection, 160
data subjects’ rights and, 158160, 165
during development, 163
governance of, 162
identity verification, 164
operational security, 162163
particular vulnerabilities, 164
privileged data, technical security measures, 167
responsibilities for, 156158, 163164
risks related to infrastructure types, 150151
separation between users, 162
staff selection and training, 163, 164165, 167
supply chain security, 163
cloud-based data, government access
criminal investigation grounds, 178184
impacts on aid beneficiaries, 184
impacts on humanitarian organizations, 184186
introduction to topic, 172173
legal duties generally, 173174
national security grounds, 174178
risk mitigation, 186189
community identifiable information, 8
compliance with legal obligation (legal basis), 5357, 284
computer security measures. See also cloud services, data security
computer security measures, 3132, 34, 5152
confidentiality duties
cloud service providers, 157, 159, 181
contractual duties, 31, 3233
data rights balanced against, 15, 39
in emergency situations, 1718
health data processing, 2728, 54, 8990, 184
identity verification before information disclosure, 3940, 216
levels of confidentiality, attribution of, 33
confirmation right, 39, 49
connectivity as aid programmes
data controller/data processor relationship, 282283
DPIAs (data protection impact assessments) for, 279, 281282
examples, 277278
international data sharing, 287
introduction to topic, 276277
legal bases for personal data processing, 283284
operational context, 278279
retention of data, 286
securitizing data, 284286
stakeholder partnerships for, 279281
transparency principle, 286287
consent (legal basis). See also information right
for artificial intelligence use, 302304, 308309, 318
for biometric data processing, 118120, 124
of cash and voucher assistance beneficiaries, 136137, 258
of children, 4548
of connectivity as aid beneficiaries, 283284
for digital identity data processing, 225, 226227
documentation of, 48
for drone-collected data processing, 102, 107
freely given, 46
information requirements for, 3637, 46, 48
for international data sharing, 60
for mobile messaging app data processing, 203, 206
for social media data processing, 244245
objection right, 40, 41, 4445, 4849, 107
timing of, 46
transmission methods and modes, 46, 48
of vulnerable adults, 4547
when not required, 44, 4546, 49
withdrawal of, 40, 49, 304
contact tracing apps. See also mobile messaging apps
data minimization principle, 93
DP3T protocol design, 8182, 9192
generally, 7981
risks and challenges, 8486, 88, 8990, 9293, 95
contingency planning, 33
contracts for data processing. See data controller/data processor relationship
contractual performance (legal basis), 5253, 60, 284
correction right, 40, 207208, 226, 266267, 318
counter-terrorist legislation. See cloud-based data, government access
COVID-19 pandemic
combating misinformation during, 234
contact tracing apps used in. See contact tracing apps
criminal investigation legislation, 178184
cross-border data sharing. See international data sharing
cross-functional needs assessments, 25
crowdsourcing, 108109
data analytics. See artificial intelligence
data controller/data processor relationship
artificial intelligence use, 299, 319321
biometric data processing, 126
blockchain use, 261263
cash and voucher beneficiaries’ data processing, 143
cloud services-held data processing, 151152, 154158, 166167
connectivity as aid programmes, 282283
digital identity management systems, 223224
drone-collected data processing, 109110
social media data processing, 243244
data controllers
accountability of, 35, 60, 63, 151152, 319320
data processors, distinguished from, 18, 261
data processors, relationship with. See data controller/data processor relationship
data security obligations. See data security
data sharing by. See data sharing; international data sharing
data minimization principle. See also deletion of data; retention of data
artificial intelligence use, 295, 301, 312314
biometric data, 122123, 227
blockchain use, 263264
cash and voucher assistance, 139140
cloud-based data, 155
for data protection by design, 9394
digital identity management systems, 216217, 227228
drone-collected data, 105106
generally, 25, 2627
mobile messaging app data, 207, 208209
data processing principles
accountability, 35, 60, 63, 151152, 319320
data minimization. See data minimization principle
data quality. See quality of data
‘do no harm’ (precautionary principle), 24, 35, 6970
fair and lawful use, 2122, 120121, 153, 308311
proportionality, 14, 2426, 122123, 227, 264
purpose limitation. See purpose limitation principle
transparency. See information right
data processors
confidentiality duties. See confidentiality duties
data controllers, distinguished from, 18, 261
data controllers, relationship with. See data controller/data processor relationship
international data sharing by, 58, 6365
sub-processors, 18, 124, 151, 157158, 188
data protection by design
artificial intelligence systems, 329
blockchain applications, 260261, 271272
case study. See contact tracing apps
cash and voucher assistance systems, 140141
data collected centrally, 9394, fig.6.1
data minimization principle, 9394
design assessment process
potential risks identification, 8890
risks assessment, 9093
digital identity management systems, 222223
generally, 7879
mobile messaging apps, 210211
purpose limitation principle
purposes determination, 87, 88
rationale, 8287
technical challenges, 9497
risks retention, 8788, fig.6.2, 9495
‘system’ definition, 79
data protection impact assessments. See DPIAs (data protection impact assessments)
data quality. See quality of data
data retention or deletion. See deletion of data; retention of data
data security
anonymization and pseudonymization. See anonymization and pseudonymization
artificial intelligence applications, 315316
biometric data, 123124
blockchain-stored data, 264265
cash and voucher assistance beneficiaries’ data, 140141
cloud-based data. See cloud services, data security
for connectivity as aid programmes, 284286
contingency planning, 33
data controllers’ general duties, 2931
deletion of data. See deletion of data
by design. See data protection by design
digital identity data, 228229
drone-collected data, 106
internal organization measures, 3435
international data sharing, risk mitigation, 6163
IT security, 3132, 34, 5152
mobile messaging app data, 202205
physical security, 31
social media data, 247
data security officers, 3435
data sharing. See also international data sharing
anonymized or pseudonymized data, 1820
biometric data, 125126
cash and voucher assistance beneficiaries’ data, 141143
with cloud service providers, 159160
digital identity data, 220221
drone-collected data, 108109
generally, 4143
with government authorities. See government access to personal data
with humanitarian organizations without privileges or immunities, 5457
information right, 42
mobile messaging app data, 199200, 204205
by social media platforms, 211, 236238, 247
with third parties. See third parties
data subjects’ rights. See also human rights
access, 15, 3840, 107108, 158, 225, 266
artificial intelligence use and, 309311, 316319
balanced against other interests. See balancing of data rights and other interests
blockchain applications and, 265268
claims for breach of, 38
cloud services and, 158160, 165
confidentiality. See confidentiality duties
correction, 40, 207208, 226, 266, 318
digital identity management systems and, 224226
erasure, 4041, 155156, 207208, 226, 267, 318
information. See information right
objection, 40, 41, 4445, 4849, 107
deceased persons, 8, 39, 49
deletion of data. See also data minimization principle; retention of data
biometric data, 123
cash and voucher assistance beneficiaries’ data, 140
cloud-based data, 150, 155156, 157, 161
drone-collected data, 106
erasure right, 4041, 155156, 207208, 226, 267, 318
inaccurate data, 27
mobile messaging app data, 201, 203204, 207208
paper records destruction, 3334
from portable media equipment, 32, 34
social media data, 246
by third parties, 29, 32, 34, 140
demographically identifiable information, 8
designing systems for data protection. See data protection by design
detained persons, 51
differential privacy, 315316
digital identity management systems. See also identity verification
adoption of, 214, 218219, 221222
data controller/data processor relationship, 223224
data minimization principle, 216217, 227228
data subjects’ rights, 224226
design of, 216220, 222223
DPIAs (data protection impact assessments) for, 222
governance of, 218
international data sharing, 229
legal bases for personal data processing, 226227
proportionality principle, 227
purpose limitation principle, 227
retention of data, 229
scenarios of use, 220221
securitizing data, 228
terminology, 214n.4, 215, 217
digital systems for data protection. See data protection by design
digitization of paper records, 3334
disasters. See emergency situations
discretion, duties of. See confidentiality duties
disease prevention, 234, 295
‘do no harm’ (precautionary principle), 24, 35, 6970
DPIAs (data protection impact assessments)
for artificial intelligence use, 296297, 320, 322324
for biometric data processing, 117118, 120, 125126
for blockchain use, 258260, 271
for cash and voucher assistance, 138139, 140, 141, 143144
for cloud services use, 152, 153, 156, 165166
for connectivity as aid programmes, 279, 281282
for digital identity management systems, 222
DPIA report template, 333337
for drone operations, 110
for mobile messaging apps use, 196, 206
process. See DPIA process
for social media use, 239241, 247
when appropriate, 45, 63, 6667, 7273
DPIA process
(1) determining necessity for DPIA, 67
(2) assembling DPIA team, 6768
(3) describing the processing of personal data, 68
(4) consulting stakeholders, 6869
(5) identifying risks, 69
(6) assessing risks, 6970
(7) identifying solutions, 7072
(8) proposing recommendations, 72
(9) implementing recommendations, 7273
(10) providing expert review or audit of DPIA, 73
(11) updating the DPIA, 73
drones/UAVs and remote sensing
data collection and processing equipment, 98, 100
data minimization principle, 105106
data subjects’ rights, 106108
DPIAs (data protection impact assessments) for, 110
generally, 100101
humanitarian action uses, 9899
legal bases for drone-collected data processing, 102104, 107
outsourced operations, 101, 109110
purpose limitation principle, 105
retention of data, 106
safety risks, 99100, 101
securitizing data, 106
sharing of data, 108109
transparency principle, 104107
e-evidence legislation, 183184
email correspondence, 31
emergency situations
balancing of data rights and other interests in, 1415, 1718, 35, 44, 49
connectivity loss. See connectivity as aid programmes
drone-collected data processing in, 103
presumption of high risk in, 6970
social media use in, 233, 241
vital interests in. See vital interests (legal basis)
Emergency Telecommunications Cluster, 277
erasure right, 4041, 155156, 207208, 226, 267, 318
EU law
on data controllership, 243244
GDPR (General Data Protection Regulation), 6, 78n.1, 117, 167168, 307
on government access to cloud-based data, 176177, 183
Facebook
data collection and retention by, 236, 246
as data controller, 243244
data sharing by, 204, 237238
Facebook Connectivity initiative, 278
Messenger and WhatsApp services. See mobile messaging apps
facial recognition, 100, 105, 294295, 299, 300301, 315
fair and lawful use principle, 2122, 120121, 153, 308311
family members, data access right, 3940
fundamental rights. See human rights
further processing. See also purpose limitation principle
artificial intelligence use for, 304, 306308
of biometrics data, 121122, 123
of cash and voucher assistance beneficiaries’ data, 138139
of cloud-based data, 153154, 159
of drone-collected data, 105
generally, 2224
of mobile messaging app data, 193, 209, 210
GDPR (EU General Data Protection Regulation), 6, 78n.1, 117, 167168, 307
Global Privacy Assembly, 45
government access to personal data
cloud-based data. See cloud-based data, government access
compliance with legal obligation (legal basis), 5355, 284
mobile messaging app data, 197, 200, 201202, 204
smartphone surveillance, 284285
social media data, 232233, 238239, 240, 298
health data processing, 2728, 54, 8990, 184
health promotion, 234, 295
historical record-keeping, 15, 26, 4041
human rights. See also data subjects’ rights
artificial intelligence, bias problem, 296, 300301, 309311, 314, 316318
ethical assessment, 329332
HRIA (human rights impact assessment), 324329
data protection as human right, 7
data rights balanced against, 1415, 54, 282
humanitarian emergencies. See emergency situations
humanitarian organizations. See also data controllers
campaigning and fundraising by, 232, 235236, 244245, 257
compelled data disclosure, impacts on, 184186
legitimate interests of. See legitimate interest (legal basis)
NGOs (non-governmental organizations), 18, 2021, 277278
staff of. See staff of humanitarian organizations
with privileges and immunities. See privileges and immunities
ICRC (International Committee of the Red Cross), 7, 50n.8, 189n.52, 233, 241n.46
ID2020 Alliance, 224
identity verification
biometrics. See biometrics
cash and voucher assistance beneficiaries, 115
for cloud services access, 164
digital systems for. See digital identity management systems
facial recognition, 100, 105, 294295, 299, 300301, 315
general duties of, 3941, 216
KYC (know your customer) obligations, 137, 142, 144, 221222
‘legal identity’ definition, 214n.4, 215
purpose creep risk, 86, 222
for SIM card registration, 134, 137, 142, 198, 221, 280
social media data used for, 232233
immunities. See privileges and immunities
impact assessments. See DPIAs (data protection impact assessments)
important grounds of public interest. See public interest (legal basis)
inaccurate data. See quality of data
inferred data. See non-personal data, inferences from
information right
artificial intelligence use, 304, 308309, 311312, 318
balanced against other interests, 1415, 35
biometric data processing, 124
of cash or voucher assistance beneficiaries, 141
cloud-based data processing, 154
confirmation of data processing, 39, 49
of connectivity as aid programme beneficiaries, 286287
data sharing, right to be informed, 42, 60
digital identity data processing, 225
drone-collected data processing, 104, 106107
personal data obtained from data subjects, 3637, 46, 48
personal data obtained from third parties, 3738
social media data processing, 245246
transmission methods and modes, 35, 39, 4950, 107
integrity of data. See quality of data
International Committee of the Red Cross (ICRC), 67, 50n.8, 189n.52, 233, 241n.46
international data protection standards, 57, 21, 58
international data sharing. See also data sharing
artificial intelligence use, 320322
basic rules, 5960
biometric data, 125126
blockchain-stored data, 268269
cash and voucher assistance beneficiaries’ data, 142143
cloud services as, 58, 165
connectivity as aid programmes and, 287
contractual arrangements for, 6165
definition and scenarios, 4142, 59
digital identity data, 229
drone-collected data, 109
entities engaging in, 5859
legal bases for, 6061
mobile messaging app data, 211
reasons for, 58
risk mitigation, 6163
by social media platforms, 211, 236238, 247
US/UK agreement on electronic data exchange, 180183, 188
internet connectivity. See connectivity as aid programmes
IT security measures. See also cloud services, data security
IT security measures, 3132, 34, 5152
KYC (know your customer) obligations, 137, 142, 144, 221222
legal bases for international data sharing, 6061
legal bases for personal data processing
alternatives to consent, when permitted, 44, 4546, 49
artificial intelligence use, 302305, 308309, 318
biometric data processing, 118120, 124
cash and voucher assistance beneficiaries’ data processing, 136137
cloud-based data processing, 152153
compliance with legal obligation, 5357, 284
connectivity as aid programmes, 283284
consent. See consent (legal basis)
digital identity data processing, 226227
drone-collected data processing, 102104, 107
legitimate interest. See legitimate interest (legal basis)
list of, 36, 44
mobile messaging app data processing, 206207
performance of a contract, 5253, 60, 284
public interest, important grounds of. See public interest (legal basis)
social media data, 244245
vital interests of individuals. See vital interests (legal basis)
legal risk assessment. See DPIAs (data protection impact assessments)
legitimate interest (legal basis)
for artificial intelligence use, 305
for biometric data processing, 120
for cash and voucher assistance beneficiaries’ data processing, 137
for connectivity as aid programmes, 284
for drone-collected data processing, 104
generally, 5152
for international data sharing, 60
machine learning. See artificial intelligence
medical data processing, 2728, 54, 8990, 184
metadata
of cash and voucher assistance beneficiaries, 131135, 136, 137, 138139, 142
cloud-based metadata. See cloud-based data, government access
connectivity as aid programmes collecting, 280, 284286
drone-collected, 100
on mobile messaging apps, 193, 198201, 203
on social media networks, 232, 240
missing persons, 3940, 49, 294295, 298, 299, 300301
mobile messaging apps. See also contact tracing apps; social media
benefits and applications, 192, 193, 194195
data minimization principle, 207, 208209
data protection by design, 210211
data subjects’ rights, 207208
data types collected and stored, 197200
definition and functionality, 194, 197
deletion of data, 201, 203, 207208
DPIAs (data protection impact assessments) for, 196, 206
international data sharing, 211
legal bases for personal data processing, 206207
managing, analysing and verifying data, 209210
purpose limitation principle and further processing, 193, 209, 210
risks and challenges, 192194, 196197
securitizing data, 202205
third party data access routes, 199202
Whiteflag Protocol, 257258
mobile network connectivity. See connectivity as aid programmes
national security legislation, 174178
‘necessary’ data processing, 25, 2627, 5053
NGOs (non-governmental organizations), 18, 2021, 277
non-personal data, inferences from
anonymized data, re-identification risk, 1920, 7172, 139140, 297, 301302
generally, 1718, 54, 297
social media data, 235, 241242, 305306
objection right, 40, 41, 4445, 4849, 107
once-only principle, 220
outsourced data processing. See data controller/data processor relationship
overriding interests. See balancing of data rights and other interests
paper records destruction, 3334
passwords, 32
PATRIOT Act (US), 175176, 177
performance of a contract (legal basis), 5253, 60, 284
personal data processing
anonymization and pseudonymization. See anonymization and pseudonymization
definition, 1617
DPIA description of, 68
further processing. See further processing
for identity verification. See identity verification
legal bases for. See legal bases for personal data processing
parties engaged in. See data controllers; data processors
principles and rights. See data processing principles; data subjects’ rights
risk mitigation. See data security; DPIAs (data protection impact assessments)
sensitive data. See sensitive data
sharing of data. See data sharing; international data sharing
staff members’ data, 28, 53
perturbing/redacting data, 20, 39, 72
physical security of data, 31
portable media equipment, 32, 34
precautionary principle (‘do no harm’), 24, 35, 6970
principles of data protection. See data processing principles
prisoners, 51
privacy right. See also confidentiality duties
privacy right, 7
privacy-enhancing technologies. See data protection by design
privileges and immunities
cash and voucher assistance provision and, 142, 143
cloud services use and, 149, 152, 157, 160161, 166167, 186189
data protection as human right transcending, 78
data sharing by protected organizations, 5457
data subjects’ claims and, 38
international data sharing and, 62
standards-setting permitted by, 21, 58
processing of personal data. See personal data processing
proportionality principle, 14, 2426, 122123, 227, 264
pseudonymization. See anonymization and pseudonymization
public interest (legal basis)
for artificial intelligence use, 304305, 318
for biometric data processing, 120
for cash and voucher assistance beneficiaries’ data processing, 137
for connectivity as aid programmes, 283284
for drone-collected data processing, 103104
generally, 4445, 5051
for international data sharing, 60
for mobile messaging app data processing, 206207
purpose limitation principle. See also further processing
artificial intelligence use, 296297, 305306, 322
biometric data processing, 121
by design. See data protection by design
cash and voucher beneficiaries’ data processing, 137138, 139
cloud-based data processing, 153154, 159
digital identity data processing, 227
drone-collected data processing, 105
generally, 22
mobile messaging app data processing, 209
quality of data
artificial intelligence, bias problem, 296, 300301, 309311, 314, 316318
correction right, 40, 207208, 226, 266, 318
data quality principle, 27, 158159
rape survivors, 184
rectification right, 40, 207208, 226, 266, 318
redacting/perturbing data, 20, 39, 72
re-identification risk, 1920, 7172, 139140, 297, 301302
relatives, data access right, 3940
remote access to computer servers, 3132
remotely piloted aircraft systems. See drones/UAVs and remote sensing
retention of data. See also data minimization principle; deletion of data
artificial intelligence use, 314315
biometric data, 123
blockchain-stored data, 264
cash and voucher assistance beneficiaries’ data, 140
checklist for, 2627
cloud-based data, 155156
from connectivity as aid programmes, 286
digital identity data, 229
drone-collected data, 106
for historical record, 15, 26, 4041
initial retention period, 2829
mobile messaging app data, 201, 203, 207208
social media data, 246247
by third parties, 34
rights. See data subjects’ rights; human rights
risk mitigation. See data security; DPIAs (data protection impact assessments)
securitizing data. See data security
sensitive data
biometric data. See biometrics
definition, 17
health data, 2728, 54, 8990, 184
inferred from non-personal data. See non-personal data, inferences from
on portable media equipment, 32
sexual violence survivors, 184
sharing of data. See data sharing; international data sharing
SIM card registration duties, 134, 137, 142, 198, 221, 280
social media. See also mobile messaging apps
artificial intelligence used to analyse, 232233, 235, 237, 298, 303306
benefits and applications, 232, 233234
connectivity as aid programmes involving providers, 279
data controller/data processor relationship, 243244
data sharing by platforms, 211, 236238, 247
data types generated, 234236, 240
DPIAs (data protection impact assessments) for, 239241, 247
government access to data, 232233, 238239, 240, 298
legal bases for personal data processing, 244245
retention of data, 246247
risks and challenges, 232233, 241243
securitizing data, 247
transparency principle, 245246
sought persons, 3940, 49, 294295, 298, 299, 300301
staff of humanitarian organizations
confidentiality duties. See confidentiality duties
legal action, data processing for defence purposes, 52
personal data of, 28, 53
personal data processing by. See data processors
remote access to computer servers, 3132
security of, 39
statistical disclosure control process, 7172
sub-processors, 18, 124, 151, 157158, 188
supply chain management, 163, 257
Swiss Blocking Statute, 188
system design for data protection. See data protection by design
tax administration, 53
telecommunications connectivity. See connectivity as aid programmes
third parties
cash and voucher assistance operatives. See cash and voucher assistance
cloud service providers. See cloud services
connectivity as aid programmes in partnership with, 279281
deletion of data by, 29, 32, 34, 140
drone operators, 101, 109110
government authorities. See government access to personal data
mobile messaging apps, third party data access, 199202
personal data obtained from, 3738
social media providers. See social media
sub-processors, 18, 124, 151, 157158, 188
systems designers, 94
unauthorized data access by. See data security
TikTok, 234, 236, 238
transborder data sharing. See international data sharing
transparency principle. See information right
Twitter, 236, 238
UAVs (unmanned aerial vehicles). See drones/UAVs and remote sensing
UNHCR (UN High Commissioner for Refugees), 7, 245246, 277, 286287
United Kingdom
interception of communications legislation, 176178
US/UK agreement on electronic data exchange, 180183, 188
United Nations
connectivity initiatives, 277
data protection standards, 56, 7
privileges and immunities of, 187
United States
CLOUD Act, 178181, 186
US/UK agreement on electronic data exchange, 180183, 188
USA PATRIOT Act, 175176, 177
verifying identities. See identity verification
vital interests (legal basis)
for artificial intelligence use, 304
for biometric data processing, 119120
for cash and voucher assistance beneficiaries’ data processing, 137
for cloud-based data processing, 153
for drone-collected data processing, 103
generally, 4445, 4950, 51
for international data sharing, 60
for mobile messaging app data processing, 206207
voucher assistance. See cash and voucher assistance
vulnerable adults, 4547
WhatsApp. See mobile messaging apps
Whiteflag Protocol, 257258
withdrawal of consent for data processing, 40, 49, 304
World Medical Association International Code of Medical Ethics, 27

Save book to Kindle

To save this book to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

  • Index
  • Edited by Massimo Marelli, International Committee of the Red Cross (ICRC) and Universiteit Maastricht, Netherlands
  • Book: Handbook on Data Protection in Humanitarian Action
  • Online publication: 24 October 2024
  • Chapter DOI: https://doi.org/10.1017/9781009414630.025
Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

  • Index
  • Edited by Massimo Marelli, International Committee of the Red Cross (ICRC) and Universiteit Maastricht, Netherlands
  • Book: Handbook on Data Protection in Humanitarian Action
  • Online publication: 24 October 2024
  • Chapter DOI: https://doi.org/10.1017/9781009414630.025
Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

  • Index
  • Edited by Massimo Marelli, International Committee of the Red Cross (ICRC) and Universiteit Maastricht, Netherlands
  • Book: Handbook on Data Protection in Humanitarian Action
  • Online publication: 24 October 2024
  • Chapter DOI: https://doi.org/10.1017/9781009414630.025
Available formats
×