Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-78c5997874-dh8gc Total loading time: 0 Render date: 2024-11-08T18:53:47.891Z Has data issue: false hasContentIssue false

Contents

Published online by Cambridge University Press:  24 October 2024

Edited by
Massimo Marelli
Massimo Marelli
Affiliation:
International Committee of the Red Cross (ICRC) and Universiteit Maastricht, Netherlands
Type
Chapter
Information
Handbook on Data Protection in Humanitarian Action , pp. v - xiii
Publisher: Cambridge University Press
Print publication year: 2024
Creative Commons
Creative Common License - CCCreative Common License - BYCreative Common License - NCCreative Common License - ND
This content is Open Access and distributed under the terms of the Creative Commons Attribution licence CC-BY-NC-ND 4.0 https://creativecommons.org/cclicenses/

Contents

  1. List of contributors

  2. Foreword to the third edition

    by Christopher Kuner

  3. Foreword to the first and second editions

    by Jean-Philippe Walter

  4. Acknowledgements

  5. Glossary of defined terms and abbreviations

  6. 1Introduction

    1. 1.1Background

    2. 1.2Objective

    3. 1.3Structure and approach

    4. 1.4Target audience

  7. Part I:Data Protection Principles in Humanitarian Action

    Massimo Marelli

    1. 2Basic principles of data protection

      1. 2.1Introduction

      2. 2.2Basic data protection concepts

      3. 2.3Aggregate, Pseudonymized and Anonymized data sets

      4. 2.4Applicable law and International Organizations

      5. 2.5Data Processing principles

        1. 2.5.1The principle of the fairness and lawfulness of Processing

        2. 2.5.2The purpose limitation principle

        3. 2.5.3The principle of proportionality

        4. 2.5.4The principle of data minimization

        5. 2.5.5The principle of data quality

      6. 2.6Special Data Processing situations

        1. 2.6.1Health purposes

        2. 2.6.2Administrative activities

      7. 2.7Data retention

      8. 2.8Data security and Processing security

        1. 2.8.1Introduction

        2. 2.8.2Physical security

        3. 2.8.3IT security

        4. 2.8.4Duty of discretion and staff conduct

        5. 2.8.5Contingency planning

        6. 2.8.6Destruction methods

        7. 2.8.7Other measures

      9. 2.9The principle of accountability

      10. 2.10Information

        1. 2.10.1Data collected from the Data Subject

        2. 2.10.2Information notices

        3. 2.10.3Data not collected from the Data Subject

      11. 2.11Rights of Data Subjects

        1. 2.11.1Introduction

        2. 2.11.2Access

        3. 2.11.3Correction

        4. 2.11.4Right to erasure

        5. 2.11.5Right to object

      12. 2.12Data sharing and International Data Sharing

    2. 3Legal bases for Personal Data Processing

      1. 3.1Introduction

      2. 3.2Consent

        1. 3.2.1Unambiguous

        2. 3.2.2Timing

        3. 3.2.3Validity

        4. 3.2.4Vulnerability

        5. 3.2.5Children

        6. 3.2.6Informed

        7. 3.2.7Documented

        8. 3.2.8Withholding/Withdrawing Consent

      3. 3.3Vital interest

      4. 3.4Important grounds of public interest

      5. 3.5Legitimate interest

      6. 3.6Performance of a contract

      7. 3.7Compliance with a legal obligation

        1. 3.7.1The disclosure of Personal Data to authorities

    3. 4International Data Sharing

      1. 4.1Introduction

      2. 4.2Basic rules for International Data Sharing

      3. 4.3Providing a legal basis for International Data Sharing

        1. 4.3.1Introduction

        2. 4.3.2Legal bases for International Data Sharing

      4. 4.4Mitigating the risks to the individual

        1. 4.4.1Appropriate safeguards/Contractual clauses

        2. 4.4.2Accountability

      5. 4.5Data Controller/Data Processor relationship

    4. 5Data Protection Impact Assessments (DPIAs)

      1. 5.1Introduction

      2. 5.2The DPIA process

        1. 5.2.1Is a DPIA necessary?

        2. 5.2.2The DPIA team

        3. 5.2.3Describing the Processing of Personal Data

        4. 5.2.4Consulting stakeholders

        5. 5.2.5Identify risks

        6. 5.2.6Assess the risks

        7. 5.2.7Identify solutions

        8. 5.2.8Propose recommendations

        9. 5.2.9Implement the agreed recommendations

        10. 5.2.10Provide expert review and/or audit of the DPIA

        11. 5.2.11Update the DPIA if there are changes in the project

  8. Part II:Specific Processing Situations, Technologies and Technology Areas

    1. 6Designing for data protection

      Carmela Troncoso and Wouter Lueks

      1. 6.1Introduction

        1. 6.1.1What is a system?

      2. 6.2Case study: Privacy-preserving contact-tracing apps

        1. 6.2.1Decentralized privacy-preserving proximity tracing

      3. 6.3Protection of individuals and their dignity and rights through purpose limitation

        1. 6.3.1Why determining purpose matters

        2. 6.3.2Determining purpose

        3. 6.3.3Analysing purpose limitation

      4. 6.4The role of data minimization

      5. 6.5Challenges to purpose limitation

    2. 7Drones/UAVs and remote sensing

      Massimo Marelli

      1. 7.1Introduction

      2. 7.2Application of basic data protection principles

        1. 7.2.1Legal bases for Personal Data Processing

        2. 7.2.2Transparency/Information

        3. 7.2.3Purpose limitation and Further Processing

        4. 7.2.4Data minimization

        5. 7.2.5Data retention

        6. 7.2.6Data security

      3. 7.3Rights of Data Subjects

      4. 7.4Data sharing

      5. 7.5International Data Sharing

      6. 7.6Data Controller/Data Processor relationship

      7. 7.7Data Protection Impact Assessments

    3. 8Biometrics

      Massimo Marelli

      1. 8.1Introduction

      2. 8.2Application of basic data protection principles

        1. 8.2.1Legal bases for Personal Data Processing

        2. 8.2.2Fair and lawful Processing

        3. 8.2.3Purpose limitation and Further Processing

        4. 8.2.4Data minimization

        5. 8.2.5Data retention

        6. 8.2.6Data security

        7. 8.2.7Excessiveness by nature

      3. 8.3Rights of Data Subjects

      4. 8.4Data sharing

      5. 8.5International Data Sharing

      6. 8.6Data Controller/Data Processor relationship

      7. 8.7Data Protection Impact Assessments

    4. 9Cash and Voucher Assistance

      Massimo Marelli

      1. 9.1Introduction

      2. 9.2Application of basic data protection principles

      3. 9.3Basic principles of data protection

        1. 9.3.1Legal bases for Personal Data Processing

        2. 9.3.2Purpose limitation and Further Processing

        3. 9.3.3Data minimization

        4. 9.3.4Data retention

        5. 9.3.5Data security

      4. 9.4Rights of Data Subjects

      5. 9.5Data sharing

      6. 9.6International Data Sharing

      7. 9.7Data Controller/Data Processor relationship

      8. 9.8Data Protection Impact Assessments

    5. 10Cloud services

      Paolo Balboni

      1. 10.1Introduction

      2. 10.2Data Controller/Data Processor relationship

      3. 10.3Responsibility and accountability in the cloud

      4. 10.4Application of basic data protection principles

        1. 10.4.1Legal bases for Personal Data Processing

        2. 10.4.2Fair and lawful Processing

        3. 10.4.3Purpose limitation and Further Processing

        4. 10.4.4Transparency

        5. 10.4.5Data retention

      5. 10.5Data security

        1. 10.5.1Data in transit protection

        2. 10.5.2Asset protection

        3. 10.5.3Separation between users

        4. 10.5.4Governance

        5. 10.5.5Operational security

        6. 10.5.6Personnel

        7. 10.5.7Development

        8. 10.5.8Supply chain

        9. 10.5.9User management

        10. 10.5.10Identity and authentication

        11. 10.5.11External interfaces

        12. 10.5.12Service administration

        13. 10.5.13Audits

        14. 10.5.14Service usage

      6. 10.6Rights of Data Subjects

      7. 10.7International Data Sharing

      8. 10.8Data Protection Impact Assessments

      9. 10.9Privileges and immunities and the cloud

        1. 10.9.1Legal measures

        2. 10.9.2Organizational measures

        3. 10.9.3Technical measures

      10. 10.10Codes of conduct

    6. 11Cloud and government access

      Andrea Raab-Gray

      1. 11.1Mapping legislations allowing governments to require service providers to disclose Humanitarian Data

        1. 11.1.1Legal frameworks allowing governments to compel service providers to disclose humanitarian data for purposes of national security

        2. 11.1.2Legal frameworks allowing governments to compel service providers to disclose data for purposes of criminal proceedings

      2. 11.2Impacts of compelled disclosure on Humanitarian Action and persons benefiting from it

      3. 11.3Mitigating the risk of disclosure of Humanitarian Data processed in a public cloud environment

        1. 11.3.1Ensuring the effectiveness of privileges and immunities

        2. 11.3.2Sensitizing States to the importance of not using or requesting Humanitarian Data for purposes incompatible with the work of Humanitarian Organizations

    7. 12Mobile messaging apps

      Lina Jasmontaite-Zaniewicz

      1. 12.1Introduction

        1. 12.1.1Mobile messaging apps in Humanitarian Action

      2. 12.2Application of basic data protection principles

        1. 12.2.1Processing of Personal Data through mobile messaging apps

        2. 12.2.2What kind of data do messaging apps collect or store?

        3. 12.2.3How could other parties access data shared on messaging apps?

        4. 12.2.4Messaging app features related to privacy and security

        5. 12.2.5Processing of Personal Data collected through mobile messaging apps

      3. 12.3Legal bases for Personal Data Processing

      4. 12.4Data retention

      5. 12.5Data Subject rights to rectification and deletion

      6. 12.6Data minimization

      7. 12.7Purpose limitation and Further Processing

      8. 12.8Managing, analysing and verifying data

      9. 12.9Data protection by design

      10. 12.10International Data Sharing

    8. 13Digital Identity

      Vincent Graf Narbel

      1. 13.1Introduction

        1. 13.1.1Authentication, identification and verification: Who are you and how can you prove it?

        2. 13.1.2Digital Identity

        3. 13.1.3System design and governance

        4. 13.1.4Digital Identity in the humanitarian sector: Possible scenarios

        5. 13.1.5Digital Identity as foundational identity

      2. 13.2Data Protection Impact Assessments

      3. 13.3Data protection by design and by default

      4. 13.4Data Controller/Data Processor relationship

      5. 13.5Rights of Data Subjects

        1. 13.5.1Right of access

        2. 13.5.2Rights to rectification and erasure

      6. 13.6Application of basic data protection principles

        1. 13.6.1Legal bases for Personal Data Processing

        2. 13.6.2Purpose limitation and Further Processing

        3. 13.6.3Proportionality

        4. 13.6.4Data minimization

        5. 13.6.5Data security

        6. 13.6.6Data retention

      7. 13.7International Data Sharing

    9. 14Social media

      Júlia Zomignani Barboza and Lina Jasmontaite-Zaniewicz

      1. 14.1Introduction

        1. 14.1.1Social media in the humanitarian sector

        2. 14.1.2Social media and data

      2. 14.2Data Protection Impact Assessments

      3. 14.3Ethical issues and other challenges

      4. 14.4Data Controller/Data Processor relationship

      5. 14.5Basic data protection principles

        1. 14.5.1Legal bases for Personal Data Processing

        2. 14.5.2Information

        3. 14.5.3Data retention

        4. 14.5.4Data security

      6. 14.6International Data Sharing

    10. 15Blockchain

      Vincent Graf Narbel

      1. 15.1Introduction

        1. 15.1.1What is Blockchain?

        2. 15.1.2Types of Blockchain

        3. 15.1.3Blockchain in practice

        4. 15.1.4Humanitarian use cases

      2. 15.2Data Protection Impact Assessments

      3. 15.3Data Protection by design and by default

      4. 15.4Data Controller/Data Processor relationship

      5. 15.5Basic data protection principles

        1. 15.5.1Data minimization

        2. 15.5.2Data retention

        3. 15.5.3Proportionality

        4. 15.5.4Data security

      6. 15.6Rights of Data Subjects

        1. 15.6.1Right of access

        2. 15.6.2Right to rectification

        3. 15.6.3Right to erasure

        4. 15.6.4Restrictions of Data Subjects’ rights

      7. 15.7International Data Sharing

      8. 15.8Annex: Decision-making framework for Blockchain in Humanitarian Action

    11. 16Connectivity as aid

      Aaron Martin and John Warnes

      1. 16.1Introduction

        1. 16.1.1Overview of connectivity as aid interventions

        2. 16.1.2Operational context

        3. 16.1.3Multiple stakeholders and partnerships

      2. 16.2Data Protection Impact Assessments

      3. 16.3Data Controller/Data Processor relationship

      4. 16.4Basic data protection principles

        1. 16.4.1Legal bases for Personal Data Processing

        2. 16.4.2Data security

        3. 16.4.3Data retention

        4. 16.4.4Information

      5. 16.5International Data Sharing

    12. 17Artificial Intelligence

      Alessandro Mantelero

      1. 17.1Introduction

        1. 17.1.1What Artificial Intelligence is and how it works

        2. 17.1.2Artificial Intelligence in the humanitarian sector

        3. 17.1.3Challenges and risks of using Artificial Intelligence

      2. 17.2Application of basic data protection principles

        1. 17.2.1Legal bases for Personal Data Processing

        2. 17.2.2Purpose limitation and Further Processing

        3. 17.2.3Fair and lawful Processing

        4. 17.2.4Transparency

        5. 17.2.5Data minimization

        6. 17.2.6Data retention

        7. 17.2.7Data security

      3. 17.3Rights of Data Subjects

        1. 17.3.1Rights related to automated decision making

      4. 17.4Data Controller/Data Processor relationship

        1. 17.4.1Accountability

        2. 17.4.2Liability

      5. 17.5International Data Sharing

      6. 17.6Data Protection Impact Assessment and Human Rights Impact Assessment

        1. 17.6.1Human Rights Impact Assessment for Artificial Intelligence

        2. 17.6.2Human Rights Impact Assessment: phases and procedure

      7. 17.7Data Protection by design and by default

      8. 17.8Ethical issues and challenges

  9. Appendix 1:Template for a DPIA report

  10. Appendix 2:Workshop participants

  11. Index

Save book to Kindle

To save this book to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

  • Contents
  • Edited by Massimo Marelli, International Committee of the Red Cross (ICRC) and Universiteit Maastricht, Netherlands
  • Book: Handbook on Data Protection in Humanitarian Action
  • Online publication: 24 October 2024
Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

  • Contents
  • Edited by Massimo Marelli, International Committee of the Red Cross (ICRC) and Universiteit Maastricht, Netherlands
  • Book: Handbook on Data Protection in Humanitarian Action
  • Online publication: 24 October 2024
Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

  • Contents
  • Edited by Massimo Marelli, International Committee of the Red Cross (ICRC) and Universiteit Maastricht, Netherlands
  • Book: Handbook on Data Protection in Humanitarian Action
  • Online publication: 24 October 2024
Available formats
×