ETHICAL USE OF DIGITAL DATA BY KENYAN CIVIL SOCIETY ORGANIZATIONS

In researching how the Kenyan Digital CSO (civil society organization) paradigm manifests in the everyday sense, I came across the Digital Civil Society Lab & Stanford University’s Centre for Philanthropy and Civil Society Digital Impact Toolkit. Of particular interest to me was the call to action that civil society organizations should (learn to) manage and govern their digital data[1] with the same degree of care that they commit to managing their human and financial resources. We know that in today’s era, data, information and insight are treated as assets with quantifiable financial value. According to the two institutions, the management of digital assets should be subjected to deliberate and strategic decision-making, organizational practice, and policy creation to govern its use. Industry experts have observed that we are at a stage where we are beginning to reinvent the nonprofit organization to become “purpose-built institutions designed to dedicate and protect digital and analog resources toward public benefit.[2]”

Thinking through what this means practically, I was reminded of an email from three years ago.

Three years ago, almost to the day, a former boss sent a colleague and I an email. The subject read “someone needs to pay us”. Intrigued, as one would be by such an email reference, I opened the email to find a link to a photo of the three of us — taken unawares as we took notes of the proceedings of the conference we were at. In jest, the email body simply said “saw this and I think we should sue… or get royalties”. The other colleague responded with an enthusiastic yet non-committal “Indeed!”

A few things about the photo. We were very official and professional looking. Check. We were each writing notes on the conference speaker’s presentation (and not responding to work emails, as many often do at these events). Check. Nothing untoward was happening behind or around us. Check. In fact it was, by all means, a perfectly fine picture.

Except. (Yes, you knew a ‘but’ was due). Except for the fact that once I examined the picture closer, I wasn’t happy. So much so that I forwarded the email to my sister with a one liner referring to my sitting position “Why haven’t you ever told me that my posture is *this* terrible? Welp (sic).”

Three individuals, same scenario, different reactions: one raises the critical question of ethical use of digital photographs taken and disseminated without prior consent; another laments at how she sits and blames her sibling for never bringing it to her attention; the third responds with one word. However, to the last person’s credit, the single word response did end with an exclamation mark, denoting some exuberance — even if of a somewhat lesser variety.

My former boss’ brief sentiments beg the question: What standard of care was owed to us during the conference as our digital likeness[1] was being captured, stored and shared? And if indeed a duty exists and a standard of care is owed, does it follow that digital data collected, held and shared by a modern NGO is a liability as well as an asset?

“Digital data refers to the digitized form of any material — text, photos, videos, reports, databases, spreadsheets.[3]”

Screenshot of Digital Impact’s Data Lifecycle

The toolkit does a splendid job of outlining the characteristics [4]of digitized information, analyzing why the form of information matters[5], describing the data lifecycle, and setting out principles[6] to guide the sector’s use of digital data. With the definition of digital data at hand and the description of the data lifecycle in mind, let’s delve into some examples, contextualized to the Kenyan experience.

I attempt to enumerate the various ways CSOs generate and interact with digitalized or digitized data on a daily basis as they go about their work. Digital assets are usually collected from a vast number and variety of groups but are often justified as long as the means meets the end. That is: provided it meets programmatic goals and is linked to institutional missions. The following list should give us pause and cause us to think about how we use the digital data, information and insights that we collect on a regular basis.

At every workshop or conference we hold, accountability to donors requires NGOs to collect information on participants — even vulnerable populations. It is commonplace to ask them to hand over personal information and write it out on a hardcopy list. This information is usually one’s name, organization/affiliation, email address, P. O. Box, sex/gender and at times ID Number (the latter is usually for reimbursement purposes). Nothing stops the next person filling out the participants’ form from seeing the previous person’s details. Not only must attendees fill out these forms, they also have their pictures taken (as was ours), as proof to donors and management that indeed a meeting or forum took place.

I have written about the implications of such practices on vulnerable groups such as refugees fleeing persecution or conflict, members of the LGBTI community or even persons living with HIV/AIDS here. Those in the industry know for certain that dealing with such kind of data means one is subjected to much stricter privacy and data protection guidelines and restrictions and protocols. Why not extend these policies and practices to all digital data? I posit that there is absolutely no reason, other than a reluctance to change organizational culture, likely out of inconvenience, that such care should not also be extended to all data, information and insights collected by an organization.

At this point, you must be wondering why I added insight to the list. We should be mindful of protecting the beneficiary/user insights generated from NGO led or driven Telegram channels and Whatsapp groups, Tweetchats and Facebook page/group conversations. As a job seeker, many have wondered what becomes of the numerous original writing samples submitted to organizations as proof of research capability (especially when on a particularly niche subject).

But more common digital data collection point examples fall within the sphere of communication received through mass SMS messaging applications, online survey information, digital social audit data, GIS location data among others. We should be careful to treat and manage audio and video conference recordings with care. We should be mindful of the non-consenting individuals in the background of our Facebook live, Vimeo, Periscope and Instagram live conference livestreams. We must also pay attention to the data collected from subscribers to newsletters and mailers. We should have been doing this anyway, but we should be more deliberate now, especially in light of the GDPR’s extraterritorial implications and Kenya’s own privacy and data protection regime which is hoped to take effect soon[7]. Care should also be extended beyond organizations — downstream to the contractors and others along the chain from whom we outsource IT work for applications such as chat bots.

Now to speak to the Digital CSO paradigm mentioned earlier. Technology has transformed society in innumerable ways — not least the way we think about and participate in civic life and democratic spaces. Over the last few years especially, much debate has been dedicated to the ways the Internet and digital media have aided — while at times simultaneously abating — democratization as we have known it in our lifetime. One tech leader explained via Twitter, “Citizens using 21st cent tools to talk, gov’t using 20th cent tools to listen, and 19th cent processes to respond”[8]. This quote is apt, yet the same can be said of many CSOs in the country as well.

Many in the sector recognize that it contends with a digital world while remaining a relatively analogue civil society. While this is changing, and CSOs are increasingly integrating ICTs into their programming and communications strategies, much is left to be done before a full-fledged ‘digital civil society’ is achieved. But yet we see it persist in its work to support its core constituencies, on and offline.

The Internet and digital media have affected efforts towards entrenchment of Constitutionalism and the Rule of Law, and democratization interventions. Trends indicate that with wider use by concerned citizens, and consequent ripple effects on democracy and human rights, comes stronger regulation. The sector welcomes regulation especially as regards privacy and data protection, however, so far, conversations about the positive impact are centred on the wananchi, but research on how the developments in the technology space and subsequent legal regulation will affect how Kenyan democracy, governance and human rights CSOs carry out their work is sparse. Perhaps these preliminary thoughts will offer some guidance as we move forward.

Disclaimer: This is by no means a policy paper on ethical data use by Kenyan civil society organizations. These are merely observations fueled by musings on the Digital CSO zeitgeist; the Digital Impact Toolkit; this workshop summary on nonprofit data governance; and of course, my former boss’ email from late November 2015. Speaking of which, the answers to the questions posed about the conference pictures can be answered by this statement within the workshop document:

“Nonprofit corporations …. are defined by a so-called “nondistribution clause,” a governance requirement that all revenue above costs be used for mission rather than as profit to shareholders or owners. [Any] profit [generated] may not be distributed beyond the mission of the organization. This governance innovation is the legal mechanism that facilitates the public trust that these nonprofit organizations will use their financial resources to produce social benefits. Today’s challenge is to figure out how these same organizations can and should govern digital resources for public benefit.”

Did the conference owe us a standard of care? Yes. Did they execute their duty? Yes, it was in line with their organizational mission.

Since then, I tend to explicitly state that I do not wish to have my picture taken when at events. I even write it out and place it on the table in front of me depending on the venue and social setting.

(I also now sit upright and monitor my posture since then too — in case you were wondering.)

Recommendations:

1. Utilize the four data principles developed by Digital Impact to guide civil society’s use of digital data, accessible here. This means seeking permission before you collect data and treating digital resources with the same integrity and respect accorded human or financial resources. In addition, make diversity and inclusion, openness and transparency, and sharing core institutional practice.

2. Use Digital Impact’s Digital Policy Wizard which will help you determine which policies you need, depending on your and your constituents’ needs.

************

[1] Digital data is defined as “data that represents other forms of data using specific machine language systems that can be interpreted by various technologies” according to techopia available at https://www.techopedia.com/definition/24872/digital-data

[2] https://pacscenter.stanford.edu/wp-content/uploads/2018/05/Nonprofit-Data-Governance-summary.pdf

[3] “A digital image is a picture that is stored on a computer. It has been digitised, which means it has been changed into a sequence of numbers that computers can understand.” (https://www.bbc.com/bitesize/articles/z2tgr82)

[4] https://digitalimpact.io/digital-data/characteristics/

[5] https://digitalimpact.io/digital-data/degrees-of-access/

[6] https://digitalimpact.io/digital-data/four-principles/

[7] http://www.ict.go.ke/request-for-comments-on-the-proposed-privacy-and-data-protection-policy-and-bill-2018/

[8] https://www.foreign.senate.gov/download/wollack-testimony-021617