Larissa Fast is Professor of Humanitarian and Conflict Studies and Executive Director of the Humanitarian Conflict Response Institute at the University of Manchester. She is also a Global Fellow at the Peace Research Institute Oslo. She has published dozens of policy reports and articles, and the book Aid in Danger: The Perils and Promise of Humanitarianism (University of Pennsylvania Press, 2014).
Stuart Campo and Fanny Weicherding, on behalf of the UN OCHA Centre for Humanitarian Data
Humanitarian organisations face increased incentives to collect and share data for various purposes, such as more efficient service provision, accountability, and transparency. At the same time, they must ensure that data are used only for humanitarian purposes and do not cause harm to vulnerable populations. An important aspect of these efforts is the role that donors play in financing and requesting data about humanitarian operations.
In September 2020, the Government of Switzerland, the International Committee of the Red Cross (ICRC), and the UN OCHA Centre for Humanitarian Data began a dialogue under the banner of the Humanitarian Data and Trust Initiative (HDTI) to examine this issue. The dialogue process began with a virtual Wilton Park meeting aimed at clarifying the purposes for increased donor requests for disaggregated data and the specific risks associated with such data sharing in humanitarian settings. The meeting identified several open questions for joint exploration:
The present report by Professor Larissa Fast (HCRI, University of Manchester) offers insights into these questions. It was commissioned by the HDTI alongside a complementary research project led by the Global Public Policy Institute. The report focuses on the formal and informal frameworks that govern this type of sharing of data, and how these frameworks and related requirements are understood and implemented by different stakeholders. It also highlights the challenges faced by donor and humanitarian staff and suggests potential avenues for more responsible data sharing in this domain.
This research and the broader HDTI-Wilton Park dialogue process informed the development of a common framework for responsible data sharing between humanitarian organisations and donors. The framework will be published later this year to support collective action on this issue.
Larissa Fast (Humanitarian and Conflict Response Institute, University of Manchester) conducted the research and wrote the report, in collaboration with the Data Responsibility Team (Stuart Campo and Fanny Weicherding) at the UN OCHA Centre for Humanitarian Data.
The research was commissioned under the auspices of the Humanitarian Data and Trust Initiative (HDTI). The author’s involvement was funded by the Research Council of Norway (Grant project ‘Do No Harm: Ethical Humanitarian Innovation and Digital Bodies’).
She thanks Stuart Campo and Fanny Weicherding for their support and feedback, those who provided comments on earlier drafts of the report, and most importantly, those who shared documentation or contributed their insights during the interview process.
To reinforce efforts to standardise terminology across the sector, this glossary adopts the verbatim definitions used in the IASC’s (2021; page numbers referenced after specific definition) Operational Guidance, Data Responsibility in Humanitarian Action, unless otherwise noted. These definitions are used consistently throughout the report.
Aggregate data: Accumulated data acquired by combining individual-level data. It refers to data that is (1) collected from multiple sources and/or on multiple measures, variables, or individuals and (2) compiled into data summaries or summary reports, typically for the purposes of public reporting or statistical analysis (28)
Anonymisation: Process by which personal data is irreversibly altered, either by removing or modifying the identifying variables, in such a way that a data subject can no longer be identified directly or indirectly (28)
Data: Re-interpretable representation of information in a formalised manner suitable for communication, interpretation, or processing (28)
Data management: See operational data management, as referenced below
Data minimisation: The objective of ensuring that only the minimum amount of data is processed to achieve the objective and purposes for which the data were collected (28)
Data quality: A set of characteristics that make the data fit for the purpose for which it is processed. Data quality includes components such as accuracy, relevance, sufficiency, integrity, completeness, usability, validity, coherence, punctuality, accessibility, comparability, and timeliness (28)
Data protection: The systematic application of a set of institutional, technical and physical safeguards that preserve the right to privacy with respect to the processing of personal data (29)
Data responsibility: The safe, ethical and effective management of personal and non-personal data for operational response, in accordance with established frameworks for personal data protection (7)
Data security: A set of physical, technological and procedural measures that safeguard the confidentiality, integrity and availability of data and prevent its accidental or intentional, unlawful or otherwise unauthorised loss, destruction, alteration, acquisition, or disclosure (29)
Harm: Negative implications of a data processing initiative on the rights of a data subject, or a group of data subjects, including but not limited to physical and psychological harm, discrimination and denial of access to services (29)
Non-personal data: Any information which does not relate to a data subject. Non-personal data can be categorised in terms of origin, namely: data that has never related to a data subject, such as data about the context in which a response is taking place and data about humanitarian response actors and their activities; or data that was initially personal data but later made anonymous, such as data about the people affected by the humanitarian situation and their needs, the threats and vulnerabilities they face, and their capacities. Non-personal data includes Demographically Identifiable Information (DII) i.e., data that enables the identification of groups of individuals by demographically defining factors, such as ethnicity, gender, age, occupation, religion, or location (29-30)
Operational data management: The design of data management activities and subsequent collection or receipt, storage, processing, analysis, sharing, use, and retention and destruction of data and information by humanitarian actors. Such activities occur as part of humanitarian action throughout the planning and response cycle across clusters/sectors and include, but are not limited to, situational analysis, needs assessments, population data management, registration and enrolment, case management, communicating with affected populations, protection monitoring, and response monitoring and evaluation (30)
Personal data: Any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (30)
Programme-related data: Refers to personal and non-personal or sensitive data generated through or related to the delivery of humanitarian assistance (as referenced throughout this report). Disaggregated programme-related data may refer to non-aggregate data, meaning individual or record-level data (e.g., family-level data or cash transaction data) used in operational humanitarian activities [for this report only]
Re-identification: A process by which de-identified (anonymised) data can be traced back or linked to an individual(s) or group(s) of individuals through reasonably available means at the time of data re-identification (30)
Sensitive data: Data classified as sensitive based on the likelihood and severity of potential harm that may materialise as a result of its exposure in a particular context. Both personal and non-personal data can be sensitive. Many organisations have specific classification systems regarding what constitutes sensitive data in order to facilitate data management practices (30)
Statistical Disclosure Control: Technique used in statistics to assess and lower the risk of a person or organisation being re-identified from the results of an analysis of survey or administrative data, or in the release of microdata (30)
This report investigates issues related to data sharing between humanitarian actors and donors, with a focus on two key questions:
Drawing on interviews with donors and humanitarians about data sharing practices and examination of formal documents, the research finds that, overall and perhaps most importantly, references to ‘data’ in the context of humanitarian operations are usually generic and lack a consistent definition or even a shared terminology. Complex regulatory frameworks, variability among donor expectations, both among and within donor governments (e.g., at the country or field/headquarters levels), and among humanitarian experiences of data sharing all complicate the nature and handling of data sharing requests. Both the lack of data literacy and the differing perceptions of operational data management risks exacerbate many issues related to data sharing and create inconsistent practice (see full summary of findings in Table 3).
More specifically, while much formal documentation about data sharing between humanitarians and donors is available in the public domain, few contain explicit policies or clauses on data sharing, instead referring only to financial or compliance data and programme reporting requirements. Additionally, the justifications for sharing disaggregated humanitarian data are framed most often in terms of accountability, compliance, efficiency, and programme design. Most requests for data are linked to monitoring and compliance, as well as requests for data as ‘assurances’. Even so, donors indicated that although they request detailed/disaggregated data, they may not have the time, or human and/or technical capacity to deal with it properly. In general, donor interviewees insisted that no record level data is shared within their governments, but only aggregated or in low or no sensitivity formats.
Finally, donors and humanitarians confirmed that different standards exist for different partners. While organisations do have the ability to push back against donor data requests, this ability is greatly influenced by important questions of trust and power dynamics. This in itself is a further dilemma, given that this level of trust is more likely to exist between donors and established humanitarian actors, creating another, largely invisible barrier for newer, less established, usually national or local humanitarian actors – a barrier that undermines efforts to ‘localise’ humanitarian response. Building the practice of responsible data sharing, therefore, requires a sector-wide effort to increase data literacy across humanitarian actors and donors, and, ultimately, to protect those who should be at the centre of humanitarian response – those affected by conflict, violence, or disaster.
Across the humanitarian sector, data play an increasingly important role in humanitarian response. To implement water, shelter, protection, or food assistance programmes, humanitarian actors collect information about everything from the gender or age of individual recipients of assistance to sensitive data about those at risk of or who have been harmed by conflict actors and situational data designed to manage the security risks they face in implementing these programmes. Accordingly, the need to manage data collected during humanitarian operations is also growing along with the recognition of the importance of ensuring responsible use and protection of these data (ICRC and Brussels Privacy Hub, 2020; ICRC, 2018; ICRC and Privacy International, 2018). In its recent guidance, the Inter-Agency Standing Committee (IASC) defines data responsibility in humanitarian operations as ‘the safe, ethical and effective management of personal and non-personal data for operational response, in accordance with established frameworks for personal data protection’ (IASC, 2021: 7). Managing data responsibly encompasses collection, processing, analysis, use, storage, sharing, retention, and destruction of data.
Two key tenets are linked to data minimisation and data use: that organisations collect only the data that are needed and that they use what they collect. Yet data management at the field level is driven by multiple demands and actors, often resulting in a mismatch between these tenets. Thus, important questions arise related to what data are collected and for what purpose, whether and how these data are shared, and how these underpin practices of data management, with consequent implications for humanitarian response.
This report investigates these issues, specifically regarding two questions about data sharing between humanitarian actors and donors:
For the purposes of the research, the specific data of interest refers to disaggregated programme-related data, particularly personal and non-personal sensitive data generated through or related to the delivery of humanitarian assistance. Although this definition does not include financial data, financial data as well as disaggregated indicator data, sensitive and compliance-focused data, and individual record-level data all feature in the research. The research focused on data sharing requests between donors and humanitarian actors, including downstream implementing partners. It explicitly excluded data sharing with private sector actors, host governments, and third-party monitors, although each of these actors came up in the research (see below).
The research proceeded in two phases: (1) a structured, thematic document analysis followed by (2) qualitative, semi-structured interviews with (a) donor participants to corroborate the document analysis and identify formal and informal data requests about which they are aware, and with (b) humanitarian actors to investigate perceptions of these data requests. The analysis reported below integrates the findings from these two phases.
In Phase 1, I reviewed and analysed documents from donors and humanitarians such as actual contracts, contract and reporting templates, data policies, and data management guidelines or guidance notes, with particular attention to documentation of donor data requests. Documents included the following types:
In this phase, requests usually pertained to formal reporting requirements. I thematically analysed 77 documents (or portions thereof) drawing on concepts from existing humanitarian data responsibility guidelines, and concepts of risk, data governance, and knowledge production. These included:
In Phase 2, I interviewed donors and humanitarians to corroborate the document analysis and to identify the types of informal data requests that implementers receive and how they perceive these requests. I used the same themes to analyse the interviews. For this report I conducted interviews with 27 individuals from 17 organisations. Interviewees comprised six donor governments and 11 humanitarian actors. Five of the humanitarian actors interviewed also deliver assistance through implementing partners, and in this way have a dual function as both humanitarian actors and donors to other humanitarians (e.g., UN agencies). As a result, findings from these interviews are reported in both the donor and humanitarian categories.
Interviews were conducted remotely (using Teams or Zoom) between June and November 2021. They lasted approximately an hour, covering formal and informal donor data sharing requests (examples, purposes, internal management of requests and sharing of data) and, for humanitarians, not only the data requests they receive from donors but also those they make of their implementing partners (see Annex A for interview guide). All interviewees were centrally-based, usually at headquarters, but the majority also had extensive field-based experience. Documents and interviews were thematically coded and analysed using NVivo. Unless otherwise noted, all quotes are from interviews for this research.
The findings from the interview (second) phase of the research supported the Phase 1 findings and provided additional specificity and nuance. Findings are also informed by participation in several HDTI workshops, including a virtual two-day Wilton Park event on Responsible Data Sharing with Donors (September 2021), at which portions of these findings were shared (see also Wilton Park, 2020; Willitts-King and Spencer, 2020).
Overall, and perhaps most importantly, across donor and humanitarian references to ‘data’ in the context of humanitarian operations are usually generic and lack a consistent definition or even a shared terminology. In most documents reviewed for this study, the term data (or information) is used in a general way, without a corresponding definition or specificity regarding the type of data. Thus, data could refer to quantitative or qualitative, numbers or narratives, personal or non-personal, sensitive or non-sensitive, group or individual, financial, audit or compliance, organisational human resources or beneficiary, situational or contextual reporting, programme-related, as well as indicator data, either aggregated or disaggregated (see Table 1). Specific references to data sharing were sparse, and language referred to ‘data protection’, ‘disclosure’, and ‘information management’, among others. For interviews, although I specified the data of interest (using the definition above for disaggregated programme-related data), informants often also spoke about data types beyond purely programme data and referred to financial, compliance, or contextual data. Given this diversity, it is difficult to get an overarching picture of the formal requirements related to data and data sharing.
|Type of Data||Examples|
|Quantitative/numbers||Number of beneficiaries|
|Qualitative/narrative||Descriptions of workshops or programme activities
Narratives of how recipients of aid used the assistance provided
|Demographic data (names or contact information of aid recipients, group information, such as ethnicity or protection group)
Household-level survey results or data about the delivery of assistance disaggregated by demographics or location
|Non-personal||Data about the people affected by the humanitarian situation, including their needs, the threats and vulnerabilities they face, their capacities|
|Group||Data about groups of beneficiaries (women, children, disabled), such as location, needs or threats, and vulnerabilities|
|Individual||Age, sex or gender data about individual aid recipients (a.k.a., ‘raw’ data)|
|Record-level||Individual beneficiary information (name, address, contact information, needs)
Individual-level transactions for a cash transfer project (purchase, date)
|Audit/compliance||Reporting against legal or regulatory requirements, such as for safeguarding or counter-terrorism or sanctions. This may involve the transfer of personal data (e.g., related to partner vetting)|
|Situational/contextual||Mapping of conflict actors
Analysis of security situations
|Organisational||Contact information for project officer|
|Beneficiary||Contact information (name, address) for recipients of assistance|
|Disaggregated indicator||Number of women or men, children, youth or older adults assisted as part of a project
Location-specific data for those assisted in a project
|Aggregated indicator||Total number of people assisted in a project|
Second, a range of factors complicate the nature and handling of data sharing requests. These factors emerge from complex regulatory frameworks, such as the applicable legal contexts (host government law, donor government law, particularly in the context of privileges and immunities), the type of agreement (grants, contracts, or framework agreements), and funding allocations (project-specific funding vs non-earmarked funding). For example, UN agencies and Red Cross movement actors often have framework agreements with donors that cover a range of activities in a country rather than project specific funding, as is often the case for NGOs. The formal reporting for framework agreements is less specific, often requiring less sharing of disaggregated programme-related data even if it does not preclude or prevent informal requests for such data.
For some donors, there are additional issues of legal liability for individual staff members related to ensuring compliance around fraud and corruption. For humanitarians, in particular, the question of the legal basis (e.g., consent, legitimate interests) that permits sharing data with an entity, even a donor, if consent was not initially given for this purpose, is especially pertinent.
These various legal factors may overlap and even contradict each other. When combined with the varying definitions, these factors lead to inconsistent practices and requirements across the sector and appear to increase uncertainty about the best way to respond to requests.
Third, there is variability among donor expectations, both among and within donor governments (e.g., at the country or field/headquarters levels), and among humanitarian experiences of data sharing, both with donors and their practices. Formal data sharing requests are typically framed in two broad categories:
The research showed that variability among donors existed in terms of the level of detail of data requests and the type of markers or indicators requested. For example, some donors require applicants to choose from among a menu of pre-determined indicators (to allow for cross-project comparison) while others allow more flexibility to designate indicators specific to project/programme type. The gender, age, and disability markers were most consistently required across donors, requiring projects to disaggregate ‘beneficiaries’ according to gender, age set, and disability. The actual or anticipated use of the Grand Bargain 8+3 reporting format was noted in multiple conversations with donors as a strategy to reduce the amount and variability of reporting data requested.
Yet both donors and humanitarians agreed that informal requests also occur, more often for context-specific information and/or aggregated data and, in some cases, for sensitive or personal data, including individual or record-level data (see Table 2). The most common type that interviewees named was requests for data related to monitoring programme delivery. These requests do not seem to be driven by strategic or funding priorities but instead by internal government/donor processes, such as queries from legislative or executive bodies, audits, independent government reviews, or from other government departments. Many of these requests were for aggregated data (e.g., indicator data) or otherwise non-sensitive data (e.g., situational reports), with exceptions identified in the discussion below.
|Type of Informal Data Request||Example|
|Context-specific/situational information||Detail about security situation in area of programming|
|Aggregated data||How many people assisted in a given region of a country|
|Disaggregated data||Number of women or children assisted in a given region of a country|
|Personal data||Contact information of a set or sub-set of beneficiaries (names, addresses, phone numbers) for monitoring or evaluation activities|
|Monitoring data||Contact information of a set or sub-set of beneficiaries (names, addresses, phone numbers) for monitoring or evaluation activities|
In the analysis that follows, I present the findings under categories related to (1) Data sharing requests and uses, and (2) Exceptions and complications (see Table 3). I conclude with a set of implications, a summary of innovative and good practice examples for data sharing between donors and humanitarians, and areas for future research and action.
|Data Sharing Requests and Uses|
|Much available formal documentation about data sharing between humanitarians and donors is in the public domain.|
|Few existing formal documents contain explicit policies or clauses on data sharing.|
|The justifications for sharing disaggregated humanitarian data are framed most often in terms of accountability, compliance, efficiency, and programme design.||Most requests for data are linked to monitoring and compliance.|
|The (perceived) growth in humanitarian programme-related data sharing requests is due to increased emphasis on evidence-based decision making, and more proactive donor involvement and more stringent programme monitoring.|
|Donors ask for data for various types of ‘assurances’.||Assurances may be linked to creating positive incentives to collect data (e.g., gender markers) or to ensure assistance is going where it should.|
|Donor interviewees were not aware of sharing of record level data with other units/departments/entities within their governments.||Internal data shared take the form of aggregated or low/no sensitivity format only.|
|Although donors request detailed or disaggregated data, they may not have the time, human or technical capacity to deal with it.|
|Exceptions and Complications|
|Donors and humanitarians confirmed that different standards exist for different partners.|
|Multiple donors indicated that organisations can push back against donor data requests.||This is especially true with a justification of why the requests are problematic.|
|A lack of data literacy and awareness of the risks of data management exacerbates many issues related to data sharing.|
|The differing perceptions of data sharing requests are driven by inconsistencies in practice and differing uses of data.|
|‘Data’ are not well defined in partnership or contractual agreements.||Data may mean different things depending on the vantage point of donors or humanitarians, and according to context and programme.|
|An indirect yet mutually-reinforcing relationship exists between the requirement or requests to share data and the need to collect data, with corresponding implications for risk.||Humanitarians collect data partly because donors ask them to share data. Requests for data sharing, in turn, are driven by differing needs, which leads to collecting more data than strictly needed and potentially to more risk.|
|The cascading requirements of data collection and sharing reveal inconsistencies or tensions related to:
(1) data sharing and interoperability;
(2) data management and local humanitarian aid commitments;
(3) ‘data quality’ as justification and excuse; and
(4) data sharing and trust.
|(1) Reporting formats may not be technically interoperable (e.g., Word or PDF documents), and therefore conducive to comparing or aggregating across time or context. While some donor governments are requiring reporting via shared platforms and using shared standards, this is not universal and requires investments to ensure that compiling datasets does not create additional risk for data subjects.
(2) A tension exists between the ability to safely and effectively manage data and existing commitments related to local humanitarian aid.
(2) Data quality can be used both as a justification for humanitarians not to share data, and as an excuse for donors not to fund programmes or organisations.
(4) An inverse relationship exists between trust and data sharing. On the one hand, high profile ‘scandals’ and breaches of trust result in more scrutiny, and consequently, more detailed or onerous data sharing requests. Yet established trust and long-term relationships appear to enable more nuanced and productive discussions about data sharing and expectations.
|Examples of innovative options and good practice exist, some of which emerge from negotiations built on mutual trust and long-term funding relationships.|
|More research and action are needed, notably related to: (1) monitoring and evaluation activities, particularly when conducted by third party monitors, and (2) data sharing with host governments.|
Both donors and humanitarian actors share document links, indicating documentation already existing in the public domain. These documents encompass publicly available reporting templates, technical instructions, and even contractual documents on the internet. Nevertheless, according to interviewees, signed contracts and agreements with individual humanitarian actors may contain confidential or non-public clauses or annexes regarding data sharing.
Although most formal documentation reviewed as part of this study did not reference data sharing, references to ‘data’ appeared in contractual documents (Table 1), usually with reference to financial data and reporting responsibilities. The most common were clauses and guidance on financial data and reporting requirements, including a requirement for explicit reporting against specific indicators (disaggregated by category but not raw data) and mandatory reporting of fraud, ethical or conduct violations related to safeguarding.
Some of the guidance documents refer to legal frameworks, most commonly the EU General Data Protection Regulation (GDPR) and in some cases local and national law or regulations in host countries. Others mention humanitarian-specific guidance and resources (e.g., the Humanitarian Data Exchange (HDX), Sphere, Good Humanitarian Donorship, or the Grand Bargain 8+3 reporting frameworks).
The most specific references to data sharing appear in the context of audits and mandatory reporting of fraud and conduct violations. These clauses or guidelines usually contain mandatory sharing of ‘data’ (in a generic sense) when requested with reference to audits or programme implementation (e.g., ‘The donor as well as any third party appointed by it and the [auditor] are entitled to a right to examine the project/activities and all respective documents at any time’ and ‘[donor] reserves the right to request additional information regarding progress of project implementation … as and when needed’). Because of the lack of specificity regarding the type of data referred to in these clauses, they could be interpreted broadly to include everything from financial data to personal, record-level data for audit purposes. Thus, generic references to ‘data’ or information in legal contracts could be used to justify data sharing requests, even if these requests to share data may contravene existing legal frameworks, such as GDPR. For example, one humanitarian interviewee, in describing why an implementing partner proactively shared sensitive personal data with them without a request to do so, indicated that the partner explained that they always shared all data with their donors.
Documents and interviews with donors and humanitarians all correspond on this point, although the interviews identified further nuance (see below). Many donor documents encourage, and in some cases require disaggregated indicator data, such as gender, age, and disability markers. These markers provide disaggregated information, such as the number of women or men, children, youth, or older adults assisted as part of a project. The justification for collecting these data is framed in terms of ‘in-depth understanding’ that ‘leads to a more accurate and effective response, by making individuals and their distinct gender- and age-related needs more visible’.
Reporting against these indicators is required in aggregate and non-sensitive formats (e.g., percentages). Some donor documents, such as technical guidance, explicitly mentioned that data must be shared with or collected on behalf of the entire humanitarian community (i.e., sharing among humanitarian actors and not only sharing data back with donors).
Interviewees often referred to monitoring and compliance purposes for sharing data, particularly justifications related to public spending. In short: is the money going to whom it should, and how can you prove this? In most cases, these queries seemed to be requested for aggregate data (e.g., disaggregated indicator data or contextual information, even if sensitive) as opposed to individual or record-level sensitive data. The exceptions to these aggregated requests, where both donors and humanitarians indicated record-level data may be asked for, were related to cash programme (for transaction-level information or beneficiary data), counter-terrorism compliance, case management, and third-party monitoring. While the counter-terrorism compliance requests were anecdotal, interviewees mentioned cash transaction and case management data requests that involved the sharing of personal data or sensitive transaction data. Cash-related requests, in particular, often came from third party monitors (see Implications below).
The emphasis on evidence-based decision-making has generated new and different reporting requirements in a broad sense, sometimes outside of or supplemental to formal, older reporting requirements or policies, as well as more stringent formal reporting requirements. As a result, donors may ask for additional information from partners. At the same time, there was recognition among interviewees that the formal data reporting requirements are not always ‘fit-for-purpose’ in that data requests may be burdensome and may not be collecting the ‘right’ data – meaning that the data requested may be more for donor decision-making rather than ‘as a tool for partners to make evidence-based adjustments in programming’.
Both donor and humanitarian interviewees saw more stringent monitoring and accountability as legitimate. At the same time, however, multiple interviewees mentioned links to high-profile political debates about aid, to the provision of assistance in conflict-affected areas where agencies operate remote programmes or to which they may not have consistent access, and to the often high-profile corruption, mismanagement, or other conduct violations that increase interest in and oversight of aid budgets, particularly in sensitive contexts. Multiple donor interviewees highlighted cases of fraud and corruption as precipitating increased scrutiny on them, including on budgets and programmes, and on the humanitarian sector, all of which has translated into increased data requirements and additional data sharing requests. This is also where the distinction between financial and programme-related data seemed to disappear, as financial or audit-related or compliance requests (particularly related to counter-terrorism efforts) appeared to be linked to validating humanitarian programmes.
These assurances were multiple in form. The obligation to gather detailed data creates a positive incentive to collect these data in the first place, such as in the case of specific markers like gender. According to one donor, ‘we ask [for these data] to incentivise partners to collect this data, to be aware of this when designing projects’. In other cases, the purpose of data collection is to provide a type of assurance that assistance is going where it should. In this way, the more detailed data in and of themselves seem to suggest that the money is not being misused.
Nevertheless, as one donor admitted, ‘we look at it to make sure it is there but nothing more’, thereby suggesting that they do not use these data any further. Others mentioned the need to have detailed data to justify budgets and spending, whether by managing relationships within their governments, or by having detailed answers when ‘reporting up’ to legislative bodies (e.g., Parliamentary or Congressional committees), oversight bodies and independent committees, or responding to public inquiries and managing public perceptions. As one donor stated, ‘The first way we do this [managing our relationships with other government entities] is by giving them a responsible level of information, almost to prove we have it covered’.
When asked about sharing data internally within their agencies and governments, most donor interviewees indicated they had internal reporting systems that could permit viewing routine reporting by others in their units or departments. In many cases, they indicated that access to sensitive data within their agencies is restricted to specific individuals or units, and not broadly accessible, usually because of technical specifications (e.g., having access to certain systems) or because of standard practice.
Donors indicated that when they shared information internally, it was usually in the form of aggregated data for situation reports, context analysis, or replies to queries. Thus, while several donors admitted asking for more detailed, disaggregated information, they indicated that it informed their analysis and decisions, and that before sharing further, they would aggregate and de-risk (or reduce the sensitivity of) the information. These aggregated data were often shared with colleagues in donor agencies and sometimes externally, such as with other government departments, legislative entities, or government officials. So, while humanitarians may be concerned about donors sharing data directly with intelligence agencies, for example, donor interviewees indicated they were not aware of such requests. According to one, ‘it would be strange if they [intelligence actors] are coming to us for that’.
Several donors mentioned that sharing with other entities within the government is difficult, since many data are shared in the format of PDFs or other files that would make it difficult to cross-reference or cross-tabulate information. Thus, they lack the ability to share data internally because of the different types of data and formats that they receive, amounting to a lack of interoperability between data standards and formats. As one donor put it, ‘Technically it is not possible. We have PDF or Word files on computers and we don’t have software that would automatically gather this information and systematically make it comparable between years or organisations’. Moreover, multiple donor interviewees indicated they lack the time to carefully go through detailed data. Instead, providing these data serves to reassure, as indicated above. As one donor stated, ‘When they provide [the information], we just tick yes/no. We don’t compare projects’.
Many donors request gender, age, and disability markers, pointing to the emergence of a standard set of indicators across donors. Multiple interviewees also referenced efforts to standardise reporting (and relatedly, data sharing between donors and humanitarians) that emerged from the Grand Bargain and its 8+3 reporting format as one effort to reduce variation.
But differences still do exist. In some cases, donors requested different information or have varying requirements for partners. Some donors required different agreements and reporting requirements for national entities (e.g., German NGOs receiving money from Germany), and most pointed to different types of agreements for UN agencies or the Red Cross/Red Crescent Movement and for NGOs.
In general, NGOs tended to receive project specific funding whereas UN agencies and Red Cross entities could also sign broader framework agreements to contribute to a country or regional response. Both donor and humanitarian interviewees indicated that NGOs were required to provide the most detailed information. By contrast, donors more often accepted annual reporting statements for the UN and Red Cross, often because of the nature of the funding allocations or agreements. For these entities, funds are usually allocated for a country/crisis or under framework agreements as opposed to project-specific funding, which is more often the case for NGOs. This could subsequently affect the level of detail required for reporting. For example, signing a framework agreement to support a country response could allow the aggregation of beneficiary data across donors and projects, requiring less specific data in formal reporting.
Ironically, these more generic agreements may increase the data burden for collection and potential sharing. Framework agreements did not necessarily preclude requests for additional data requests, as all humanitarian interviewees reported receiving informal donor requests for additional data. The lack of data specificity could even result in additional requests outside of formal reporting schedules, precisely because of the lack of specificity in regular reports. Moreover, as described below in the Implications section, in many cases, humanitarian actors that sub-contracted other implementing partners requested more detailed data from their partners to respond to actual or anticipated donor government queries, even if these anticipated queries did not eventually materialise.
As indicated above, on the one hand, donors implied that humanitarian organisations should comply with formal and informal requests for data. They also implied that this is not necessarily a given. As one donor put it, ‘They should be willing, since we fund the project, but if they have regulations against this sharing they can refuse’. Likewise, donor and humanitarian interviewees suggested that the ICRC and UN agencies had the strongest ability to push back against data requests, and that NGOs possessed the least leverage.
One interviewee suggested that this ability was constrained by the nature of the crisis: ‘You could push back, because we had sufficient funding and a range of donors. But if you are in a situation where you have a very narrow set of donors … then it can get more sensitive’. Multiple humanitarian interviewees raised the possibility of ‘changed’ or constrained relationships with donors that could result if they denied a request for data, a factor that did enter into consideration for some organisations when making decisions about how to respond to data sharing requests. One donor government, however, pointed out that they need implementing partners, saying ‘We can’t do our jobs without our partners’. Another humanitarian interviewee suggested that establishing trusted and effective relationships could assist in negotiating these requests.
Donors and humanitarians alike raised a series of issues related to data literacy, particularly regarding awareness of the myriad risks related to data management. First, not enough staff in donor agencies (as well as humanitarians) have the training and capacity to be able to deal effectively with data management, including data protection. This is particularly true at the field level. One more cynical interviewee suggested that donors may approach field staff for data over headquarters staff precisely because the request is more likely to be granted, either because it might involve less administration (particularly in relation to gatekeepers at headquarters level), or because the request is more informal and field staff may be less data literate. Several interviewees suggested that onerous or inappropriate requests for data sharing could originate from younger staff who lack experience.
Several interviews noted inconsistencies between what is written down and what is practiced. For example, many donors are subject to data protection regulations, and some also have data responsibility guidelines in place, yet contract documents may contain all-inclusive clauses requiring data sharing for audit and other purposes, as described above. Whereas donors see data sharing as related to accountability and compliance, some humanitarians pointed out that in some instances donor requests may not comply with their own data regulations, illustrating a potential double standard regarding data protection. In the words of one humanitarian, ‘… [W]e get loads of questions where [donors] scrutinise data protection in our proposals. And then for the programme data they just request it. There is a disconnect in the logic and handling of data. Many times, it is different people requesting the data. For them it is programme or financial data, and data protection doesn’t come in’. While it may be possible to address this in negotiations at the outset of a contractual agreement, this may not resolve the inconsistency, particularly if other entities are requesting data (e.g., auditors) and may not be aware of or recognise this discrepancy. In this way, a disconnect may exist between the use of generic contractual stipulations to compel data sharing mentioned above, and existing legal frameworks, policies, or guidelines governing data protection (e.g., GDPR).
Overall, the good news is that awareness of the need for more stringent and responsible data management in the humanitarian sector is growing. In this section I highlight three sets of implications emerging from the findings, and then provide several examples of innovative or good practice around responsible data sharing. I conclude with several topics in need of further research and action, and a summary of the conclusions.
The lack of commonly accepted terminology or usage of ‘data’ in the sector more broadly poses a clear problem. In almost every interview, despite beginning with a statement about the data of interest for the research, interviewees asked questions about the type of data about which I was asking. While I could address this issue for the research, not clearly defining what ‘data’ means makes it possible to have inconsistencies in the logic of handling data, to request data that should not be shared, and to compromise the principle of ‘do no harm’. As one donor pointed out, existing policies and guidance do not cover the full range of data collected, how they are used, stored, or governed. Both donors and humanitarian actors must clearly define the type(s) of data that will be shared in the course of a partnership or contractual relationship. Without clarity on the type of data under discussion, it will be difficult to advance conversations and practice to manage data more effectively, including data sharing, use, and protection.
Although this research focused on data sharing as opposed to data collection, the interviews and documentation point to an indirect relationship between the two: data are collected in part because they are meant to be shared. Meaning, humanitarians collect data partly because donors ask them to share data. Requests for data sharing, in turn, are driven by differing needs, which leads to collecting more data than strictly needed and, potentially, to more risk.
In general, donor and humanitarian interviewees implicitly or explicitly agreed with a fundamental tenet of data responsibility: that we collect only what we need. Collecting only what we need may be informed by multiple justifications, including the need to account for taxpayer dollars or to inform programme adaptation and monitoring more effectively. These needs, however, may require very different data. Moreover, where humanitarians may privilege mandate and principles, donors may privilege their overall portfolio in a given country, requiring more detailed, comparable data. As one interviewee suggested, collecting only what we need also requires a step back to assess what are we trying to accomplish, and what data we need to accomplish these objectives. This is precisely where more conversation is needed, and where data literacy becomes even more important, to be able to better account for these differing needs and accountabilities.
Some humanitarians pointed to a further downside for requiring additional data collection: reporting requirements mean that humanitarians are collecting and sharing more data than they would otherwise, thus increasing the potential data risk and undermining the minimisation goal of data responsibility, more generally. In many cases, humanitarians give the justification for additional data collection as ‘our donor requires it’ (thereby implicitly recognising the link between sharing and collection). The amount of data increases and the risks become more complex with additional implementing partners, where government donors’ contracts with humanitarian actors (UN agencies or INGOs) that, in turn, sub-contract to other entities, often national or local NGOs. As one interviewee explained, there is a fundamental problem highlighted in Grand Bargain conversations that mirrors the data conversation: ‘We talk about the donor-UN relationship and what needs to change there. But there is no requirement that the positive changes that could be made there are then required and transferred down the line to NGO partners who actually implement the programmes’. In other words, if the amount of data collection required to satisfy reporting requirements increases with every additional implementing partner, then it will be impossible to limit data collection and sharing. Likewise, the risks are more likely to increase in number and complexity with the net result being no actual change in practice unless the issues are addressed across the sector.
1) Data sharing and interoperability
As highlighted above, donors justify the need to share data in terms of accountability, compliance, efficiency, and programme design, explicitly citing the need to improve the efficiency and effectiveness of humanitarian response. Yet this reveals an inconsistency, since reporting formats may not be technically interoperable (e.g., Word or PDF documents), and are, therefore, not conducive to comparing or aggregating across time or context in ways that would facilitate these improvements.
This is not the first research to point this out, and reinforces the idea that data are potentially useful for more actors when available on shared platforms rather than in bespoke reports. While some donor governments are requiring reporting via shared platforms and using shared standards, this is not universal and highlights the need for additional effort in this regard. Doing so also requires investments to ensure that compiling datasets does not create additional risk for data subjects.
2) Data management and local humanitarian aid commitments
Multiple interviewees highlighted a tension between the ability to safely and effectively manage data and existing Grand Bargain and other commitments related to local humanitarian aid. This is two-fold, in the sense that data management in the humanitarian sector may serve to limit donor-humanitarian partnerships and in the way it highlights the need for a sector-wide effort.
As multiple interviewees pointed out, it is primarily the larger agencies that now have the capacity and resources to significantly invest in data management and protection. As donor governments require more stringent data management as part of their partnership agreements or contractual relationships, they may inadvertently preclude partnerships with local humanitarian actors that do not have the same awareness, policies, or resources, thereby undermining the push to support local action.
This situation emphasises the need to address these issues and promote data literacy across the entire sector. As one interviewee stated, ‘with this convergence – that we must do everything together – are we as strong as the strongest, or as weak as the weakest one?’ Another interviewee highlighted the cascading explanation of ‘satisfying donor requests’ as justification for collecting and sharing more data, pointing out that unless we address this issue at all levels of the implementing chain, we will not actually change practice.
3) ‘Data quality’ as justification and excuse
Data quality is an important concern, which surfaced in several interviews with contradictory implications. In particular, interviewees suggested that data quality can be used both as a justification for humanitarians not to share data, and as an excuse for donors not to fund programmes or organisations.
Organisations may adopt differing standards (e.g., different age ranges to define ‘youth’) or terminology that can limit options for combining – and thereby for sharing – data. A lack of transparency or documentation about the methods of data collection can create discrepancies in data quality, some of which are legitimate. As one interviewee stated, ‘In these reports we have a combination of data that we collect. Some we collect, but others come through [other actors]. So, we have an estimate but maybe this is not that accurate. We may be combining apples and oranges and pears’. These differences, however, can also become both an excuse not to share data with other humanitarian actors or donors, or a way to hoard and control data, with consequent implications for funding or about control of narratives regarding the level or type of need.
This issue of data quality can also feed mistrust. As explained above, concerns about data quality or the misuse of data means that donors require more detailed data because they question the quality and accuracy of what has been reported or shared. As one humanitarian interviewee stated, ‘I think the more the donor is interested in the quality of the results, the more detailed data would be requested. Also, the quality sometimes gets linked to the political interests’. These concerns, in turn, can affect the willingness to fund programmes or organisations. In the words of one interviewee, ‘Data has become an excuse for donors to not fund. We’ve heard this in the past few years, in the sense that “your data is not accurate enough” … or not disaggregated enough. Or that we don’t trust your data, or that it is inflated data’.
4) Data sharing and trust
As the previous point highlighted, data sharing is inextricably linked to issues of trust, power, and control. The research highlights an inverse relationship between trust and data sharing, which has both challenges and benefits. On the one hand, interviewees cited multiple examples of how high profile ‘scandals’ result in more requests for data. Breaches of trust inevitably result in more scrutiny, and consequently, more detailed or onerous data sharing requests.
On the other hand, as described below, established trust and long-term relationships appear to enable more nuanced and productive, if difficult, discussions about data sharing and expectations. There is a further dilemma, since this level of trust is more likely to exist between donors and established humanitarian actors, creating another, largely invisible barrier for newer, less established, usually national or local humanitarian actors. And this barrier undermines efforts to ‘localise’ humanitarian response.
Relatedly, questions of who owns and controls the data are fundamentally about power and control in the humanitarian system. And, as several interviewees pointed out, the voices of data subjects are missing in data sharing discussions more broadly. Where this surfaces is usually in relation to informed consent and whether consent is, or is not, possible in the context of humanitarian response. Informed consent is one of the bases of existing legal personal data protections. Many humanitarian interviewees kept returning to the principle of consent in relation to further data sharing, regarding whether the original data gathering consent processes included sharing with donors, as well as the legal basis (usually legitimate interests) for further sharing. As one interviewee put it, ‘If you haven’t told people you are going to need it for that purpose, you can’t change the purpose just because they are poor and disempowered and have no way to sue you to get back at you’.
On a more positive note, interviewees identified some innovative options and examples of best practice. These ideas included multiple instances of compromise and flexibility, usually built on mutual trust, negotiations, special circumstances, and relationships built over time.
Several good practice options emerged from the interviews that should be seen and used as standard practice across the sector.
More research and action are needed on several key topics, notably related to: (1) monitoring and evaluation activities, particularly when conducted by third party monitors; (2) data sharing with host governments; and (3) data requests for communications purposes.
First, as donors and humanitarians both pointed out, donors often outsource to third parties to monitor programmes, for which third parties request and often collect the most detailed and sensitive data. While their work is legitimate, there is a lack of understanding about third party monitors and how they collect, use, and store data, a topic that surfaced repeatedly across interviews (see also Westphal and Meier, 2021).
Second, the topic of data sharing with host governments, particularly in response to prominent news stories of data breaches in the last year, surfaced as an important issue for future research.
And third, a neglected area of ‘data sharing’ is the request for narratives and for stories and data for public interest reporting, such as stories of how humanitarian programmes change beneficiary lives. Although stronger policies and practices related to seeking consent for the use and reuse of photos and videos have been developed, not all individual humanitarians will be aware of these. This is a type of data sharing that attracts less attention because it is less likely to entail significant data about a lot of people (although it can be very specific to one individual). These stories are often the domain of public relations and communications, even though they pertain to programmes. Consequently, this area is not so much a topic for research but illustrates the need to ensure that conversations and learning around the communication uses of programme-related data are incorporated into broader responsible data sharing practices.
To conclude, I return to the two questions that guided the research, specifically about the formal or informal frameworks that govern the collection and sharing of disaggregated humanitarian data between humanitarian organisations and donors, and how these frameworks and the related requirements are understood or perceived by humanitarian actors and donors.
On the first question, the formal justifications that govern the collection and sharing of disaggregated data are framed across donors in terms of accountability, compliance, efficiency, and programme design. Despite these common justifications, the practices of both formal and informal data sharing vary across and within donors. These practices are complicated by a range of factors, including multiple regulatory frameworks and varying degrees of data literacy among donors and humanitarians. Perhaps most importantly for this research, the lack of clearly defined uses of the term ‘data’ complicates efforts to responsibly share and manage data. Specifically, ‘data’ are not well defined in partnership or contractual agreements and consequently, mean different things to different people and organisations.
Likewise, the perceptions of these practices vary. Data sharing is widely regarded as legitimate, but a degree of mistrust exists regarding how these data are subsequently used. Breaches of trust increase scrutiny and tend to result in more detailed or onerous data sharing requests. Yet trust, often built through long-term relationships between donors and humanitarians, enables responsible data sharing and may serve to constrain the nature and range of donor-humanitarian relationships, potentially with the greatest negative ramifications for local humanitarian actors. Building the practice of responsible data sharing therefore requires a sector-wide effort to increase data literacy across humanitarian actors and donors, and ultimately to protect those who should be at the centre of humanitarian response – those affected by conflict, violence, or disaster.
Fast, Larissa. 2022. Data Sharing Between Humanitarian Organisations and Donors: Toward Understanding and Articulating Responsible Practice. NCHS Paper 06, April. Bergen: Norwegian Centre for Humanitarian Studies.
 Responsible Data Sharing with Donors: Accountability, Transparency and Data Protection in Principled Humanitarian Action: https://www.wiltonpark.org.uk/event/responsible-data-sharing-with-donors-accountability-transparency-and-data-protection-in-principled-humanitarian-action-wp1777/
 Risks Associated With Humanitarian Data Sharing With Donors: https://www.gppi.net/2021/09/06/data-sharing-with-humanitarian-donors
 For more on this format, see IASC guidance: https://interagencystandingcommittee.org/harmonize-and-simplify-reporting-requirements/harmonized-reporting-template-83-template-final.
 Information about the Humanitarian Data Exchange is here: https://data.humdata.org; Sphere Standards are available here: https://spherestandards.org; and the Good Humanitarian Donorship is here: https://www.ghdinitiative.org/ghd/gns/home-page.html.
 As a side note, some donors indicated that humanitarian partners have been proactive in sharing data about potential conduct violations or mismanagement, and expressed appreciation for this transparency, presumably with corresponding implications for the level of trust between partner and donor.
Inter-Agency Standing Committee (IASC). 2021. Operational Guidance: Data Responsibility in Humanitarian Action. February. New York: IASC. https://interagencystandingcommittee.org/operational-response/iasc-operational-guidance-data-responsibility-humanitarian-action
International Committee of the Red Cross (ICRC). 2018. Professional Standards for Protection Work. 3rd ed. Geneva: ICRC. [Chapter 6]. https://www.icrc.org/en/publication/0999-professional-standards-protection-work-carried-out-humanitarian-and-human-rights
ICRC and Brussels Privacy Hub. 2020. Handbook on data protection in humanitarian action. 2nd ed. Edited by Christopher Kuner and Massimo Marelli. Geneva and Brussels: ICRC and Brussels Privacy Hub. https://www.icrc.org/en/data-protection-humanitarian-action-handbook
ICRC and Privacy International. 2018. “‘Doing no harm’ in the digital era: The humanitarian metadata problem” October. Geneva and London: ICRC and Privacy International. https://privacyinternational.org/report/2509/humanitarian-metadata-problem-doing-no-harm-digital-era
Westphal, Florian and Claudia Meier. 2020. Research on the Specific Risks or Constraints Associated with Data Sharing with Donors for Reporting Purposes in Humanitarian Operations: Synthesis Report. Berlin: Global Public Policy Institute (GPPI). https://www.gppi.net/2021/09/06/data-sharing-with-humanitarian-donors
Willitts-King, Barnaby and Alexandra Spencer. 2020. Responsible data-sharing with donors: Accountability, transparency and data protection in principled humanitarian action. December. HPG Briefing Note. London: ODI. https://odi.org/en/publications/responsible-data-sharing-with-donors-accountability-transparency-and-data-protection-in-principled-humanitarian-action/
Wilton Park. 2020. Workshop Report. Responsible Data Sharing with Donors: Accountability, Transparency and Data Protection in Humanitarian Action. Report WP1777V. In association with the Government of Switzerland, the International Committee of the Red Cross (ICRC), and the United Nations Office for the Coordination of Humanitarian Affairs (OCHA) Centre for Humanitarian Data. Sussex, UK: Wilton Park. https://www.wiltonpark.org.uk/event/responsible-data-sharing-with-donors-accountability-transparency-and-data-protection-in-principled-humanitarian-action-wp1777/
Benefit and Risk perceptions