Data Sharing For the Public Good: Establishing the Right Frameworks
Written by Rebecca Gorin and Alyson Marks
Covid-19 has given rise to an enormous amount of data. Everything from satellite data and mobile data to big data are providing insights on how the virus is spreading and where vulnerable communities are located. Collaboration is essential for leveraging this data, and the pandemic has prompted an increase in data partnerships. However, many of these data collaborations are raising privacy and security concerns - there are at least 27 countries currently using data from cell phone companies to track entire populations for COVID-19 purposes, and we don’t know how long this will continue. The crisis has also underscored many of the barriers to collaboration, including the lengthy negotiation process for negotiating data sharing agreements (DSAs) and the lack of trust and accountability between parties that can arise. Establishing the right legal frameworks and policies for managing the data are key to overcoming these obstacles.
In response to these issues, TReNDS has studied a range of data sharing agreements or contracts to understand the legal dimensions of partnerships as part of its Contracts for Data Collaboration Initiative (C4DC). These include an in-depth report on key issues surrounding DSAs, resources for DSAs on public health, and a case study on mobile data sharing in Ghana. Best practices for cross-sector data collaboration and management were also highlighted during a recent webinar* co-hosted with Apolitical.
As more organizations enter into data collaborations, they should understand what is needed to establish safe, secure, and long-lasting partnerships. And recent data collaborations highlight the importance of having a DSA in place. These include reports that Facebook accidentally shared user data with 5,000 app developers after the contract’s cut-off date and a new contract between the U.S. Department of Health and Human Services and the data mining company, Palantir, for Covid-19 response efforts.
TReNDS’ new report, Laying the Foundation for Effective Partnerships: An Examination of Data Sharing Agreements, outlines six important issues related to the above examples to consider when negotiating data sharing agreements: (1) Why is the data being shared?; (2) What kinds of data are being shared?; (3) When should the data be shared?; (4) Who is involved in the data sharing?; (5) How is the data being shared?; and (6) Where is the data being shared from and to? For each of these issues, the report outlines examples from the C4DC library and identifies common areas of practice that may be helpful for negotiating partnerships in the future.
A DSA proved especially effective in a data collaboration for mobile data between the Ghana Statistical Service (GSS), Vodaphone Ghana, and Flowminder, as outlined in a recent case study. For example, the DSA helped to address key issues, such as data anonymization and aggregation, use limitations, the parameters for data deletion upon termination of the contract, publishing results, GDPR requirements, and data handling. Having a DSA in place for the collaboration was also valuable for addressing privacy concerns. The agreement mandated that a third-party (Flowminder) assist with the data analysis and ensured that individual-level data could only be accessed on the data provider’s servers by approved members of staff from approved third-parties.
TReNDS’ Director Jessica Espey noted during the Apolitical webinar, “In theory, public-private partnerships should be simple, but it is incredibly complicated to negotiate the legal aspects and the entire package of partnerships that are required for a public and a private entity to collaborate and share information.” These partnerships have huge potential to augment limited public resources as well as help to enrich private sector actions, but they must be done carefully.
Omar Seidu from the GSS explained that finding the right balance between using data for the public good and managing individual privacy concerns is often a challenge. “You need to put in enough safeguards that individuals are comfortable [with you] using this data to inform public policy without necessarily making the information openly available.” He also shared some safeguards to consider, including aggregation of the data, institutional protections, and risk mitigation protocols.
In the midst of the current health crisis, it is critical that we capitalize on these partnerships to allow for more data to be used for the public good and to mitigate the devastating effects of Covid-19. However, if the right legal frameworks and policies are not in place to manage these data collaborations, we risk more harm than good.
*The passcode to access the webinar is 5V&2%7*$.