Feeds:
Posts
Comments

Posts Tagged ‘guidelines’

Our December 2015 Technology Salon discussion in NYC focused on approaches to girls’ digital privacy, safety and security. By extension, the discussion included ways to reduce risk for other vulnerable populations. Our lead discussants were Ximena BenaventeGirl Effect Mobile (GEM) and Jonathan McKay, Praekelt Foundation. I also shared a draft Girls’ Digital Privacy, Safety and Security Policy and Toolkit I’ve been working on with both organizations over the past year.

Girls’ digital privacy, safety and security risks

Our first discussant highlighted why it’s important to think specifically about girls and digital security. In part, this is because different factors and vulnerabilities combine, exacerbating girls’ levels of risk. For example, girls living on less than $2 per day likely only have access to basic mobile phones, which are often borrowed from parents or siblings. The organization she works with always starts with deep research on aspects like ownership vs. borrowship and whether girls’ mobile usage is free/unlimited and un-supervised or controlled by gatekeepers such as parents, brothers, or other relatives. This helps to design better tools, services and platforms and to design for safety and security, she said. “Gatekeepers are very restrictive in many cases, but parental oversight is not necessarily a bad thing. We always work with parents and other gatekeepers as well as with girls themselves when we design and test.” When girls are living in more traditional or conservative societies, she said, we also need to think about how content might affect girls both online and offline. For example, “is content sufficiently progressive in terms of girls’ rights, yet safe for girls to read, comment on or discuss with friends and family without severe retaliation?”

Research suggests that girls who are more vulnerable offline (due to poverty or other forms of marginalization), are likely also more vulnerable to certain risks online, so we design with that in mind, she said. “When we started off on this project, our team members were experts in digital, but we had less experience with the safety and privacy aspects when it comes to girls living under $2/day or who were otherwise vulnerable. “Having additional guidance and developing a policy on this aspect has helped immensely – but has also slowed our processes down and sometimes made them more expensive,” she noted. “We had to go back to everything and add additional layers of security to make it as safe as possible for girls. We have also made sure to work very closely with our local partners to be sure that everyone involved in the project is aware of girls’ safety and security.”

Social media sites: Open, Closed, Private, Anonymous?

One issue that came up was safety for children and youth on social media networks. A Salon participant said his organization had thought about developing this type of a network several years back but decided in the end that the security risks outweighed the advantages. Participants discussed whether social media networks can ever be safe. One school of thought is that the more open a platform, the safer it is, as “there is no interaction in private spaces that cannot be constantly monitored or moderated.” Some worry about open sites, however, and set up smaller, closed, private groups that were closely monitored. “We work with victims of violence to share their stories and coping mechanisms, so, for us, private groups are a better option.”

Some suggested that anonymity on a social media site can protect girls and other vulnerable groups, however there is also research showing that Internet anonymity contributes to an increase in activities such as bullying and harassment. Some Salon participants felt that it was better to leverage existing platforms and try to use them safely. Others felt that there are no existing social media platforms that have enough security for girls or other vulnerable groups to use with appropriate levels of risk. “We sometimes recruit participants via existing social media platforms,” said one discussant, “but we move people off of those sites to our own more secure sites as soon as we can.”

Moderation and education on safety

Salon participants working with vulnerable populations said that they moderate their sites very closely and remove comments if users share personal information or use offensive language. “Some project budgets allow us to have a moderator check every 2 hours. For others, we sweep accounts once a day and remove offensive content within 24 hours.” One discussant uses moderation to educate the community. “We always post an explanation about why a comment was removed in order to educate the larger user base about appropriate ways to use the social network,” he said.

Close moderation becomes difficult and costly, however, as the user base grows and a platform scales. This means individual comments cannot be screened and pre-approved, because that would take too long and defeat the purpose of an engaging platform. “We need to acknowledge the very real tension between building a successful and engaging community and maintaining privacy and security,” said one Salon participant. “The more you lock it down and the more secure it is, the harder you find it is to create a real and active community.”

Another participant noted that they use their safe, closed youth platform to educate and reinforce messaging about what is safe and positive use of social media in hopes that young people will practice safe behaviors when they use other platforms. “We know that education and awareness raising can only go so far, however,” she said, “and we are not blind to that fact.” She expressed concern about risk for youth who speak out about political issues, because more and more governments are passing laws that punish critics and censor information. The organization, however, does not want to encourage youth to stop voicing opinions or participating politically.

Data breaches and project close-out

One Salon participant asked if organizations had examples of actual data breaches, and how they had handled them. Though no one shared examples, it was recommended that every organization have a contingency plan in place for accidental data leaks or a data breach or data hack. “You need to assume that you will get hacked,” said one person, “and develop your systems with that as a given.”

In addition to the day-to-day security issues, we need to think about project close-out, said one person. “Most development interventions are funded for a short, specific period of time. When a project finishes, you get a report, you do your M&E, and you move on. However, the data lives on, and the effects of the data live on. We really need to think more about budgeting for proper project wind-down and ensure that we are accountable beyond the lifetime of a project.”

Data security, anonymization, consent

Another question was related to using and keeping girls’ (and others’) data safe. “Consent to collect and use data on a website or via a mobile platform can be tricky, especially if we don’t know how to explain what we might do with the data,” said one Salon participant. Others suggested it would be better not to collect any data at all. “Why do we even need to collect this data? Who is it for?” he asked. Others countered that this data is often the only way to understand what people are doing on the site, to make adjustments and to measure impact.

One scenario was shared where several partner organizations discussed opening up a country’s cell phone data records to help contain a massive public health epidemic, but the privacy and security risks were too great, so the idea was scrapped. “Some said we could anonymize the data, but you can never really and truly anonymize data. It would have been useful to have a policy or a rubric that would have guided us in making that decision.”

Policy and Guidelines on Girls Privacy, Security and Safety

Policy guidelines related to aspects such as responsible data for NGOs, data security, privacy and other aspects of digital security in general do exist. (Here are some that we compiled along with some other resources). Most IT departments also have strict guidelines when it comes to donor data (in the case of credit card and account information, for example). This does not always cross over to program-level ICT or M&E efforts that involve the populations that NGOs are serving through their programming.

General awareness around digital security is increasing, in part due to recent major corporate data hacks (e.g., Target, Sony) and the Edward Snowden revelations from a few years back, but much more needs to be done to educate NGO staff and management on the type of privacy and security measures that need to be taken to protect the data and mitigate risk for those who participate in their programs.  There is an argument that NGOs should have specific digital privacy, safety and security policies that are tailored to their programming and that specifically focus on the types of digital risks that girls, women, children or other vulnerable people face when they are involved in humanitarian or development programs.

One such policy (focusing on vulnerable girls) and toolkit (its accompanying principles and values, guidelines, checklists and a risk matrix template); was shared at the Salon. (Disclosure: – This policy toolkit is one that I am working on. It should be ready to share in early 2016). The policy and toolkit take program implementers through a series of issues and questions to help them assess potential risks and tradeoffs in a particular context, and to document decisions and improve accountability. The toolkit covers:

  1. data privacy and security –using approaches like Privacy by Design, setting limits on the data that is collected, achieving meaningful consent.
  2. platform content and design –ensuring that content produced for girls or that girls produce or volunteer is not putting girls at risk.
  3. partnerships –vetting and managing partners who may be providing online/offline services or who may partner on an initiative and want access to data, monetizing of girls’ data.
  4. monitoring, evaluation, research and learning (MERL) – how will program implementers gather and store digital data when they are collecting it directly or through third parties for organizational MERL purposes.

Privacy, Security and Safety Implications

Our final discussant spoke about the implications of implementing the above-mentioned girls’ privacy, safety and security policy. He started out saying that the policy starts off with a manifesto: We will not compromise a girl in any way, nor will we opt for solutions that cut corners in terms of cost, process or time at the expense of her safety. “I love having this as part of our project manifesto, he said. “It’s really inspiring! On the flip side, however, it makes everything I do more difficult, time consuming and expensive!”

To demonstrate some of the trade-offs and decisions required when working with vulnerable girls, he gave examples of how the current project (implemented with girls’ privacy and security as a core principle) differed from that of a commercial social media platform and advertising campaign he had previously worked on (where the main concern was the reputation of the corporation, not that of the users of the platform and the potential risks they might put themselves in by using the platform).

Moderation

On the private sector platform, said the discussant, “we didn’t have the option of pre-moderating comments because of the budget and because we had 800 thousand users. To meet the campaign goals, it was more important for users to be engaged than to ensure content was safe. We focused on removing pornographic photos within 24 hours, using algorithms based on how much skin tone was in the photo.” In the fields of marketing and social media, it’s a fairly well-known issue that heavy-handed moderation kills platform engagement. “The more we educated and informed users about comment moderation, or removed comments, the deader the community became. The more draconian the moderation, the lower the engagement.”

The discussant had also worked on a platform for youth to discuss and learn about sexual health and practices, where he said that users responded angrily to moderators and comments that restricted their participation. “We did expose our participants to certain dangers, but we also knew that social digital platforms are more successful when they provide their users with sense of ownership and control. So we identified users that exhibited desirable behaviors and created a different tier of users who could take ownership (super users) to police and flag comments as inappropriate or temporarily banned users.” This allowed a 25% decrease in moderation. The organization discovered, however, that they had to be careful about how much power these super users had. “They ended up creating certain factions on the platform, and we then had to develop safeguards and additional mechanisms by which we moderated our super users!”

Direct Messages among users

In the private sector project example, engagement was measured by the number of direct or private messages sent between platform users. In the current scenario, however, said the discussant, “we have not allowed any direct messages between platform users because of the potential risks to girls of having places on the site that are hidden from moderators. So as you can see, we are removing some of our metrics by disallowing features because of risk. These activities are all things that would make the platform more engaging but there is a big fear that they could put girls at risk.”

Adopting a privacy, security, and safety policy

One discussant highlighted the importance of having privacy, safety and security policies before a project or program begins. “If you start thinking about it later on, you may have to go back and rebuild things from scratch because your security holes are in the design….” The way a database is set up to capture user data can make it difficult to query in the future or for users to have any control of what information is or is not being shared about them. “If you don’t set up the database with security and privacy in mind from the beginning, it might be impossible to make the platform safe for girls without starting from scratch all over again,” he said.

He also cautioned that when making more secure choices from the start, platform and tool development generally takes longer and costs more. It can be harder to budget because designers may not have experience with costing and developing the more secure options.

“A valuable lesson is that you have to make sure that what you’re trying to do in the first place is worth it if it’s going to be that expensive. It is worth a girls’ while to use a platform if she first has to wade through a 5-page terms and conditions on a small mobile phone screen? Are those terms and conditions even relevant to her personally or within her local context? Every click you ask a user to make will reduce their interest in reaching the platform. And if we don’t imagine that a girl will want to click through 5 screens of terms and conditions, the whole effort might not be worth it.” Clearly, aspects such as terms and conditions and consent processes need to be designed specifically to fit new contexts and new kinds of users.

Making responsible tradeoffs

The Girls Privacy, Security and Safety policy and toolkit shared at the Salon includes a risk matrix where project implementers rank the intensity and probability of risks as high, medium and low. Based on how a situation, feature or other potential aspect is ranked and the possibility to mitigate serious risks, decisions are made to proceed or not. There will always be areas with a certain level of risk to the user. The key is in making decisions and trade-offs that balance the level of risk with the potential benefits or rewards of the tool, service, or platform. The toolkit can also help project designers to imagine potential unintended consequences and mitigate risk related to them. The policy also offers a way to systematically and pro-actively consider potential risks, decide how to handle them, and document decisions so that organizations and project implementers are accountable to girls, peers and partners, and organizational leadership.

“We’ve started to change how we talk about user data in our organization,” said one discussant. “We have stopped thinking about it as something WE create and own, but more as something GIRLS own. Banks don’t own people’s money – they borrow it for a short time. We are trying to think about data that way in the conversations we’re having about data, funding, business models, proposals and partnerships. You don’t get to own your users’ data, we’re not going to share de-anonymized data with you. We’re seeing legislative data in some of the countries we work that are going that way also, so it’s good to be thinking about this now and getting prepared”

Take a look at our list of resources on the topic and add anything we may have missed!

 

Thanks to our friends at ThoughtWorks for hosting this Salon! If you’d like to join discussions like this one, sign up at Technology SalonSalons are held under Chatham House Rule, therefore no attribution has been made in this post.

Advertisements

Read Full Post »

Group work at a regional consultation

Children and adolescent’s participation in decisions that affect them is key. More and more, decision makers are realizing that they need to consult with children when they are making decisions about children, meaning that children have more opportunities to weigh in on issues that impact on their lives.

Not knowing how to manage a good participation process or not listening to past lessons learned, however, can make it difficult for children and adolescents to take advantage of opportunities offered them to input into these decisions.

Children’s rights to participate

A child is anyone under the age of 18.  According to the UN Convention on the Rights of the Child (UN CRC), in addition to survival, development and protection rights, children also have participation rights.

  • Children have rights to be listened to, to freely express their views on all matters that affect them, and to freedom of expression, thought, association and access to information.
  • Participation should promote the best interest of the child and enhance the personal development of each child.
  • All children have equal rights to participation without discrimination.
  • All children have the right to be protected from manipulation, violence, abuse and exploitation

from the “Minimum Standards for Children’s Participation 10th draft”, written by Helen Veitch,*drawing on Articles 2, 3, 12, 13, 17, 19, 34 and 36 in the UN Convention on the Rights of the Child

What are the principles of participation? (Summarized from the above document)

An ethical approach: transparency, honesty and accountability

Adults involved need to follow ethical and participatory practices and put children’s best interests first. Because there are power and status imbalances between adults and children.  An ethical approach is needed in order for children’s participation to be genuine and meaningful.

A child friendly environment

The atmosphere should be safe, welcoming and encouraging.  Because in order for children to feel comfortable participating they need to feel safe and supported.

Equality of opportunity

Space should be ensured for those groups of children who typically suffer discrimination and are often excluded from activities. Because children, like adults, are not a homogeneous group and participation should be open to all.

Participation promotes the safety and protection of children

Child protection policies and procedures are an essential part of participatory work with children. Because organisations have a duty of care to children with whom they work and everything should be done to minimize the risk to children of abuse and exploitation or other potentially negative consequences of their participation.

Child participation in national, regional and global consultations

Children’s right to participate is key. However in practice, a safe and open environment for child participation at national, regional and global events can be difficult to ensure. It requires resources as well as a great deal of preparation.

Over the past several years, I’ve participated in some disappointing events where:

  • lessons learned about effective child participation and child protection were ignored
  • those tasked with ensuring child participation and protection were powerless to influence event organizers to ensure quality and safe participation
  • those organizing the event or sending children to it simply had no idea that there are standards and protocols and plenty of lessons learned that they should have taken into consideration.

Minimum standards for child participation

For example, back in 2005, several organizations in East Asia and the Pacific* collaborated to produce minimum standards for child participation in national and regional consultation events. These were initially developed for the UN Study on Violence against Children.

They offer a comprehensive overview of how to manage child participation and can be used as a guide for other national, regional or global events where children participate.  They should be considered whenever organizing, hosting or participating in an event where children are being consulted or their participation is desired.

You can have the most amazing and wonderful children present and the very best intentions, but fall very short of your goals of quality child participation because logistics and organization are poor and/or child participation and protection protocols are not followed.

What often goes wrong?

Child participation holds tremendous value, but when it’s not properly facilitated or supported; results can be negative on many levels, including:

  • Children are tokenized or used
  • Poor organization gets in the way of participation
  • Important opportunities are missed
  • Children become frustrated
  • Children are put at risk
  • Money and time are wasted

Oh, the things I’ve seen…

Mistakes those new to organizing events or supporting child participation in events often make:

  • Having singing and dancing in traditional costumes be the main role for children
  • Setting up totally new groups to participate in an event rather than working with existing groups
  • Not understanding the concept of ‘representativity’ and not ensuring democratic and fair selection processes of those children who participate
  • Not realizing (for global events) that the visa application process takes a very long time, and requires visa invitation letters and appointments in advance
  • Forgetting to get children their required vaccines
  • Not realizing that children may not have birth certificates or passports, meaning the visa process takes even longer
  • Not preparing children well for visa interviews, including the possibility that their visa request will be denied
  • Not allocating time and budget for travel necessary to obtain visas, permission from parents who do not live with the child (child trafficking laws often require this now) and other documentation
  • Not obtaining permission slips, medical histories, media releases from parents and/or not obtaining travel insurance for children
  • Not getting the above materials translated into a language parents can understand
  • Not having child protection policies in place and adhering to them
  • Not doing background checks on people who will be working with children
  • Thinking it’s OK to send children overseas without a chaperone, not budgeting for chaperones
  • Forgetting that not all children speak a major language like English, Spanish, Portuguese or French and will require translation of all materials before the event as well as constant translation during the event, and support following the event if they will continue to participate in event follow up

Children's responses on what they feared at an event.

Mistakes that even experienced child participation facilitators make:

  • Influencing too much on what children will say
  • Using children to promote the sponsoring organization or INGO’s agenda
  • Having children represent an NGO or INGO rather than representing themselves, their own groups or their communities
  • Having children wear NGO/ INGO t-shirts, caps and other branded items
  • Asking children from some countries (usually those from countries deemed ‘exotic’) to bring traditional costumes and share their culture, but not asking the same from other countries
  • Creating/building up ‘professional’ child participants and creating child star speakers
  • Relying on the same children all the time to represent because they have passports or visas or prior experience
  • Only bringing children who speak a major language or live in the capital to events
  • During sessions, not organizing group work in ways that facilitate communication across different languages
  • Sending any adult as a chaperone, rather than sending the best or the right adult as a chaperone
  • Not planning ahead on how children will be supported when they get back home to continue inputting into global networks and processes
  • Not ensuring a space for children to share their experiences with home offices and groups
  • Making children work long hours to fit everything in
  • Not giving children pocket money so that those with less means can also purchase small things for themselves or for family members
  • Housing children in fancy hotels with fancy food that they may not be used to; (not cooking enough good quality rice at lunch and dinner!)
  • Not realizing children may need to be shown how to use things like hotel showers, air conditioning, toilets
  • Not realizing that children may not want to sleep alone in a room
  • Not providing additional warm clothing for children if the conference climate is colder than their own
  • Not realizing that a trip overseas creates culture shock, children may feel lonely for their families
  • Not ensuring that children have the means to call home as soon as they arrive to an event and periodically during their stay
  • Not realizing that those facilitating child participation or working on child protection may not have the power to influence event organizers, especially if events are being organized in hierarchical ways with governments and high level committees involved
  • Not establishing at what point enough is enough, and children shouldn’t participate because conference organizers simply haven’t created favorable conditions, and children are put at risk or their participation will not be of good quality or have any real impact

Mistakes I’ve seen conference and event organizers repeat over and over:

  • Focusing on number of children participants rather than quality of participation
  • Not providing information with enough lead time for it to be translated and shared with children, or for good planning and selection processes to be done
  • Segregating children in parallel events where they don’t interact with adults
  • Not giving children space to lead sessions or engage with adults; offering them the last spot in the opening /closing speeches, and giving them a small percentage of the time that the adult speakers are given; or reducing children’s participation time because adults have gone over their allotted time
  • Patronizing children by clapping every time a child says something, or saying “oh that’s such a great idea!” not treating children respectfully as equals
  • Encouraging adults to get their photos taken with ‘exotic looking’ children in costumes
  • Not balancing the number of local participants and global participants
  • Not understanding that they need certain conditions to be available to fulfill child protection protocols (eg., children and adults need separate rooms; boys and girls as well as older/younger youth need to have separate rooms; the venue selection needs to have a measure of safety/security to prevent outsiders from taking advantage of any of the participating children, etc.)
  • Packing too many activities into the day and leaving children no time to rest
  • Not allowing any time for sight-seeing or recreation
  • Thinking all children have access to internet and computers to fill out registration forms, etc. and to participate in networks post conference
  • Not realizing that they need to listen to child participation and protection committees and adjust their ideas for their event so that children can effectively participate and are not put at risk
  • Thinking they can hire just anybody to manage child participation at the event
  • Not including a child participation/child protection point person in the organizing committee

So, what then?

I do honestly believe that children should participate and have a say in these issues, and that only by listening to children can decision-makers ensure that they are coming to the best decisions that benefit, resonate with, or have the best impact on children’s lives.

However unless proper organization, logistics, preparation and care are taken, these opportunities can be frustrating or a waste of an opportunity for everyone involved, and the validity of the efforts can easily be questioned.

Child participation needs to be taken seriously, not as an add-on or nice to have or cute to have. Unless and until regional and global events can ensure that this is happening, it might be a better investment to work with children at local and national levels.

Event organizers and child participation facilitators need to look at existing protocols, documentation, minimum standards and lessons learned and use them. Organizations shouldn’t be coming up with the same ‘lessons learned’ after every event and repeating the same mistakes at the next one. Surely we can do better than that.

What guidelines does your organization have? What mistakes have you made and learned from? What recommendations can you give? How can we get it right? Please share your thoughts in the comments section…

Download

Minimum Standards on Child Participation

Protocols and documents to use to help ensure good quality participation

*The following organizations participated on the steering committee that elaborated the Minimum Standards: UNICEF East Asia Pacific Regional Office, World Health Organisation, Office for the High Commissioner for Human Rights, ILO IPEC Asia and the Pacific, NGO Advisory Panel on the UN Study on Violence Against Children, Save the Children Alliance, Child Workers in Asia, ECPAT International, World Vision International APRO, Plan International, Terre des Hommes Germany, ASEAN Foundation.

Related posts on Wait… What?

Child protection, the media and youth media programs

Children and young people’s vision for a new Haiti

Read Full Post »