The Dangers of Legal Ignorance in Digital Development

mobile-data-collectionhttp://i0.wp.com/www.ictworks.org/wp-content/uploads/2016/02/mobile-data... 200w" sizes=" 640px) 100vw, 640px" data-recalc-dims="1" />
Some time ago I was working in a country that had enacted data localization laws requiring that all personal data that originates in that country must also be hosted on servers located within its jurisdiction. Although as of September 2015, only six countries have enacted such strict data localization laws, their combined population covers more than 2 billion people—or about a quarter of the world’s population.
Save the date! On October 6-7th, MERL Tech will return to Washington, DC with a focus on the legalities of digital data collection, storage, and analysis.
During my time in said country, I met a couple of local NGOs that had been introduced to platforms for mobile data collection by staff from an international NGO. In both cases, those platforms hosted their data in the cloud on servers outside of the country. Although the staff from this international NGO may have felt that they were helping these local NGOs to modernize their data collection, given the country’s data localization laws, they were actually putting them at legal risk.
Saved by incompetence (this time)
Thankfully, this well-meaning international NGO committed another ICT4D faux pas. Despite the fact that the field staff at these local NGOs had been deeply entrenched in using pen and paper for data collection and the fact that they had zero prior experience using a smartphone for such purposes, the international NGO only provided them with a one-day training on the new platform. Having not received any additional training or technical support, both local NGOs quickly gave up on using the new platform.
Underestimating the level of support that people and organizations need to implement new technology platforms in their work has become an unfortunate hallmark of a fair number of ICT4D practitioners. I have come to accept that this is just par for the course. And while poorly implemented ICT4D initiatives are cause for concern, what is more concerning though is the fact that in this case this international NGO was somehow oblivious to the fact that data localization laws existed in that country.
Had they have been successful in helping these two local NGOs to use the platform they introduced, their “success” would have ensured that both local NGOs continued to break the law, putting themselves and their staff at risk of potential prosecution.
Ignorance is not a sufficient defense
The truth of the matter is, had someone not mentioned the data localization laws to me, I could have also been in a position to have put these NGOs in a similar type of precarious legal situation. What this highlights to me is how it is more important than ever for ICT4D practitioners to deeply understand the legal contexts in which they work.
It is worth noting that the issue is much greater than just data localization laws. As Sean McDonald recently detailed in his paper Ebola: A Big Data Disaster, calls to share mobile network data to help deal with the Ebola crisis would have likely have broken data privacy laws both within Liberia and at a regional level. And then of course there are an increasing number of repressive laws enacted around the globe that are aimed at cracking down on free expression, many of which are likely to be at best only poorly understood by significant numbers of development practitioners.
The bottom line is that ultimately we need to ensure that we truly understand all of the laws that could potentially cover any technology we are promoting or introducing in our work. This is, to some degree, going to require a cultural shift for us to overcome. Yet that initial burden is worth the effort, as continuing to ignore the law is not only irresponsible, but also potentially dangerous.
What are your thoughts? Have you encountered any irresponsible ignorance of the law in ICT4D initiatives? What was your response?