The Handbook was drafted following consultation with key stakeholders from the global data protection and international humanitarian communities, including humanitarian practitioners, data protection authorities, academics, NGOs, and experts on relevant topics, and with the direct participation of the Swiss Data Protection Authority, the European Data Protection Supervisor, the French-speaking Association of Data Protection Authorities (AFAPDP), and organisations such as the UN High Commissioner for Refugees (UNHCR), the International Organisation for Migration (IOM), the International Federation of Red Cross and Red Crescent Societies (IFRC), and UN Global Pulse.
The Handbook addresses questions that arise in applying data protection to international humanitarian action, and is addressed to staff of international humanitarian organisations and NGOs who are involved in the processing of personal data, particularly those in charge of advising on and applying data protection standards. It is hoped that it may also prove useful to other parties, such as data protection authorities, private companies, and others involved in international humanitarian action.
The first part of the Handbook deals with basic principles of data protection and their application in the context of humanitarian action. This includes issues such as vulnerability of data subjects and implications on the identification of suitable legal bases for data processing, as well as the difficulties involved in working on the basis of clear-cut categories of sensitive data; emergencies and implications on the data protection rights of individuals; and data controllers’ responsibilities such as data security, impact assessments, and accountability; and international data sharing.
The second part deals with the use of specific new technologies in the context of international humanitarian action. This includes data analytics and ‘Big Data’; drones and remote sensing; biometrics; cash transfer programming; cloud services; and mobile messaging apps. The Handbook also addresses the use of data protection impact assessments.