How digital identity can address both protection and inclusion

AUSTIN, Texas — In Uganda, South Sudan, and Tajikistan, the World Food Programme is digitizing nutrition monitoring.

SCOPE CODA replaces paper booklets and manual data entry. It provides frontline workers with electronic devices that read personalized smartcards and link to WFP’s digital beneficiary transfer management platform. WFP’s long-term goal is to ultimately digitize all of its malnutrition treatment programs using SCOPE CODA.

This mobile solution is one example of the way organizations such as WFP are doing what they can with the information they have in places where many people cannot easily prove who they are.

More than 1 billion people around the world lack any formal identification, which prevents them from essential services such as health care, financial services, and education. Digital identification systems have become an international development priority, as part of the pathway toward legal identity for all by 2030, one of the targets of the Sustainable Development Goals.

As the world becomes increasingly digitized, identity will become all the more critical, as will the need for cooperation between organizations that have identified ways digital identity can achieve both protection and inclusion: doing no harm and leaving no one behind in the digital age.

Do no harm

When a family returned to Burundi from a refugee camp in Tanzania where they had spent two years, their data was transferred to the welcome center, forming the basis of a national identity card that would help them access services and enroll their children in schools.

Ursula Mueller, U.N. assistant secretary-general for humanitarian affairs and deputy emergency relief coordinator at the U.N. Office for the Coordination of Humanitarian Affairs, told this story at the Mobile World Congress in Barcelona, Spain, in February.

“Collecting, analyzing, aggregating, and sharing data has vastly improved humanitarian response,” she said.

But she also acknowledged the challenges the humanitarian community faces in storing data securely, explaining that OCHA is developing guidelines to “manage data responsibly.”

“Ethical standards and privacy protection must be adhered to so we do no harm to the very people we want to help,” she said.

Last week, the office released a working draft of its responsible data guidelines, but the challenge remains that many humanitarian organizations do not feel they have the resources they need to do no harm in the digital era.

Chris Earney, who leads innovation at the UN Refugee Agency, admitted as much in a panel at MWC.

“We use this data to understand who we’re here to serve, how can we serve them better, what decisions do we need to make right now to deliver better aid,” he said. “When we partner with other organizations, we need to be very, very, very careful about what that data sharing agreement might look like. The more people you’re sharing data with, the more risky it gets.”

When it comes to partnering with third-party data companies, humanitarian organizations need to ask what data is being shared, and for whom it is a commodity, while also ensuring that the data does not end up in the hands of bad actors.

Leave no one behind

While concerns over data privacy are valid, they can also prevent aid organizations from extending digital solutions to people who could benefit most, such as individuals in low- and middle-income countries where formal identification methods and public sector databases are often paper-based, weak, or nonexistent.

“These people hardly exist in terms of data,” said Alex Rawlinson, co-founder of Field Buzz, which helps organizations manage their operations with smartphones and mobile internet.

Getting registered in the database of an organization operating in the last mile and then building up a history of transactions is crucial for unlocking many other services, he said.

Speaking with Devex at MWC, Rawlinson said he is frustrated by how donors he has met with talk about wanting to embrace digitalization, then say something like “but hang on, this goes against the idea of privacy.”

The regulatory environment is heading too far toward protecting data privacy, limiting the ability of organizations to collect, analyze, and share personal data that can unlock a great amount of value, he said.

From the Facebook data scandal, to the General Data Protection Regulation in Europe, to the conversation around the Aadhar biometric identity project in India, there is more attention than ever to the issue of data privacy, said Vyjayanti Desai, program manager of Identification for Development, or ID4D, at the World Bank Group.

ID4D selected “privacy by design” as the theme for its Mission Billion challenge, in order to surface ideas for ways that digital identification systems can protect people’s privacy and allow them control over their personal data.

But what can get lost in the debate around data privacy is that digital ID is part of “a stack of digital public goods that are required to really reach the goals of a digital economy and a digital society,” Desai told Devex.

ID4D works primarily with governments issuing legal ID. But other entities, including banks, phone companies, and employers, can also attest to different elements of an individual’s identity, said Magdi Amin, investment partner with the Digital Identity initiative at the philanthropic investment firm Omidyar Network. Then there is ID that is not necessarily issued, but inferred, for example through social media use.

Amin explained that data privacy is ultimately about user agency, but neither can happen without data security.

Desai outlined that some of the key next steps for digital ID for development are political commitment, scalable technology for access to services that can leapfrog paper-based approaches, and trust in the system with data protection and privacy laws.

Striking a balance

WFP sees its SCOPE CODA program as an example of how to strike the balance of doing no harm and leaving no one behind because of the governance around this data and the way this data allows WFP to make better decisions and reach more people.

“Only collect the minimum amount of data for the purposes you’re engaged in,” Robert Opp, director of innovation and change at WFP, told Devex at South by Southwest in Austin, Texas.

He said WFP is having conversations with other partners about how to store data, ensure data privacy, and ideally have people managing their own data: “Can we standardize a set of norms and standards for identity?” he said. “No one has sat down and said let’s build interoperable systems. We are all identifying norms and standards. Now we need to see where we can converge.”

Those conversations are starting to happen, due in part to efforts like ID2020, which is convening groups to discuss what it defines as “good digital identity.”

“Consensus about the definition of ‘good’ digital ID is only step one — and I don't think we're there yet,” Dakota Gruener, executive director at ID2020, told Devex via email. “But as this consensus grows, ID2020 has developed a set of technical requirements that translate these shared principles into practical guidelines for digital identity technology.”

These requirements set the community of organizations working on digital ID “on the path towards true interoperability,” she said.

Gruener mentioned, for example, the Certification Mark, which ID2020 launched last month. It allows companies that have developed “good” digital identity solutions — with “portability, persistence, privacy” and user control — to convey that. This makes it easier for implementing organizations, like NGOs and governments, to more confidently navigate procurement, she said.

Conversations on good digital identity are taking place from MWC to SXSW, to other conferences that draw technologists in global development. But Brett Solomon, executive director of Access Now, an international nonprofit advocating for free and open internet, said digital identity development should be bottom up.

It should be about “the needs of the people, their realities and not the interests of bureaucracies or business interests forcing frameworks downwards onto people,” he told Devex via email.