Informing humanitarians worldwide 24/7 — a service provided by UN OCHA

World

Consent and ownership in the shift to digital cash and voucher assistance

Part of committing to cash and voucher assistance (CVA) is committing to going digital and collecting data. While they are two different things, they are deeply intertwined. And while an organisation can ‘go digital’ without cash programmes, it’s nearly impossible to commit to cash programmes in the long term without going digital.

Yes, it is true we’ve done to cash and voucher programmes without digital. I remember the rooms full of binders of paper and working with security firms to deliver envelopes of cash. There was an exhilaration that came with those projects that was very different than using mobile money or bank accounts. And yes, digital access and literacy are critical requirements to consider in going digital, but going digital certainly increases the speed and reduces the costs involved.

Cash programming is all about data. And lots of it. When we work with financial service providers, we need to meet Know Your Customer (KYC) requirements. Who are we giving the money to and can we ‘prove’ they are who they say they are? So, we need data.

And yet, when we go digital, we have choices to make about the ‘how’. Yes, we need data, but what can we do with it? And who’s data is it? Consent and ownership: neither are straightforward, but both are extremely important.

Consent

Consent is supposed to be freely given, meaningful and informed. In other words, people should understand why they are giving us the data, what we are doing with it, with whom we share it, and so on. And they should choose to give their data. However, in many of our projects, if we don’t digitally register the recipients, they cannot receive aid. If we don’t collect their data, we won’t meet KYC requirements, and we will struggle to use financial service providers to implement our cash programmes.

So it is hard to consider this consent as defined. It’s hard to call it consent when it’s a requirement for participation, when there are not meaningful alternatives to digital registration available to the recipients which enable them to still participate.

So what do we do? Stop implementing cash programmes? Switch to another modality? Go old school and only use paper? Well, these are all options, but unlikely to be taken by many organisations. And likely to be unpopular with recipients who consistently tell us they prefer cash.

We can view consent as a legal and regulatory requirement or we can see it as essential, something desirable to seek. Our perspective matters because it will change our approach.

If it is primarily viewed as a legal and regulatory requirement, then we tend to seek the minimum - the letter of the law. “Tell me what the requirement is, so I can meet it and move on.” It becomes a pop-up window on the enumerator’s screen with a short consent statement and a little tick box. It is very easy to tick a box and move on.

But if it is essential, we’d likely be monitoring whether or not people understood how we were using the data about them and what their data rights are. And when our monitoring revealed some people did not, we’d go back and try again. If it is viewed as essential, maybe our logframes would have an objective about what level of understanding those we work with have about how we use the data about them. And another regarding the access they have to the data we collect about them. Perhaps an indicator can be how often they ask to see their data trail or asked to be ‘forgotten’.

Perhaps we’d figure out how to go back to them to ask if it was ok for us to share data about them with other partners and let them know who those partners are. To let them know that perhaps their data will be shared with a company, with a government body and are they ok with that? And if not, then they don’t need to share the data, and we will be ok with this. No pressure tactics.

It is also likely we’d talk much more about things like literacy because if you can’t read, this may impact your understanding of digital and data, too.

Ownership

Some people talk about data as the new ‘oil’, while others talk about data as the new ‘carbon’. The analogy matters because it changes how we think about it. Is data individual property or group property or neither? Can I own it and therefore sell it to another or is it more of a collective good?

Oil is an asset that has been created over thousands or millions of years and happens to be located or accessed on the land you own. So is it an individual asset or a communal one? Right now, it is treated as an individual asset, while carbon is not. Roads tend to be treated as common assets, while railways often are not; it’s part of how car companies disrupted the railways.

But back to data. When is data ‘mine’? When it is about me? This may be more clear when it is my name. But it gets a bit more tricky when we move to my address or even my passport number. Those are pieces of data about me (identifiers), but are they ‘mine’? Do I own them? And what about my weekly food shop – is that data mine? And if so, when the supermarket de-links what I bought from my name, does it stop being my data even though it is still about me?

When humanitarian organisations collect data about people affected by a disaster, do they own that data or is it owned by the people affected by the disaster? Does it even matter? Well, probably, as depending on the answer, the design of the systems will change.

Right now, organisations view the data as theirs and so it is stored on their servers (or servers they control access to). They centralise the data – sometimes within the countries where the people are, but more frequently it is globally centralised. The organisations control access to the data allowing only staff to access it. The person about whom the data is has no access to it.

If we view the data as primarily belonging to the person about whom the data is then access for them becomes essential. We may consider personal data stores, decentralised identities, digital wallets and so on, but all with a focus on enabling the individual to control who has access to the data, what data is considered sensitive, what can be shared with whom, etc.

And if we view the data as communal, for community benefit, then things change again. Data is put into a data trust or a data commons, or something like them. Data is viewed as a communal good, governed collectively, and designated for a very specific and narrow purpose. Organisations and the people about whom the data is have a voice in how the data is used, by whom, and so on.

Like most things ownership is likely some sort of spectrum. Perhaps spectrum sprawling from individual to communal. Or maybe it sprawls elsewhere. Or maybe ownership is precisely the wrong term. Understanding where you and the organisation you work for sit on the spectrum can provide insight into your approach.

At the heart of our work is trust, relationships, and being human. Going digital should not strip out our humanity. Going digital should reduce the mundane tasks so that we can be more human. So that our frontline staff have more time to connect, to empathise, to be human with those affected.

Figuring out how to shift from our legacy systems, our legacy operating models, and our need to comply with donor and legal requirements is hard work. And yes, to change how we interact with those we seek to serve requires time and money. Implementing projects is all about trade-offs.

So perhaps it helps if we ask: “What are we choosing to spend our time and money instead of this?” And then go deeper by asking: “Why have we made that choice?” We also need to test or check our assumptions because our answers will be full of them. The easy answer will be to blame the donor. But have we asked the donor if they would fund this approach? Have we discussed it with them?

Going digital and collecting data is easy. Understanding why you are collecting the data and seeking to be responsible in the shift to digital is hard.

The choice is up to us.

Amos Doornbos is World Vision’s Disaster Management Systems Director. He writes a daily blog and records a regular podcast.