Biometrics and Extreme Data Minimisation

by | Feb 10, 2021 | ICT4D |

biometrics and extreme data minimisation

In humanitarian aid, we collect a lot of data about people. Most of time we’ll collect your name, age, gender, marital status, where you live, various health information, and so on. On the one hand it seems fairly normal. On the other hand, it’s not clear what your marital status has to do with your eligibility for aid.

However, for a moment, let’s put the relevance of marital status for aid to the side. Let’s try to answer why we collect personal data in the first place. Usually it is about eligibility. The aid agency or donor has some sort of criteria for who receive aid and who should not. The registration and enrolment processes exist to determine who fits the criteria. Once the enrolment is completed some of the data is used to confirm the person receiving the aid is actually the person in the database.

However, only a portion of the data collected at registration is used to confirm the person receiving the aid is actually the person in the database. So one question is why do we maintain the other data? Could we not delete it after the purpose of collecting it (to determine eligibility) is fulfilled? For example, if for some odd reason marital status is an eligibility criteria, it’s not likely we are asking the person each time they receive aid to confirm their marital status. So why do we need to keep that data?

To go even further. There are many who promote universal use of biometrics and promote their apparent efficiency, fraud detection, and other gains. Even though I am not one of them and think they have very limited use cases in aid, let’s continue. A biometric using aid agency, could collect personal aid about aid recipients to determine their eligibility to enrol in their project. Upon selection and enrolment they could collect the recipient’s biometric (it’s more likely they would just collect this at the same time as registration). And then here’s the extreme part, they could delete the registration database while only keeping the biometric database.

The purpose of registration is to determine eligibility and select who can enrol in the project. Once that is completed that data is no longer needed if you have a biometric which can be used at the distribution point to confirm the person receiving the aid is actually the person in the database. And if someone shows up who’s biometric is not in the database, their information can be taken, checked against the criteria, and if they should be on the list, then their biometric can be added to the database while their other data is destroyed.

And yes, there is reporting. Well, again, when you start a project you know what reports you’ll need to send to the donor or your organisational systems. And how it needs to be disaggregated. Therefore, you could run those numbers before you delete the data saying in this project this is the gender split, age split, and so on.

Here’s the thing, most agencies using or considering using biometrics are seeing it as an additional piece of data to add to their database. What if it wasn’t? What if we would ruthlessly delete the data we don’t use anymore?

Photo by Lukenn Sabellano


Submit a Comment

Your email address will not be published. Required fields are marked *