I have a soft spot for cookies, especially warm gooey chocolate chip cookies fresh out of the oven. It’s funny how I think of these yummy treats each time I visit a new website and my computer prompts me to accept cookies. While I know these digital cookies are referring to the bits of information that help the websites learn about me, I can’t help but wonder how sharing this data may compromise my personal privacy.

For children and other civilians living in conflict settings the security of their digital data can be a matter of life or death. It can make the difference of whether a child is able to access needed humanitarian assistance or whether the child becomes a target for abuse, exploitation or recruitment by an armed force or group.

In this blog, I explore some ways that management of the personal data of children living in armed conflict situations can help improve their lives and other ways that misuse or weak data management systems can cause them harm.

How has digital data management helped children in armed conflict?

Digital technology has allowed humanitarian organizations working to serve children and other civilians in conflict settings to move beyond handwritten logbooks or excel spreadsheets to efficient and user-friendly digital platforms or apps. This shift has meant that humanitarians are better able to provide timely, tailored assistance and protection for children.

For example, digital data management tools can help humanitarians track and reach displaced children, better positioning them to design and deliver programs to meet the health, education, nutrition, protection and other needs of children. The tools can also support humanitarians leverage new data analytic techniques to establish early warning and crisis mapping systems. Humanitarians can then prepare for population movements and ensure that they are well-equipped to provide aid to newly arriving displaced children and their families. Yet, along with these and other benefits

What are the risks posed to children?

In conflict zones, digital data management systems that collect and store biometric and other personal data present new and quickly evolving risks and vulnerabilities for children. These risks are often centered on children’s loss of privacy, which can make them more susceptible to abusive surveillance, discrimination and on-line or real-world targeting by armed forces or groups or other hostile actors. Failure to protect the confidentiality of children’s data can also lead to stigmatization that can put both the humanitarian agency and its beneficiaries at risk.

Whether the sharing of children’s digital data is intentional or inadvertent, it can still result in range of privacy and security risks. Accidental sharing can happen through cyber-attack or other data breaches, while intentional sharing can result from humanitarians or human rights defenders sharing data about children for purposes such as informing donor resource allocation or building evidence base to inform program design. However, the intention behind sharing is largely irrelevant if the data falls into the wrong hands. Many agencies are taking important steps to address such concerns. For example, the International Rescue Committee has used encryption, anonymized digital IDs and blockchain secure storage and verification systems to safeguard refugee biometric data in Thailand.

Another complicating factor is that it can be difficult for children and caregivers — or other concerned individuals or agencies — to determine the extent to which children’s data is protected. This is due in part to the rapid development of technology and the constantly shifting landscape of digital regulation, including in many countries that host refugee children and families.

Now what?

Some standards already exist to help mitigate some of the risks posed to children by digital data management in humanitarian contexts. For example, the ICRC published the third edition of the Professional Standards for Protection Work in 2020. These standards consider some of the rapid developments happening related to information management and the growth in data-protection laws. Nevertheless, the 2020 publication date already seems somewhat outdated given the quick pace of technological advances.

Several countries and regional organizations are developing and revising laws and regulations focused on governance of children’s data. While much of this growing body of regulation is not specific to humanitarian contexts, many of the principles and standards are applicable. For example, UNICEF’s Manifesto on Good Governance of Children’s Data presents ten actions that promote better data governance for children. Again, while they are not specific to humanitarian contexts, many of the proposed actions are relevant, such as the call to shift responsibility for the burden of protecting children’s data from children themselves to companies, or in this case, to humanitarian organizations that collect, manage or share data.

For better or for worse, technology is here to stay. Humanitarian actors cannot go back to the old days of paper or excel sheets. They must forge ahead with digital data management to reap all the potential benefits. At the same time, they should be taking aggressive and proactive steps to ensure that their systems are designed to withstand attack and prevent potentially harmful leaks of children’s data. This may require establishing special cyber-protection teams or building robust partnerships with private sector actors who can support their technological approaches and knowledge.

Bottom line: it is important to ensure that the private data of children living in humanitarian crises is meticulously protected to prevent further harm to them.