How to Responsibly Open Data and Share Data
In stage 5 of responsible data governance, as per our guiding framework, we provide an orientation on safe and responsible data sharing and open data, as well as guidance on establishing data sharing agreements based on the distinct roles that involved entities play.
Several scenarios exist which might involve the sharing of data internally. Data might also need to be shared externally with partners or with contracted third parties such as evaluation firms, survey companies, technology providers, or data processors. You might also be asking partners or third parties to share data they have collected with you.
Data sharing or processing agreements can help to establish parameters for how personal, sensitive or confidential information is to be protected and secured when it is exchanged or shared.
When deciding which kind of agreement to set up, consider:
- Data sharing agreements are normally established when different parties are working together on an initiative and need to share data to meet their partnership and programme goals such as conducting national level surveys or needs assessments, providing services across multiple ministries or organisations, ensuring that there is no duplication of services, or meeting legal requirements.
- Data processing agreements are usually signed if you engage a company to collect and process your data, for example, a third party survey company or a management information system like Salesforce.
Guidelines for open data and sharing data
1. Open data where possible, but only after ensuring that it does not lead to harm
National government might have a mandate to open its data. Perhaps this is because the government has signed an agreement to open data, for example, the Open Data Partnership, or because a bilateral or multilateral donor such as the US Government requires data to be opened and shared as part of an initiative such as the International Aid Transparency Initiative (IATI). Open data is data that can be freely used, re-used, and redistributed by anyone, and is subject only to the requirement to attribute and share alike (any products or derivative works using the data must be licensed under the same type of license).
The main aspects of open data as described in the Open Data Handbook are:
• Availability and access. The data must be available as a whole and at no more than a reasonable reproduction cost, preferably by downloading over the internet. The data must also be available in a convenient and modifiable form.
• Re-use and redistribution. The data must be provided under terms that permit re-use and redistribution including the intermixing with other datasets.
• Universal participation. Everyone must be able to use, re-use and redistribute the data – there should be no discrimination against fields of endeavour or against persons or groups. For example, ‘non-commercial’ restrictions that would prevent ‘commercial’ use, or restrictions of use for certain purposes (e.g. only in education), are not allowed.
For open data to be useful, it should be structured in a way that allows it to be used by different systems and organisations, and that different datasets can be combined because they share the same structure or are in the same format. This is referred to as being “interoperable.”
It is important to note that not all data can and should be opened. Personal and sensitive data should never be opened, as this puts individuals or entire communities at risk. Combining datasets could also inadvertently identify individuals in the dataset. Some national security restrictions might also apply to decisions about whether data can or cannot be opened.
2. Put clear agreements in place before sharing data
Data protection laws and regulations assign roles and responsibilities to the different parties in a data sharing or data processing arrangements – typically data controllers and data processors. These designations are useful for assigning obligations, responsibilities, and accountability for data and these should be formalised in a data sharing or processing agreement.
• The data controller makes decisions about how personal data will be processed.
• The data processor takes instruction from the controller on which personal data is collected and how it will be processed.
• Joint controllers decide together on the purpose of processing personal data and the method to be used for processing.
Your data sharing or processing agreement should define who will play what role, and lay out clearly what the partners agree to for the safe and secure sharing of data.
See tip sheet 7 for developing a data sharing agreement
Stay tuned to the next stage, Responsible M&E Data Visualisation and Communication as we unpack more on the practical responsible data management tips for M&E practitioners.
See our previous blog posts on: Responsible Data Management for M&E: Stage 1 – Design and Planning , How to responsibly collect or acquire data for M&E, How to Responsibly Transmit and Store M&E Data and How to responsibly Clean, Analyse and Use Data to keep up with the discussion, or learn more from the report.