India’s Community-led Crisis Response: How Can Bottom-up Data Governance Help?

The latest wave of the COVID-19 pandemic has hit India particularly hard, and the lack of a cohesive government response has forced citizens and civil society to fend for themselves. Citizens are acting as intermediaries, lending others support by pooling data and amplifying demands for oxygen, medication and hospital beds. This is nothing if not an example of collective resilience, powered by social media networks and the exchange of data and critical information. 

The ability to collate, find and share verified data has quickly become a key determinant in life-or-death situations. To better sort through the high volume of requests and information, individuals have built apps, websites or simple tools to aggregate resources. Covid19 Relief India, for example, has launched an OpenSource Request Tracker, which helps users log requirements, view compiled information, track beds and even identify opportunities to volunteer. Others are spreading awareness on how to generate more effective and customised search queries on existing platforms like Twitter. 

What remains to be solved for, is how to protect our digital rights and privacy - extensions of our right to freedom of expression, well-being and safety. This is critical to address now, given that many people are openly broadcasting details like: phone numbers, blood types, addresses, medical status and histories online to amplify needs and information. While this is necessary to currently share in the absence of government support, what happens when the crisis is over? What are our rights over this data and who can access or make use of it going forward? 

The exposure of personal, sensitive data through platforms raises a number of concerns around the possible misuse of this data. In the short-term, there is the risk of further surveillance or censorship. There have already been reports on how twitter accounts sharing information on suppliers of oxygen and medicine have been shut down or ‘shadow banned’. Past breaches also indicate the likelihood that this data can be commodified and sold without consent to third-parties. There is also a chance that this data could be used to make critical decisions about us in the near future.

These are reminders that we need to retain agency and be active participants over our data journeys, especially in context of calamities. Citizens have largely taken control (albeit out of dire circumstance and necessity), and are witnessing the value of a bottom-up approach to crowdsourcing and sharing hyperlocal data. However, existing platforms/systems are ill-equipped for effective, sustainable bottom-up data governance. 

Bottom-up data governance systems can help put power and agency over data, its use and protection back in the hands of individuals and communities. This starts with recognizing that civil society organizations and individuals building tools and tech can play the role of emergency guardians or stewards of data. We already trust that many grassroots and community-based organizations possess a ‘duty of care’ to work in the best interests of those they serve, it's time for this to translate to data and digital rights.  

At the level of data sharing, bottom-up data stewardship could mean instituting stronger access controls in which personal or sensitive data like medical history can only be viewed by a requesting or matching entity. Organizations like Digi.me help users to consent to the use and sharing of their data in real-time, while pulling and harmonising data from a range of existing sources. 

There are lessons to draw from this approach, but in this situation where consent may be impossible to collect from patients themselves, the broader question may be how we can establish a system of collective proxy-consent where the patients’ caregivers (possibly a partner, friend or family member) can authorise the usage of data for a particular purpose while retaining a series of conditions on its protection, deletion and sharing. PolyPoly’s polyPod vault facilitates collective decision making around data and the development of their technology through a cooperative structure which may be useful to also consider. 

On governing data on existing platforms like Twitter or Instagram, organizations like Swash have built browser compatible plugins, powered by an end-to-end encrypted infrastructure to capture and pool data for users to better derive value. This may inspire thought on how we can embed data governance tools or plugins on existing platforms to ensure data can be securely and transparently aggregated for the greatest impact/visibility.  In principle, a similar model can trawl for and aggregate data to strengthen matches between requests and resources, help visualise the proximity of nearby services and more broadly, map and alert suppliers on aggregate demand. 

Considering the growing technical divide, which renders those with digital literacy, networks the power and privilege to access support, data stewards can also serve as important bridges to help represent and surface requirements of those who have been invisibilized, and going forward, negotiate on their behalf in terms of their data priorities. 

The ongoing pandemic has made clear that crises have calamitous impacts on our data rights, and we need to create systems to become active participants in our data journeys - to protect and harness the value of our data. Bottom-up governance models are a step toward ensuring that these approaches remain community-oriented and serve to strengthen the efficacy of and scale existing efforts on ground.