top of page



Who owns an individual's personal data? This is a big question in today's world. The working group was formed to address the lack of transparency of how organisations collect, store, and share beneficiary data with the goal to:

  • provide thought leadership, research, and problem definition

  • convene discussions with key actors

  • work collectively across the network to develop a framework for possible solutions

  • facilitate others to provide solutions

  • provide a testing ground for possible solutions

  • provide a channel for widespread adoption and critical mass

  • advocate for systemic changes to that would support a preferred solution or direction of travel.


CCD's data sharing working group's workstream includes agreeing on: 

  • what data the CCD members will share 

  • definitions of the data (each data field)

  • criteria for access the shared data

  • use restrictions for the shared data

  • options for the mechanics of sharing (e.g. methods, requirements, pros and cons, etc.)

  • recommendations and guidance for country-level consortia.


Lead: Amos Doornbos, World Vision

Members: Open to any staff members of CCD member agencies

CCD lines 2.png


As CCD works to ease collaborations globally, data sharing and interoperability have been raised as a significant barrier to expanding cooperative efforts. CCD has been prioritising how we can resolve these issues in our joint operations and guidance for others since June 2018 when we started working with the user-focused company, Pivotal, on how we can remove obstacles preventing data sharing between CCD members.  

In October 2019, a working group, led by World Vision, was formed to address these concerns in a transparent manner while ensuring interoperability between NGOs, partners, UN agencies, and beyond while maintaining our responsibility to protect and better support our beneficiaries. 

CCD lines 2.png


As of April 2020, the working group has agreed to:

  • focus on de-duplication and creating unique identifiers that can be used for case referrals as well

  • a model to use: one that relies on standards, is tech agnostic, involves very limited data being shared, and includes enabling recipients/beneficiaries to also access their data

  • initially share data with only the unique ID stored in a communal registry

  • use a system/model that can flag potential duplicates and the agency that created the original record (the resolution and determination of whether it is a duplicate will be done offline between agencies involved using a pre-agreed standard process).


The group will work towards establishing 

various standards and methods for:

  • creating a unique identifier 

  • defining the process to resolve the potential duplicate

  • defining the process for an agency to refer a recipient/beneficiary to another organisation.

CCD lines 2.png
data sharing guidance & template


The legal component of data sharing was identified as the most complex part to solve and without a resolution, tech solutions could be inappropriate. Thus, data sharing guidance and accompanying data sharing template was produced by Dentons Law Firm for CCD member, CARE. It is to be used as a starting point to develop data sharing standards suitable for the country and context of the data sharing.

The guidance and template are based on the highest data standards (the EU's General Data Protection

Regulation (GDPR)). CCD members’ legal counsels, data specialists, and programme teams provided feedback on the guidance and agreement to ensure that it can easily be used by CCD members in the field.


Both the guidance and the templates are being piloted in CCD-supported collaborations in Ethiopia and Colombia.



Protecting personal data and privacy in field work: A guide for data sharing between humanitarian organisations


This template is intended to promote responsible data practices and sharing between organisations in the nonprofit sector, and, where applicable, their private sector partners. It borrows from corporate best practices and approaches, and is intended as:

  • a transactional roadmap for responsible data sharing in a given context

  • an educational tool for organisations to understand obligations in this area

  • requiring early and deep discussion and due diligence of expectations around approaches, policies and procedures and related roles and responsibilities amongst the parties

  • a starting point for negotiations of an eventual written agreement between the parties.


Each provision must be carefully considered, and it is not just appropriate but necessary for modifications (both additions and deletions) to be made based on context and the views of the parties. Footnotes should be deleted. Nothing in this template is fixed or predetermined and it is intended only to assist the parties by providing them with a basis for discussion.

This template agreement contemplates considerable ethical, programmatic, and legal responsibilities and should only be utilised in close consultation with appropriate country office management, information technology/digital teams, and local and home office legal counsel at each participating organisation/company. This agreement requires discussion and modification, and application to each specific context and party.

While the parties signing the agreement will generally be sharing personal information that has already been collected, a basic consent form has been provided for organisations who may wish to consider adapting for use when collecting personal information. Like the agreement itself, the form of consent is a mere template that should be carefully reviewed and modified to ensure its suitability for the specific context in which it is being used.

CCD lines 2.png


Whilst sharing data between organisations is an important component for agencies to be able to collaborate, we also need to ensure that way that the sharing is done is in the best interest of the people whose data we hold. Indeed, aid actors have been hosting data on the world’s most vulnerable people for a very long time, but generally they are given little to no access to their own data. It is also problematic that the data is held for an indefinite period of time and contains more information than necessary, putting already vulnerable people even more at risk of exploitation.

One solution CCD is evaluating provides vulnerable people access to their data; sets limitations to the type of data that is collected, how that data is shared, and how long it is stored; and offers a common framework to organisations who don’t operate within the same data protection regulations – is the data trust.

Data trusts are legal entities that exist externally to the organisational partner agencies and offer an opportunity to manage political and liability issues using a different approach as they can have a very narrow, well defined, transparent scope and allow beneficiaries to have a say in their data.

Given this, a data trust could be established in a community or location to host the wallets or personal data stores of people who are unable to host the information themselves. A trust can take on the liability for hosting the data, while the liability for accessing the

wallets is shared by the individual and the wallet provider. It has no political, financial, or social interests to pursue other than the provision of hosting spaces for wallets and funding to maintain operations. The funding required for continued existence would be quite minimal and likely easily secured from multiple sources.

Helpful sources:

Whilst we have already imagined what a few of the features that would be inherent to data trusts, we need to research more how such trusts would work. We are planning researches and pilots in 2020.

bottom of page