Hypothes.is has a solid consent framework.
Consent is missing in so much of human interaction. Seen as a piece of paper that you sign. The recognition that you're going into new territory needs explaination to all parties.
Consent in cases of emergency? Calling 911 when my house is on fire... implied consent for them to know where you are?
But then, for Facebook reporting that folk in Nepal are ok... ?
Can a group give full consent for an individual? Yes, it's ok to track and find this individual.
Fully getting across what people are agreeing to, if you don't fully understand what is going on, such as for a genome.
Thing of Henrietta Lacks - harvested her cells during her struggle with (tumors? cancer?),
Giving data on a quick cycle because it's a disaster.
Do we delete the data? DO we keep it so we can learn? Do we keep the meta data?
Consent is about risk management.
How do you get back to the person who gives their data?
Genuine informed consent when it's hard to envision the outcomes. Would people be willing to give their data?
People really like giving out Personally Identifying INformation (PII), even when you're trying to prevent it.
Not aware the whole world can watch (or what that might mean).
Also people OVER removing. Preventing people from voicing their political viewpoint that they want to be seen as having.
Balance paternalism of "you can't share that" and paternalism of "you must share this."
Need strong liability on those who hold or collect data.
There's a burden to having ongoing conversations around consent.
Ushahidi has anonymization plugins.
What are the practices in the field?
- World Bank surveys are released without Lat/Long (possible to backtrace, but difficult).
- Aggregate to 20k or 30k. But some dates present, and researchers had been tweeting about where they were
What lessons have we learned from the medical community?
- Do no harm oath.
- Accidents still show up on your record.
- Has happened in the crisis mapping community, albeit quietly.
Is it as simple as developing the same sort of credo for humanitarian and disaster response?
- The Do No Harm Project
- HIPPA consent takes time -- is it just responding to an SMS?
- have to re-sign often
Re-frame from gaining consent to minimizing harm. Not just how "we" get consent, but talking to people about how to secure their own data and selves.
Governance as opposed to consent -- do we have transparency about the things we're doing, what the data is being used for?
"oh, those processes are so unstreamlined that we can't" -- when is governance faster than consent?
Data is relational - it's never about the one person. It's co-owned. Our consent models from medical ethics etc which say "you can withdraw at any point." You CAN'T. Even if you managed to, data is distributed.
Icons for consent -- like Creative Commons iconography. Talk to John Wilbanks about that.
Can we turn the checklist into a fill-in-the-blank?
- Github repo, which can be forked for translations and changes.
- Who/What/Time as main components - make icons for those? Ripple effects for how far it might be shared (diff between data/metadata)
Need to add in metadata/aggregation use versus granular share.
Do people have other options if they don't consent to participate (that would determine if it's true consent or not).
Right to be forgotten into development?
- Only jerks have opted to be forgotten so far
Monetizing data -- how does this relate to consent?
Data fiduciary -- social assets etc. We trust certain organizations with that data, and we need to govern them accordingly.
Give the data back to a community-owned cooperative? With an eye to safety (gay rights) and context?
Ear mark data you usually mark as private to be sharable in time of crisis?
Social way of assessing who is participating?