Processing any data must be conducted in a legal, ethical and equitable manner with respect to all the relevant stakeholders.
Processing data may include collecting, storing, analysing or disseminating such data. This is especially important when processing individuals’ personal data or data derived from personal data, such as data held by mobile network operators (MNOs) about subscribers. However, data can also be sensitive in other ways, such as commercially-sensitive, sensitive security information, or data that relates to a particular group who may be vulnerable, such as internally displaced people.
It is the responsibility of anyone working with data to identify the stakeholders affected by their processing of data, to understand the potential implications of processing the data, and to take appropriate actions to protect the interests and address the concerns of all the stakeholders.
The use of mobile operator data for any purpose must consider a broad range of stakeholders.
Most important are the subscribers whose personal data are being used.
The use of such personal data is regulated for subscribers in some way across most countries, though these regulations can vary greatly between jurisdictions. In many jurisdictions, these subscribers have a set of rights (“data subject rights”), and it is incumbent upon the organisations holding these data to facilitate meaningful access to exercise these rights. Furthermore, there is an ethical responsibility to protect the privacy of subscribers, both as individuals and of the groups to which they may belong. A robust data governance programme must therefore be implemented to protect the privacy of the subscribers and support a responsible, ethical use of the data and any derived data.
MNOs are also a key stakeholder.
As well as their obligation to protect the privacy of their subscribers and the reputational risk associated with personal data breaches, mobile network operator data and indicators derived from them can contain commercially-sensitive information. For example, information about the number of subscribers or relative market share of a given MNO in a particular region. It is therefore important to also ensure that the business interests of mobile network operators are protected. A robust data governance programme must therefore, again, protect the privacy of the subscribers and also the MNO’s commercially-sensitive information.
The role of regulatory authorities
A variety of different regulatory authorities may be responsible for enforcing the regulations on the use of mobile network operator data depending upon the particular jurisdiction. The scope of these regulations will depend on the mandate of the regulator.
A regulatory authority may be specifically concerned with the use of personal data, regardless of the origins of the data, or may be mandated to specifically regulate telecommunications data.
Depending on the jurisdiction, mobile network operator data may be under the aegis of multiple regulatory authorities.
Data governance programmes must therefore adhere to all regulatory requirements, and before engaging in any new jurisdiction, it’s very important to understand the legal and regulatory landscape in which the engagement will operate. One size does not fit all.
End users
It is also important to consider the interests of the end users of the information derived from mobile operator data. In particular, end users require the data to be fit for purpose. This requires both the underlying data and the derived information to be accurate and that the integrity of the data has been maintained.
Civil society and society at large
Potential impacts to the broader civil society, beyond just the subscribers whose data are being processed, make society at-large also a stakeholder in the use of mobile network operator data.
Civil society can be affected by decisions made informed by mobile network operator data products and is therefore concerned with the appropriate use of such data. Information derived from mobile network operator data can be misused, either intentionally for unethical purposes or accidentally through the misinterpretation of the information.
Furthermore, civil society has an interest in the protection of individual and group privacy.
Data governance programmes must therefore address the risks of unethical use of the data products or misinterpretation resulting in suboptimal decision making, and must protect the privacy of subscribers.
In this section, we will introduce the main data governance considerations when working with mobile network operator data.