Consent in Humanitarian Contexts
Consent in humanitarian contexts is the informed, voluntary agreement by an individual to the collection, use, and sharing of their personal data during crisis response, where the conditions of crisis impose constraints on the freedom and information necessary for valid consent. Unlike commercial or administrative data processing where individuals exercise consumer choice, humanitarian consent operates under conditions where people depend on aid for survival, possess limited understanding of data systems, face immediate threats, and interact with organisations holding substantial power over their circumstances. These conditions do not eliminate the requirement for consent but transform how consent functions as a legitimate basis for data processing.
- Informed consent
- Agreement based on clear understanding of what data is collected, why it is collected, how it will be used, who will access it, and what consequences follow from providing or withholding it.
- Freely given consent
- Agreement made without coercion, undue pressure, or fear of negative consequences for refusal, including loss of access to services.
- Specific consent
- Agreement tied to defined purposes rather than blanket authorisation for unspecified future uses.
- Unambiguous consent
- Agreement expressed through clear affirmative action rather than inferred from silence, pre-ticked boxes, or inactivity.
- Proxy consent
- Agreement provided by a legally authorised representative on behalf of an individual who cannot consent for themselves due to age, incapacity, or absence.
The fundamental tension in humanitarian consent arises from the simultaneous truth of two propositions: people in crisis retain the right to control information about themselves, and the conditions of crisis undermine the prerequisites for exercising that control. Resolving this tension requires understanding consent not as a checkbox to be completed but as an ongoing relationship between data subject and data controller that acknowledges constraints while preserving agency to the maximum extent possible.
Consent validity requirements
Valid consent in humanitarian operations requires satisfaction of five conditions that interact with crisis contexts in distinct ways. The first condition, that consent be informed, requires individuals to understand what they are agreeing to before agreement occurs. Information must cover the identity of the data controller, the categories of data collected, the purposes of processing, any recipients or categories of recipients, the retention period or criteria for determining it, and the existence of data subject rights. In humanitarian contexts, this information must be communicated in languages the affected population actually speaks, at literacy levels appropriate to the population, through channels accessible during the crisis, and in timeframes that permit genuine consideration.
The second condition, that consent be freely given, requires absence of coercion and genuine choice. The test for freely given consent examines whether refusal carries adverse consequences and whether the person can refuse without detriment. When a person must register to receive food assistance, the choice between registration and hunger is not a free choice in any meaningful sense. This does not render consent impossible but shifts the legal basis for data processing from consent to other grounds while preserving the ethical obligation to inform and respect individual preferences to the extent circumstances permit.
The third condition, specificity, requires that consent relate to defined purposes rather than open-ended authorisation. Consent to collect biometric data for identity verification does not extend to using that biometric data for research, sharing with government authorities, or purposes conceived after collection. Each distinct purpose requires its own consent or an alternative legal basis. Humanitarian operations must anticipate likely secondary uses at the point of collection and either obtain consent for those uses or establish alternative legal bases.
The fourth condition, that consent be unambiguous, requires clear affirmative action expressing agreement. Pre-selected options, silence, proceeding through a queue, or accepting food from a distribution point do not constitute unambiguous consent to data processing. The affirmative action must relate specifically to the data processing rather than to the service being received. Signing a registration form that includes a consent clause buried in small print fails this test; the signature relates to registration rather than to consent for data processing.
The fifth condition addresses the capacity to consent. Children, persons with certain disabilities, and persons experiencing acute psychological crisis cannot provide valid consent for themselves. Processing their data requires either proxy consent from an authorised representative, reliance on an alternative legal basis such as vital interests, or both. The determination of incapacity must be made carefully to avoid denying agency to persons capable of exercising it.
+------------------------------------------------------------------+| CONSENT VALIDITY ASSESSMENT |+------------------------------------------------------------------+| || +------------------------+ || | Information provided? | || | - Controller identity | || | - Data categories | || | - Purposes +----+ || | - Recipients | | || | - Retention | | || | - Rights | | || +------------------------+ | || v || +------------------------+ +------------------------+ || | | | | || | Information clear? | | Language accessible? | || | - Plain language | | - Local languages | || | - Appropriate level | | - Oral options | || | - Complete | | - Visual aids | || | | | | || +-----------+------------+ +-----------+------------+ || | | || +-------------+-------------+ || | || v || +-------------+-------------+ || | | || | Freely given? | || | - No coercion | || | - No conditionality | || | - Refusal possible | || | | || +-------------+-------------+ || | || v || +-------------+-------------+ || | | || | Specific to purpose? | || | - Defined uses | || | - No blanket consent | || | - Secondary uses clear | || | | || +-------------+-------------+ || | || v || +-------------+-------------+ || | | || | Affirmative action? | || | - Clear expression | || | - Not inferred | || | - Documented | || | | || +-------------+-------------+ || | || v || +-------------+-------------+ || | | || | Capacity present? | || | - Age appropriate | || | - Mental capacity | || | - No acute crisis | || | | || +---------------------------| || | || +-------------v-------------+ || | VALID CONSENT | || +---------------------------+ || |+------------------------------------------------------------------+Figure 1: Consent validity assessment showing cumulative requirements
Power imbalances and structural constraints
Power imbalances in humanitarian operations create structural constraints on consent that persist regardless of the care taken in consent processes. The fundamental imbalance derives from the relationship between provider and recipient: one party controls access to resources necessary for survival or wellbeing while the other party needs those resources. This dynamic operates even when aid workers behave with complete professionalism and organisations maintain strict non-discrimination policies. The imbalance inheres in the structural relationship rather than in individual behaviour.
Several factors amplify baseline power imbalances. Language barriers place affected persons at informational disadvantage, unable to fully understand what they are consenting to or to articulate questions and concerns. Cultural differences in communication styles, attitudes toward authority, and concepts of individual versus collective consent create additional barriers. Trauma and acute stress impair cognitive function and decision-making capacity. Displacement severs people from support networks, documentation, and familiar contexts that normally aid decision-making. Dependency on humanitarian assistance for basic needs creates reluctance to question or refuse requests from aid providers.
The presence of these constraints does not eliminate the possibility of consent but changes what consent can accomplish. In conditions of severe power imbalance, consent functions less as authorisation for processing and more as information provision and preference expression. The ethical and legal weight of data processing decisions shifts toward the data controller, who cannot rely on consent alone to legitimise processing that would be harmful or disproportionate. An individual’s agreement to invasive data collection does not render that collection appropriate if the individual had no realistic alternative to agreeing.
Mitigation of power imbalances requires structural interventions beyond individual consent interactions. Community engagement in data governance decisions distributes some decision-making power away from humanitarian organisations. Independent oversight of data practices provides accountability that does not depend on affected persons’ willingness to complain. Alternative service access for persons who decline data collection ensures that refusal remains a genuine option. Feedback mechanisms that protect anonymity enable affected persons to express concerns without fear of reprisal. These measures cannot eliminate power imbalances but reduce their distorting effect on consent.
Consent models
Humanitarian operations employ several consent models that vary in what triggers data processing authorisation and how consent is expressed. The selection of consent model affects both the protection afforded to data subjects and the operational feasibility of data collection.
Explicit opt-in consent requires affirmative action specifically directed at authorising data processing before any processing occurs. The data subject must take a discrete step, such as signing a consent form, verbally confirming agreement, or selecting an opt-in option, that relates specifically to data processing rather than to service receipt. This model provides the strongest protection for data subjects because processing cannot occur without documented affirmative consent, but imposes the highest operational burden and may exclude persons who do not understand the consent request or decline out of confusion rather than genuine objection.
Tiered consent separates data processing into categories with different consent requirements. Essential processing necessary for service delivery requires only notification, while additional processing for secondary purposes requires explicit consent. A registration system might collect name and household size under notification for assistance targeting while requiring explicit consent to photograph the individual or share data with partner organisations. This model balances protection with operational necessity by reserving explicit consent requirements for processing that poses higher risks or serves less essential purposes.
Dynamic consent enables ongoing adjustment of consent decisions through persistent access to consent management interfaces. Rather than providing consent once at registration, data subjects can log into a system at any time to review what data is held, what processing has occurred, and what sharing has taken place, and can modify their consent preferences going forward. This model requires technological infrastructure that humanitarian contexts often lack and assumes literacy and device access that cannot be assumed for all affected populations.
Community consent involves collective decision-making by community representatives on behalf of community members. A village elder or refugee committee consents to data collection activities that will affect community members. This model aligns with cultural contexts where collective decision-making predominates over individual decision-making, but creates risks that community leaders may not represent the interests of all community members, particularly marginalised subgroups. Community consent should supplement rather than replace individual consent for data processing that affects individuals personally.
Proxy consent authorises representatives to consent on behalf of individuals who cannot consent for themselves. Parents or guardians consent for children, carers consent for persons with certain disabilities, and in some circumstances community leaders or government officials consent for persons who are absent or unreachable. Proxy consent requires clear authority to act on behalf of the individual and carries obligations to act in the individual’s best interest. The proxy’s decision should reflect what the individual would likely decide if capable of deciding, not the proxy’s own preferences.
+----------------------------------------------------------------------+| CONSENT MODEL SELECTION |+----------------------------------------------------------------------+| || +------------------------+ || | Processing type? | || +------------------------+ || | || +------------------+------------------+ || | | || v v || +------+-------+ +--------+------+ || | Essential | | Secondary | || | for service | | purposes | || +------+-------+ +--------+------+ || | | || v v || +------+-------+ +--------+------+ || | Notification | | Risk level? | || | sufficient | +--------+------+ || | if no | | || | alternative | +-------------+-------------+ || | legal basis | | | || +--------------+ v v || +------+-------+ +-------+------+ || | Lower | | Higher | || +------+-------+ +-------+------+ || | | || v v || +------+-------+ +-------+------+ || | Tiered | | Explicit | || | consent | | opt-in | || +--------------+ +--------------+ || || +----------------------------------------------------------------+ || | POPULATION FACTORS | || +----------------------------------------------------------------+ || | | || | Literacy Device Cultural Vulnerability | || | level access context status | || | | | | | | || | v v v v | || | +-------+ +-------+ +-------+ +-------+ | || | | Low | | None | |Collec-| | High | | || | | | | | | tive | | | | || | +---+---+ +---+---+ +---+---+ +---+---+ | || | | | | | | || | +-------+------+------+-------+ | | || | | | | | || | v v v | || | +-----+----+ +-----+------+ +------+-----+ | || | | Oral | | Community | | Enhanced | | || | | consent | | engagement| | safeguards | | || | +----------+ +------------+ +------------+ | || +----------------------------------------------------------------+ |+----------------------------------------------------------------------+Figure 2: Consent model selection based on processing type and population factors
Vulnerable population considerations
Certain populations require enhanced consent protections due to heightened vulnerability or reduced capacity. Vulnerability in this context refers to conditions that impair the ability to make informed, free decisions about data processing or that increase the potential for harm from data misuse. Vulnerability assessments must avoid both under-protection, which exposes vulnerable persons to harm, and over-protection, which denies agency to persons capable of exercising it.
Children present the most common vulnerable population in humanitarian operations. International standards treat persons under 18 as children, though many jurisdictions permit older adolescents to consent to certain types of processing. For children below the age of consent, proxy consent from a parent or guardian is required. Where parents are absent, deceased, or themselves pose a risk to the child, alternative guardians such as extended family members, appointed carers, or child protection authorities may provide proxy consent. The child’s own views carry increasing weight with age and maturity; a 16-year-old’s clear objection to data sharing should be respected even where a parent has consented, unless overriding circumstances require otherwise.
Persons with psychosocial disabilities or cognitive impairments require individualised assessment rather than categorical exclusion from consent processes. Many persons with disabilities retain full capacity to consent; assuming incapacity based on diagnosis alone denies their agency. Where capacity is genuinely impaired, supported decision-making models that assist the person to make their own decision are preferable to substitute decision-making where a proxy decides on the person’s behalf. Only where supported decision-making is insufficient should proxy consent be sought.
Survivors of gender-based violence, torture, trafficking, and other severe trauma present distinct vulnerability related to the data itself rather than to general capacity. A trafficking survivor may have full capacity to consent but face severe risk if their data is disclosed to traffickers. Enhanced consent processes for trauma survivors emphasise safety planning, clear explanation of data sharing boundaries, and explicit confirmation that the person understands who will and will not have access to their information.
Persons in detention, including refugees in closed camps, detainees in immigration facilities, and persons in conflict-related detention, face structural constraints on consent that exceed those of the general affected population. The power imbalance between detained person and detaining authority or humanitarian actor with access to detention facilities is extreme. Consent obtained in detention contexts should be viewed with particular scepticism and alternative legal bases for processing should be preferred where available.
Elderly persons, particularly those experiencing cognitive decline, require assessment for capacity rather than categorical assumptions. Cultural factors may lead elderly persons to defer to family members or community leaders; consent processes should ensure the elderly person’s own preferences are captured where they have capacity to express them.
+--------------------------------------------------------------------+| VULNERABLE POPULATION CONSENT PATHWAY |+--------------------------------------------------------------------+| || +------------------------+ || | Identify potential | || | vulnerability | || | - Age | || | - Disability | || | - Trauma history | || | - Detention status | || | - Dependency level | || +----------+-------------+ || | || v || +----------+-------------+ || | Assess capacity | || | - Understands info | || | - Retains info | || | - Uses info to | || | decide | || | - Communicates | || | decision | || +----------+-------------+ || | || +--------+---------+ || | | || v v || +--+----+ +----+---+ || | Full | | Impaired| || |capacity| |capacity | || +--+----+ +----+---+ || | | || v v || +--+-------------+ +--+-----------------------------+ || | Standard | | Supported decision-making | || | consent with | | - Explain in simple terms | || | enhanced | | - Allow more time | || | safeguards | | - Involve trusted supporter | || | | | - Check understanding | || +--+-------------+ +--+-----------------------------+ || | | || | +----+ || | | || | v || | +--------+---------+ || | | Still unable to | || | | consent? | || | +--------+---------+ || | | || | +--------+---------+ || | | | || | v v || | +-----+------+ +------+-----+ || | | Proxy | | Alternative| || | | consent | | legal basis| || | | - Guardian | | - Vital | || | | - Parent | | interests| || | | - Carer | | - Legal | || | +------------+ | obligation || | +------------+ || | || +-----------------------------------------------+ || | || v || +---------------+------------+ || | Additional safeguards | || | - Safety assessment | || | - Limited retention | || | - Restricted sharing | || | - Regular review | || +----------------------------+ || |+--------------------------------------------------------------------+Figure 3: Consent pathway for vulnerable populations
Documentation and evidence
Documentation of consent serves three functions: demonstrating compliance with legal requirements, protecting the organisation against claims of improper data processing, and creating a record that enables the data subject to understand and verify what they consented to. The form of documentation must balance these functions against operational constraints and risks associated with creating consent records.
Written consent forms provide the clearest documentation but require literacy, create physical records that must be stored securely, and may be impractical in rapid-onset emergencies or mobile operations. A written consent form should identify the data controller, specify the data to be collected, state each purpose for which data will be processed, identify recipients or categories of recipients, indicate retention periods, explain data subject rights, and provide contact information for exercising those rights. The form should include a dated signature or mark and, where the data subject cannot read the form, attestation by a witness that the form was read aloud and understood.
Oral consent requires alternative documentation methods. Audio recording of consent conversations provides strong evidence but raises its own consent and privacy issues and requires equipment and storage infrastructure. Written attestation by the person obtaining consent, recording that consent was explained and obtained orally, provides weaker evidence but is operationally simpler. Witness attestation adds an independent record that oral consent occurred. Whatever method is used, the record should capture the date, location, identity of the person consenting, identity of the person obtaining consent, and confirmation that required information was provided.
Electronic consent through registration systems or mobile applications can automate documentation but requires interface design that ensures comprehension before confirmation. A registration system should not permit completion without passage through consent screens, should require affirmative action such as checking a box rather than merely proceeding, and should record timestamps and device information for each consent interaction. Electronic consent raises accessibility issues for populations without devices or digital literacy.
Retention of consent records must balance evidentiary value against risk. Consent records contain personal data and are themselves subject to data protection requirements. The retention period for consent records should align with the retention period for the data to which they relate; if registration data is retained for 5 years, consent records for that registration should be retained for the same period. In high-risk contexts, consent records linking individuals to sensitive services may pose danger if disclosed; organisations must assess whether the evidentiary value of detailed consent records outweighs the risk of harm from their existence.
| Documentation method | Evidence strength | Operational feasibility | Risk level |
|---|---|---|---|
| Signed written form | Strong | Low in emergencies, moderate otherwise | Moderate (physical records) |
| Audio recording | Strong | Low (equipment, storage) | High (recording exists) |
| Written attestation | Moderate | High | Low |
| Witness attestation | Moderate | Moderate (requires witness) | Low |
| Electronic with audit trail | Strong | Moderate (requires system) | Moderate (system security) |
| Electronic without audit trail | Weak | High | Low |
Withdrawal of consent
Withdrawal of consent is the right of a data subject to revoke previously given consent, ending the lawful basis for processing that relied on that consent. Withdrawal must be as easy as giving consent; if consent was given by ticking a box, withdrawal should require no more than unticking an equivalent box. Processes that make withdrawal difficult, such as requiring written requests, phone calls, or multiple steps, undermine the validity of the original consent by making it effectively irrevocable.
The effect of withdrawal is prospective rather than retrospective. Processing that occurred lawfully under consent before withdrawal remains lawful; the organisation need not delete data already processed or undo actions already taken. However, processing must cease from the point of withdrawal unless an alternative legal basis applies. If data was collected under consent for both service delivery and research purposes, and the data subject withdraws consent, research use must cease but service delivery may continue if supported by an alternative basis such as contractual necessity or vital interests.
Withdrawal should not result in adverse consequences for the data subject beyond the natural consequences of ceasing processing. A person who withdraws consent to data sharing with partner organisations continues to receive services from the original organisation. A person who withdraws consent to biometric registration may need to use alternative identity verification but should not lose access to services entirely where alternatives exist. The principle that consent must be freely given applies equally to its withdrawal; if withdrawal carries penalties, the consent was never truly free.
Practical implementation of withdrawal in humanitarian contexts requires accessible channels for communicating withdrawal. Where consent was obtained in person at a registration point, a person should be able to withdraw by returning to that point or by contacting the organisation through other available channels. Staff must be trained to recognise and process withdrawal requests. Registration and case management systems must support flagging records as consent-withdrawn and suppressing further processing based on that consent.
Partial withdrawal allows data subjects to revoke consent for some purposes while maintaining it for others. A person who consented to data use for both assistance targeting and donor reporting might withdraw consent for donor reporting while maintaining it for assistance targeting. Systems should support granular consent records that track separate purposes and process withdrawals accordingly.
+------------------------------------------------------------------+| CONSENT WITHDRAWAL PROCESS |+------------------------------------------------------------------+| || Data subject Organisation || | | || |---(1) Withdrawal request----->| || | [any accessible channel] | || | | || | +------v------+ || | | Verify | || | | identity | || | +------+------+ || | | || | +------v------+ || | | Identify | || | | scope: | || | | - All | || | | processing| || | | - Specific | || | | purposes | || | +------+------+ || | | || | +------v------+ || | | Check for | || | | alternative | || | | legal bases | || | +------+------+ || | | || | +-----------+-----------+ || | | | || | v v || | +-------+-------+ +-------+-------+ || | | No alternative| | Alternative | || | | basis exists | | basis exists | || | +-------+-------+ +-------+-------+ || | | | || | v v || | +-------+-------+ +--------+--------+ || | | Cease all | | Cease consent- | || | | processing | | based processing| || | +-------+-------+ | Continue other | || | | +--------+--------+ || | | | || | +-----------+-----------+ || | | || | +------v------+ || | | Update | || | | consent | || | | record | || | +------+------+ || | | || | +------v------+ || | | Notify | || | | recipients | || | | if shared | || | +------+------+ || | | || |<--(2) Confirmation------------| || | [consequences explained] | || | | |+------------------------------------------------------------------+Figure 4: Consent withdrawal process flow
Alternatives to consent
Consent is one of several legal bases for processing personal data. Where consent cannot be validly obtained or where the conditions for valid consent cannot be met, organisations must consider alternative bases. Over-reliance on consent in contexts where consent is structurally compromised can be worse than honestly acknowledging that processing relies on other grounds.
Vital interests permits processing necessary to protect the life of the data subject or another person. In humanitarian contexts, processing registration data to deliver life-saving assistance falls under vital interests when the alternative is death or serious harm. Vital interests is narrow: it applies to immediate threats to life rather than general welfare, and only to processing genuinely necessary to address those threats. Using vital interests as a general justification for humanitarian data processing overstates its scope.
Public interest permits processing necessary for tasks carried out in the public interest or in exercise of official authority. Organisations with mandates from governments, international bodies, or recognised humanitarian coordination mechanisms may be able to rely on public interest for data processing within their mandates. The public interest must be established in law or equivalent instrument; organisations cannot self-declare their activities to be in the public interest.
Legitimate interests permits processing necessary for purposes of legitimate interests pursued by the data controller or a third party, except where overridden by the interests or fundamental rights of the data subject. Humanitarian assistance is a legitimate interest, but the balancing test requires genuine assessment of whether the data subject’s rights override that interest in the specific context. Legitimate interests cannot be a blanket justification for all humanitarian processing.
Contractual necessity permits processing necessary for performance of a contract with the data subject. Where humanitarian assistance is delivered under an agreement with the recipient, processing necessary to fulfil that agreement may rely on contractual necessity. The contract must be genuine and the processing must be genuinely necessary for its performance rather than merely convenient.
Legal obligation permits processing necessary for compliance with a legal obligation to which the data controller is subject. Reporting requirements imposed by donors, host governments, or regulatory bodies may create legal obligations that justify processing. The obligation must be binding rather than merely contractual.
Selection among these bases requires honest assessment of which basis actually applies rather than selection of whichever basis is most convenient. Documentation should identify the legal basis relied upon for each category of processing and articulate why that basis applies.
Implementation considerations
Organisations with limited capacity
Organisations operating with minimal IT and data protection capacity should prioritise three interventions. First, develop a standard consent script that frontline staff can deliver verbally, ensuring that essential information is communicated even without written forms. The script should be translated into languages spoken by affected populations and tested for comprehension. Second, train frontline staff to recognise situations where consent is problematic, such as when the person appears not to understand, when pressure is being applied, or when vulnerability indicators are present, and to escalate those situations rather than proceeding regardless. Third, document consent through the simplest reliable method, typically written attestation by the staff member that consent was obtained, with more elaborate documentation reserved for higher-risk processing.
Consent processes in resource-constrained contexts should focus on genuine comprehension and genuine choice rather than on documentation formalities. A verbal consent interaction where the person clearly understands and freely agrees provides better protection than a signed form that the person did not understand. Investment in translation, in staff training, and in accessible communication materials yields more protection than investment in elaborate consent management systems.
Organisations with established capacity
Organisations with dedicated data protection functions and established systems should implement consent management systems that track consent status by individual and purpose, support granular consent and withdrawal, and integrate with registration and case management systems. Consent workflows should be embedded in operational systems so that staff cannot proceed with processing without confirming consent status. Audit trails should capture consent interactions including what information was provided, what consent was given, and when.
These organisations should also invest in consent quality assurance: periodic review of consent interactions, observation of frontline consent processes, testing of affected population comprehension, and analysis of withdrawal patterns to identify consent processes that may be failing. High withdrawal rates or low comprehension in testing indicate problems with consent validity that documentation cannot cure.
Multi-organisational operations
Coordinated humanitarian responses involving multiple organisations face particular challenges in consent management. Data sharing between organisations requires that each organisation have a valid basis for processing; consent given to one organisation does not automatically extend to others. Coordination mechanisms should establish shared consent standards, agree which organisation bears responsibility for obtaining consent in joint registration exercises, and create protocols for communicating consent status when data is shared.
Joint data processing agreements should specify consent responsibilities, identify which organisation is controller for which processing activities, and establish procedures for handling withdrawal. Where one organisation obtains consent on behalf of multiple controllers, the consent must clearly identify all controllers and purposes.
Humanitarian consent form template
The following template provides a model for humanitarian consent documentation. Organisations should adapt it to their specific contexts, purposes, and legal requirements.
Consent for Data Collection and Use
Organisation: [Name of data controller]
Contact: [Contact details for data protection enquiries]
Purpose of this form: This form explains what personal information we collect about you, why we collect it, and how we use it. Please read or listen carefully and ask questions if anything is unclear.
Section 1: Information we collect
We will collect the following information about you:
- Name and other identifying information
- Date of birth and age
- Gender
- Nationality and place of origin
- Current location
- Household composition and family members
- Contact information (phone, address)
- Photograph
- Biometric information (fingerprint, iris scan)
- Health information
- Information about vulnerabilities or protection concerns
- Other: [specify]
Section 2: Why we collect this information
We will use your information for the following purposes:
- To register you for assistance
- To verify your identity when you receive assistance
- To assess your needs and provide appropriate support
- To avoid providing duplicate assistance
- To report to donors who fund our programmes (without identifying you)
- To coordinate with other organisations providing assistance
- To improve our programmes through research and analysis
- Other: [specify]
Section 3: Who we share information with
We may share your information with:
- Partner organisations providing assistance: [list organisations]
- Government authorities: [specify which and why]
- Donors: [specify what information, typically aggregated/anonymised]
- Coordination bodies: [list]
- Other: [specify]
We will NOT share your information with: [list any categories explicitly excluded, such as immigration authorities, law enforcement without legal requirement, etc.]
Section 4: How we protect your information
We store your information securely using [brief description of security measures]. Only staff who need your information to help you will have access to it. We will keep your information for [retention period] and then securely delete it.
Section 5: Your rights
You have the right to:
- Ask us what information we hold about you
- Ask us to correct information that is wrong
- Ask us to delete your information
- Ask us to stop using your information for certain purposes
- Withdraw this consent at any time
To exercise these rights, contact [contact details].
Section 6: Your consent
Please mark your agreement to each statement:
- I have received and understood the information in this form
- I agree to the collection of the information marked in Section 1
- I agree to the use of my information for the purposes marked in Section 2
- I agree to sharing my information with the organisations marked in Section 3
I understand that:
- I can refuse to provide information without losing access to assistance, although some services may require certain information
- I can withdraw my consent at any time by contacting [contact details]
- If I withdraw consent, I will continue to receive assistance but some services may be affected
Signature/mark: _______________________
Date: _______________________
Name (printed): _______________________
For oral consent (where data subject cannot sign):
I confirm that I read/explained this form to the data subject in [language] and they expressed their agreement to the items marked above.
Witness name: _______________________
Witness signature: _______________________
Date: _______________________
Organisations should modify this template to reflect their actual data collection, purposes, and sharing arrangements. The template should not promise protections that cannot be delivered or describe practices that do not occur. Providing a form that does not match actual practice is worse than having no form at all.