Gendered Privacy Evaluation Framework Methodology
Version: June 2024
Why is this framework needed?
The digital landscape continues to grow exponentially, transforming the way individuals interact, communicate, and access information. With this rapid expansion comes an alarming increase in technology-facilitated gender-based violence (TFGBV), disproportionately affecting women and girls worldwide. This pervasive issue underscores the critical need to prioritize gendered privacy considerations in the design and implementation of digital tools, applications, and online platforms. Various manifestations of TFGBV may stem from different contexts, but they all share a commonality: the infringement on the targeted individual's privacy rights. Unauthorized access is the main issue with TFGBV - the survivor not having given permission to access them, their account, their email, etc. Ensuring the right to privacy is essential for safeguarding women and gender-diverse individuals from various forms of TFGBV, such as non-consensual image-sharing, doxxing, harassment, and stalking.
Research indicates gender disparity in digital privacy concerns, with women showing more notable concern about their online privacy compared to men. However, despite their heightened concerns, women often possess a lower level of awareness regarding potential technology, data, and design threats. This lack of awareness is exacerbated by the male-dominated nature of the technology industry, and this gender disparity perpetuates a cycle of disengagement where women acquire lower levels of protection, despite being disproportionately affected by TFGBV.
Online safety tools and interventions play a pivotal role in empowering users to navigate digital spaces safely and mitigate the risks of online harassment and abuse. By providing features such as filtering, blocking, and reporting mechanisms, these tools offer practical solutions for individuals, particularly women and marginalized groups, who are disproportionately affected by online threats. They play a crucial role in empowering users to navigate digital spaces safely and confidently, offering resources to combat online harassment and abuse.
However, without a standardized framework for evaluation, it becomes difficult to assess the impact and efficacy of these interventions in addressing the diverse needs of users, particularly women and others who are disproportionately affected by online safety issues. Existing privacy frameworks often fail to account for the privacy concerns of people who experience heightened risk. This evaluation framework aims to offer guidance that can help technologists, researchers, and designers enhance their capacity in addressing the concerns and meeting the needs of some of technology's most vulnerable users.
Developing a gendered privacy evaluation framework for online safety tools is important for the following reasons:
- A gendered privacy evaluation framework is essential to recognize and mitigate the unique privacy concerns faced by women and gender-diverse individuals online. Research consistently shows that women are disproportionately affected by online harassment, cyberstalking, and other forms of technology-facilitated gender-based violence. Women in the Global South, especially those with lower levels of education also face unique privacy concerns and risks online which may stem from cultural norms, socio-economic disparities, and limited digital literacy. By developing such a Framework, we can tailor online safety tools to better address the specific needs and vulnerabilities of such women and other vulnerable populations, ultimately bridging the gender gap in digital privacy protection.
- By providing transparent information about how online safety tools address gender-specific risks and vulnerabilities, users can choose tools that best suit their needs and preferences. This fosters a sense of agency and control over one's online experiences, ultimately contributing to greater digital empowerment and autonomy.
- By setting clear standards and criteria for evaluation, we can encourage tech companies to prioritize women’s rights in their product design and development processes. This not only improves the quality of online safety tools but also signals a commitment to promoting gender equality and social responsibility.
What types of tools is this framework applicable to?
The tool scope for the evaluation framework encompasses a diverse range of online safety tools and applications designed to address online safety concerns broadly, or which may address one or more key online safety concerns (such as online harassment or non-consensual intimate image sharing) or specifically target vulnerable populations (such as women or gender minorities). This includes:
- Social media platforms including niche platforms catering to specific communities or interests.
- Messaging apps focusing on their privacy features, encryption protocols, or measures to prevent cyberstalking and harassment.
- Safety-focused apps dedicated to online safety and privacy, such as Privacy Party, which offer features like content filtering, user blocking, or anonymous reporting of abusive behavior.
- Browser Extensions which provide enhanced privacy protection, ad-blocking, and tracker-blocking capabilities.
- Online forums and communities with a focus on their moderation policies, reporting mechanisms, and support for marginalized groups.
- Other Digital Tools: Other digital tools and platforms that may play a role in online safety and privacy, such as privacy-focused search engines
Geographical Scope:
- Global scope with an emphasis on inclusivity and relevance to global majority places.
- Consideration for regional nuances and cultural contexts.
- Adaptability to specific country-level regulations and challenges.
User Base Consideration:
- While the number of users is a relevant factor, the evaluation framework prioritizes the gendered privacy perspective over sheer user numbers. Heavy usage alone does not necessarily signify the tool's efficacy in addressing women's safety concerns.
What is a gender approach to privacy?
A gender approach to data privacy involves considering the ways in which individuals' gender identities and experiences can impact their privacy rights and vulnerabilities in the digital realm. Here are some key aspects of a gender approach to data privacy that we aim to address with this gendered privacy evaluation framework:
- Understanding gendered risks: Recognizing that certain data privacy risks may disproportionately affect individuals based on their gender identity or expression. For example, individuals may face unique risks related to the exposure of sensitive information if their gender identity is not respected or disclosed without their consent.
- Intersectionality: Acknowledging that gender intersects with other aspects of identity, such as race, ethnicity, sexual orientation, disability, and socioeconomic status, to shape individuals' experiences of privacy and data protection. Intersectional analysis helps uncover how multiple forms of discrimination can compound privacy risks for marginalized groups.
- Inclusive policy and regulation: Developing data privacy policies and regulations that address the specific needs and concerns of diverse gender identities. This may include measures to prevent discrimination, protect against technology facilitated gender-based violence or stalking online, and ensure that individuals have control over how their gender-related information is collected, stored, and shared.
- Data security: Implementing robust data security measures to safeguard user information from unauthorized access, misuse, or exploitation. This includes encryption, access controls, and regular audits to identify and address vulnerabilities in systems that store or process sensitive data.
- Support and education: Supporting individuals, especially those from marginalized gender groups, with knowledge and resources to protect their privacy rights online. This may involve providing guidance on privacy settings, safe browsing practices, and how to respond to privacy violations or harassment.
- Research and awareness: Conducting human centered design research to better understand the intersection of gender and data privacy, including the unique challenges faced by different gender identities and the impacts of data-driven technologies on gender equality and social justice. Increasing awareness of these issues among policymakers, technology developers, and the general public is also essential for driving positive change.
International human rights frameworks
From an international human rights framework perspective, gendered privacy is justified by several key principles and instruments.
- Universal Declaration of Human Rights (UDHR): Article 12 of the UDHR recognizes the right to privacy, stating that "no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence." Gendered privacy aligns with this principle by acknowledging that privacy violations often have gender-specific implications, such as the disproportionate impact of technology-facilitated gender-based violence on women and marginalized groups.
- International Covenant on Civil and Political Rights (ICCPR): Article 17 of the ICCPR protects individuals against unlawful or arbitrary interference with their privacy, family, home, or correspondence. Gendered privacy extends this protection by addressing the unique privacy concerns faced by individuals based on their gender, including online harassment, surveillance, and discrimination.
- United Nations Resolutions and Declarations: Resolutions of the United Nations General Assembly and Human Rights Council recognize the importance of privacy rights in the digital age and highlight the specific vulnerabilities of women and marginalized groups to privacy violations. These resolutions call for preventive measures and remedies to address gendered privacy concerns.
- Yogyakarta Principles: These principles provide guidance on the application of international human rights law in relation to sexual orientation, gender identity, gender expression, and sex characteristics. Principle 6 specifically addresses privacy rights, emphasizing the need to protect individuals' privacy regardless of their gender identity or sexual orientation.
Inspiration
We did an extra review of existing frameworks and standards and used those as a resource to inform our framework and address existing gaps in the space.
- Take Back the Tech!: Take Back the Tech! is a collaborative campaign led by the Association for Progressive Communications (APC) that advocates for the right to freedom of expression online, with a focus on gender-based violence. It offers resources, guides, and campaigns to raise awareness about online violence against women and promote digital safety.
- Digital Rights Foundation's Hamara Internet: Digital Rights Foundation (DRF), based in Pakistan, launched the Hamara Internet (Our Internet) initiative to promote digital safety, privacy, and freedom of expression, particularly for women and marginalized communities. It offers resources, workshops, and advocacy efforts to address online harassment and gender-based violence.
- Tactical Tech's Gender & Tech Toolkit: Tactical Tech Collective developed the Gender & Tech Toolkit, which provides resources, activities, and guides for understanding and addressing gender issues in technology, including privacy, security, and online harassment.
- Feminist Principles of the Internet (FPI): FPI is a collaborative initiative that outlines a set of principles for ensuring women's rights and gender equality in internet governance and development. It emphasizes issues such as access, participation, and representation in digital spaces.
- Online Harassment Field Manual by PEN America: This resource provides practical guidance for journalists and writers facing online harassment. While not a comprehensive framework, it offers strategies for navigating gender-based harassment and safeguarding digital spaces.
- Guidance on the Safe and Ethical Use of Technology to Address Gender-based Violence and Harmful Practices: Implementation Summary: This resource is the short version of forthcoming guidance that will be fully comprehensive and refer to work at the intersection of gender-based violence (GBV) and harmful practices (HP), data and technology. This summary document is a brief overview of the opportunities, risks and insights relating to potential steps towards creating safe and ethical technology that supports existing GBV/HP programming.In recognition of the continuous advance of technology, the authors encourage use-case feedback that will allow the document to evolve. Both this document and the longer comprehensive guidance will be reviewed on an ongoing basis, in order that they remain applicable to emerging technologies and their associated risks.
- Ranking Digital Rights: Ranking Digital Rights (RDR) is a non-profit research initiative that evaluates the world's most powerful internet and telecommunications companies on their commitments and practices related to freedom of expression and privacy. Through its Corporate Accountability Index, RDR assesses and ranks companies based on their disclosure of policies and practices affecting users' rights to freedom of expression and privacy. The index provides a comprehensive analysis of how these companies are performing in terms of transparency and accountability, empowering users, investors, policymakers, and advocates to hold them accountable for their actions and policies regarding digital rights.
- Building Tech for Diversity and Inclusion 101: the report underscores the necessity of designing technology with diversity and inclusion in mind, citing examples where tech inadvertently excludes certain groups. The manual offers practical guidelines for developers to create more inclusive web and mobile platforms, addressing a gap in reference material. Readers will gain insights and examples to ensure their projects are inclusive, benefiting diverse user groups and potentially increasing adoption and profitability.
Theory of change
The theory of change underlying the gendered privacy evaluation framework is based on the belief that by developing a systematic approach to addressing gender-specific privacy concerns in digital spaces, we can effectively mitigate the risks and harms experienced by women and gender-diverse individuals. This framework aims to bring about positive outcomes through several key steps:
- Recognition of gendered privacy concerns: The first step involves acknowledging and understanding the unique privacy risks faced by women and gender minorities online. By recognizing these gender-specific vulnerabilities, stakeholders can prioritize the development of interventions tailored to address these concerns.
- Incorporation of gender perspectives: The framework emphasizes the importance of incorporating gender perspectives into the design, implementation, and evaluation of online safety tools and applications. By considering the diverse experiences and needs of women and marginalized groups, developers can create more effective and inclusive solutions.
- Enhanced protection and empowerment: Through the implementation of gender-sensitive privacy measures, individuals, particularly women and gender-diverse individuals, are better equipped to protect themselves from online threats and violations. This empowerment fosters a sense of agency and control over one's online experiences, contributing to greater digital autonomy and resilience.
- Advocacy for gender-inclusive practices: By setting clear standards and criteria for evaluation, the framework aims to encourage tech companies and policymakers to prioritize women's rights in their product design and development processes. This advocacy for gender-inclusive practices not only improves the quality of online safety tools but also signals a commitment to promoting gender equality and social responsibility within the technology sector.
Who is the framework for and how can they use it?
- Tech companies and developers: Tech companies and developers can utilize this framework to integrate gender-sensitive privacy measures into their online safety tools and applications. By considering the unique privacy concerns of women and gender-diverse individuals, they can better protect their users from online threats and harassment. They can look at the framework as a check-list and conduct internal audits of how their technology is designed.
- Policymakers and regulators: Policymakers and regulators can leverage this framework and results of the evaluation framework to develop gender-inclusive policies and regulations that govern digital privacy and online safety. By incorporating gender-sensitive approaches into their legislative and regulatory frameworks, they can create a more enabling environment for the protection of privacy rights.
- Civil society organizations (CSOs) and advocacy groups: CSOs and advocacy groups can use this framework to assess tech companies and use the results to raise awareness about gendered privacy concerns, advocate for policy changes, and hold tech companies and policymakers accountable.
- End users and consumer groups: End users and consumer groups, including women and gender-diverse individuals, can benefit from this framework by better understanding their rights, and as a result be equipped to demand gender-inclusive online safety tools and applications, and raise awareness about gendered privacy concerns. By understanding their rights and responsibilities in digital spaces, they can navigate online environments more safely and confidently.
- International organizations: International organizations, such as United Nations Population Fund, can support the further development and implementation of this framework through advocacy, capacity-building, and resource mobilization.
Guide for conducting the research
Preparation
- Figure out how your evaluation project might affect things and what results you expect.
- Write a short summary of your project plan to keep everything clear.
- Think about what could go wrong and make plans to deal with those risks.
- Pick which tools and services you'll study to learn more.
- Plan out how you'll do your research, depending on what you have available.
- Decide if you need any extra tools or methods to help with your research and analysis.
- Set up a research document, ideally a spreadsheet, where you can enter your findings.
Research steps
Depending on your available resources and relationship to the tools you are evaluating, your approach to the research process may vary.
Scenario A: If you are a civil society actor aiming to evaluate a set of tools to advocate for better regulation around gendered privacy, we recommend planning for three research phases. First, conduct an evaluation based on publicly available information. Then, share preliminary findings with the tools being evaluated for feedback, if no risks were identified in your preparatory steps. This step can help uncover evidence that may not have surfaced otherwise. Finally, integrate the feedback, finalize your findings, calculate the scores, analyze the results, and disseminate them according to your plans.
Scenario B: If you are an open-source tech development team seeking to self-evaluate your tool designed to assist women facing online harassment, which is still in development, consider using the framework as a checklist to achieve the best score before launching your product.
Scenario C: If you are an international organization aiming to support small tech startups and promote good practices around gendered privacy in tech tool development, consider adopting the Scenario A approach. However, during the second phase, researchers could collaborate with the tool teams, potentially allowing the final phase to be skipped.
What constitutes evidence?
Overall, we aim to encourage tool teams to publish as much information as possible related to the standards outlined in this framework, as it contributes to the gendered privacy principles we wish to support with the framework. However, we understand that there might be risk scenarios where publishing some of the documentation might cause more harm than good.
Evidence in this context refers to verifiable information or data that supports the findings and conclusions of the evaluation. This includes various forms of documentation, such as reports, surveys, interviews, case studies, user feedback, and any other relevant sources of information providing insight into the performance and impact of the evaluated tools. The evidence should be credible, reliable, and robust enough to support the assessment criteria and conclusions drawn from the evaluation process.
The type of evidence also depends on the scenario you fall under. In Scenario A, during the preparatory steps, you can decide if you are only considering publicly available information. In that case, when seeking company feedback, you need to clarify that you cannot consider documents and statements from the tool teams unless they are published. In Scenarios B and C, you can rely on internal documents, as you are either the tool team itself or working closely with them.