ID: 2162
Presenting Author: Ildiko Almasi Simsic
Session: 591 - Managing the right to privacy in impact assessment
Status: pending
ESIAs collect sensitive data, but what about your subconsultants? This talk dives into using contracts to manage data transfer, storage, and deletion, protecting people and your project.
Impact assessments (ESIAs) increasingly gather sensitive personal data during stakeholder engagement, surveys, and resettlement. While international standards mandate a "Right to Privacy," its practical application is often a black hole. Project owners hold the ultimate liability, but data is handled by a fragmented chain of consultants and subconsultants. If one of them has a data breach, it creates a significant legal, financial, and reputational nightmare for the entire project. The core problem is our contracts. Vague clauses like "consultant must comply with all local laws" are insufficient and ignore the operational realities: Who truly owns the raw data? How are cross-border data transfers governed? Where is data stored (Data Residency)? And what are the rules for secure deletion after the assignment? This presentation skips legal theory and provides a practical, contracts-based toolkit. We will share specific, auditable language to embed in your contracts and Terms of Reference to govern the entire data lifecycle. We'll cover practical mechanisms for cross-border transfers, mandating and verifying data storage locations, and setting clear timelines for data destruction, including requiring a "certificate of deletion" from all parties. By treating personal data with the same contractual rigor as project budgets, we can protect community privacy, ensure compliance, and de-risk our projects from this massive and growing liability.
Ildiko Almasi Simsic is an E&S expert, AI innovator who discovered the importance of data protection in IA through her work with E&S Solutions.