Header Introduction: The Issues Card is developed by the IGF 2020 Best Practice Forum on Data and New Technologies in an Internet Context. It maps potential issues and challenges related to the use of users’ data by new technologies, formulated as four sets of questions. How to use the Issues Card? The Issues Card is intended as a tool to foster discussion on data and new technology applications. It provides questions that stakeholders can use when assessing how data is collected, analysed and used and what decisions and choices are made to ensure that the data is used to bring benefit and not to harm users. The Issues Card is intended to be an evolving document. We appreciate your feedback and suggestions. A .pdf version of the Issues Card can be found here. Data Collection Data & New Technologies Issues Card Data collection What type of data is collected ? How is the data collected ? Where is the data collected / where does it come from? Is collected data anonymized? Aggregated? What is the legal basis used for the data collection? Are data producers required to give their explicit consent? Can individuals request to delete, correct or update his/her/their already collected data and what is the procedure? In what context are the data collected? (e.g. democratic and free society vs repressive system) How is ‘data in transit’ protected? (e.g. what security measures or security framework is in place?; what measures avoid leaking?) Data Storage Data storage How/where is the data stored? (e.g. centralised or decentralised?) How is the data protected? (e.g. what security measures or security framework is in place?; what measures avoid leaking?) How long is data kept? what after this period? (e.g. is data automatically deleted?) Do data producers have sovereignty over their data? (e.g. are they able to delete their data directly or demand that it is deleted upon their request (‘right to be forgotten’) Labeling and unlocking value Labeling and unlocking value What purpose is the data serving? Is this useful? Necessary? Was the purpose under which the data was collected specified and legitimate? Who decides which are legitimate purposes and aims of data collection? (e.g. democratic decision-making processes versus top-down approaches) What measures are taken to assure that data is not used for purposes different than the ones that were specified on initiating the collection? How is the quality of data assured? How is bias avoided? What duty do policymakers (on national and international levels) have to make sure that data collection purposes meet certain legal and ethical standards, including human rights? Data Sharing Data sharing How can the data be shared in order to create value for all parties? What model(s) of data sharing is (are) used? Who is benefiting from the data sharing? What restrictions apply to sharing the data ? (e.g. data localisation laws) Is the data producer getting any benefit from its data? Can the data be re-used (for similar or different purposes?) To what extent is the data shared with a government and third parties? What possibilities do individuals (the people whose data are being collected) have trace the sharing of their data to other parties?