International Organization for Standardization

Acronym: ISO

Address: Chem. de Blandonnet 8, 1214 Vernier, Switzerland

Website: https://iso.org

Stakeholder group: International and regional organisations

The International Organization for Standardization (ISO) is a non-governmental international organisation composed of 165 national standard-setting bodies that are either part of governmental institutions or mandated by their respective governments. Each national standard-setting body therefore represents a member state.

After receiving a request from a consumer group or an industry association, ISO convenes an expert group tasked with the creation of a particular standard through a consensus process.

ISO develops international standards across a wide range of industries, including technology, food, and healthcare, in order to ensure that products and services are safe, reliable, of good quality, and ultimately, facilitate international trade. As such, it acts between the public and the private sector.

To date, ISO has published more than 22 000 standards.

Digital Activities

A large number of the international standards and related documents developed by ISO are related to information and communication technologies (ICTs), such as the Open Systems Interconnection (OSI) that was created in 1983 and established a universal reference model for communication protocols. The organisation is also active in the field of emerging technologies including blockchain, the Internet of Things (IoT), and artificial intelligence (AI).

The standards are developed by various technical committees dedicated to specific areas including information security, cybersecurity, privacy protection, AI, and intelligent transport systems.

Digital policy issues

Artificial intelligence 

The joint technical committee of ISO and the International Electrotechnical Commission (IEC) for AI is known as ISO/IEC JTC1/SC 42 Artificial intelligence and is responsible for the development of standards in this area. To date, it has published one standard specifically pertaining to AI with 18 others in development.

ISO/IEC TR 24028 provides an overview of trustworthiness in AI systems, detailing the associated threats and risks associated and addresses approaches on availability, resiliency, reliability, accuracy, safety, security, and privacy.

The standards under development include those that cover: concepts and terminology for AI (ISO/IEC 22989); bias in AI systems and AI-aided decision-making (ISO/IEC TR 24027); AI risk management (ISO/IEC 23894); a framework for AI systems using machine learning (ISO/IEC 23053); and the assessment of machine learning classification performance (ISO/IEC TS 4213).

Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Cloud computing 

ISO and IEC also have a joint committee for standards related to cloud computing which currently has 19 published standards and a further 7 in development.

Of those published, two standards of note include ISO/IEC 19086-1, which provides an overview, foundational concepts, and definitions for a cloud computing service level agreement framework, and ISO/IEC 17789, which specifies the cloud computing reference architecture.

Standards under development include those on health informatics (ISO/TR 21332.2); the audit of cloud services (ISO/IEC 22123-2.2); and data flow, categories, and use (ISO/IEC 19944-1).

Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Internet of things 

Recognising the ongoing developments in the field of IoT, ISO has a number of dedicated standards both published and in development, including those for intelligent transport systems (ISO 19079), future networks for IoT (ISO/IEC TR 29181-9), unique identification for IoT (ISO/IEC 29161), Internet of Media Things (ISO/IEC 23093-3), trustworthiness of IoT (ISO/IEC 30149), and industrial IoT systems (ISO/IEC 30162).

 IoT security is addressed in standards such as ISO/IEC 27001 and ISO/IEC 27002, which provide a common language for governance, risk, and compliance issues related to information security.

 In addition, there are seven standards under development, some of which provide a methodology for the trustworthiness of an IoT system or service (ISO/IEC 30147); a trustworthiness framework (ISO/IEC 30149); the requirements of an IoT data exchange platform for various IoT services (ISO/IEC 30161); and a real-time IoT framework (ISO/IEC 30165).

 Up-to-date information on the ISO and IEC joint technical committee for IoT (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Telecommunications infrastructure 

ISO’s standardisation work in the field of telecommunications infrastructure covers areas such as planning and installation of networks (e.g. ISO/IEC 14763-2 and ISO/IEC TR 14763-2-1), corporate telecommunication networks (e.g. ISO/IEC 17343), local and metropolitan area networks (e.g. ISO/IEC/IEEE 8802-A), private integrated telecommunications networks (e.g. ISO/IEC TR 14475), and wireless networks. Next generation networks – packet-based public networks able to provide telecommunications services and make use of multiple quality of service enabled transport technology – are equally covered (e.g. ISO/IEC TR 26905).

ISO also has standards for the so-called future networks, which are intended to provide futuristic capabilities and services beyond the limitations of current networks, including the Internet.

Up-to-date information on the joint ISO and IEC technical committee that develops these standards (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Blockchain 

ISO has published three standards on blockchain and distributed ledger technologies: ISO/TR 23455 gives an overview of smart contracts in blockchain and distributed ledger technologies; ISO/TR 23244 tackles privacy and personally identifiable information protection; and ISO 22739 covers fundamental blockchain terminology respectively.

ISO also has a further ten standards on blockchain in development. These include those related to: security risks, threats and vulnerabilities (ISO/TR 23245.2); security management of digital asset custodians (ISO/TR 23576); taxonomy and ontology (ISO/TS 23258); legally-binding smart contracts (ISO/TS 23259); and guidelines for governance (ISO/TS 23635).

Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Emerging technologies 

ISO develops standards in the area of emerging technologies. Perhaps the largest number of standards in this area are those related to robotics. ISO has more than 40 different standards either published or in development that cover issues such as: collaborative robots (e.g. ISO/TS 15066); safety requirements for industrial robots (e.g. ISO 10218-2); and personal care robots (e.g. ISO 13482).

Autonomous or so-called intelligent transport systems (ITS) standards are developed by ISO’s ITS Technical Committee and include those for forward vehicle collision warning systems (ISO 15623) and secure connections between trusted devices (ISO/TS 21185).

Standards are also being developed to address the use of virtual reality in learning, education, and training (e.g. ISO/IEC 23843) and the display device interface for augmented reality (ISO/IEC 23763).

Network security 

Information security and network security is also addressed by ISO and IEC standards. The ISO and IEC 27000 family of standards covers information security management systems and are used by organisations to secure information assets such as financial data, intellectual property, and employee information.

For example, ISO/IEC 27031 and ISO/IEC 27035 are specifically designed to help organisations respond, diffuse, and recover effectively from cyberattacks. ISO/IEC 27701 is an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management, and details requirements and guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS).

Network security is also addressed by standards on technologies such as the IoT, smart community infrastructures, medical devices, localisation and tracking systems, and future networks.

Up-to-date information on the joint ISO and IEC technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Encryption 

As more and more information (including sensitive personal data) is stored, transmitted, and processed online, the security, integrity, and confidentiality of such information becomes increasingly important. To this end, ISO has a number of standards for the encryption of data. For example, ISO/IEC 18033-1, currently under development, addresses the nature of encryption and describes certain general aspects of its use and properties. Other standards include ISO/IEC 19772 that covers authenticated encryption, ISO/IEC 18033-3 that specifies encryption systems (ciphers) for the purpose of data confidentiality, and ISO 19092 that allows for encryption of biometric data used for authentication of individuals in financial services for confidentiality or other reasons.

ISO also has standards that focus on identity-based ciphers, symmetric and asymmetric encryption, public key infrastructure, and many more related areas.

Data governance 

Big data is another area of ISO standardization, and around 80% of related standards are developed by the ISO/IEC AI committee. The terminology for big data-related standards is outlined in ISO/IEC 20546, while ISO/IEC 20547-3 covers big data reference architecture.

ISO/IEC TR 20547-2 provides examples of big data use cases with application domains and technical considerations and ISO/IEC TR 20547-5 details a roadmap of existing and future standards in this area. A further eight standards are in development and include those for big data security and privacy (ISO/IEC 27045), terminology used in big data within the scope of predictive analytics (ISO 3534-5), and data science life cycle (ISO/TR 23347).

Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Privacy and data protection 

Privacy and data protection in the context of ICTs is another area covered by ISO’s standardisation activities. One example is ISO/IEC 29101 which describes a privacy architecture framework.

Others include those for privacy-enhancing protocols and services for identification cards (ISO/IEC 19286); privacy protection requirements pertaining to learning, education, and training systems employing information technologies (ISO/IEC 29187-1); privacy aspects in the context of intelligent transport systems (ISO/TR 12859); and security and privacy requirements for health informatics (ISO/TS 14441).

Digital identities 

Digital signatures that validate digital identities help to ensure the integrity of data and authenticity of particulars in online transactions. This, therefore, contributes to the security of online applications and services. Standards to support this technology cover elements such as: anonymous digital signatures (e.g. ISO/IEC 20008-1 and ISO/IEC 20008-2); digital signatures for healthcare documents (e.g. ISO 17090-4 and ISO 17090-5); and blind digital signatures, which is where the content of the message to be signed is disguised, used in contexts where, for example, anonymity is required. Examples of such standards are ISO 18370-1 and ISO/IEC 18370-2.

Digital tools

ISO has developed an online browsing platform that provides up to date information on ISO standards, graphical symbols, publications, and terms and definitions.

Future of Meetings

Any reference to online or remote meetings?

Any reference to holding meetings outside HQ?

Any reference to deliberation or decision making online?

  • Yes, ISO governance groups are also meeting virtually.

The United Nations High Commissioner for Refugees

Acronym: UNHCR

Address: Rue de Montbrillant 94, 1201 Genève, Switzerland

Website: https://www.unhcr.org/

Stakeholder group: International and regional organisations

Established in 1950 after the end of WWII, the United Nations High Commissioner for Refugees is a UN agency mandated to help and protect refugees, internally displaced and stateless people, and to assist in their voluntary repatriation, local integration or resettlement to a third country.

Whereas the majority of its activities take place in the field (given that 90% of its staff is based on the ground) and include, among other things, the provision of protection, shelter, emergency relief, and repatriation, it also works with national political, economic and social actors in order to ensure that refugee policies are enacted and laws are compliant with international frameworks. In addition, the organisation also takes on advocacy activities where it works with governments, non-government actors in order to promote practices and provide assistance to those in need.

As recognition for its work, in 1954, the UNHCR was awarded the Nobel Peace Prize.

Digital activities

The UNHCR’s digital activities centre around its core objective – to aid refugees and displaced persons. The organisation, therefore, has been very active in the area of digital inclusion and digital identity. In this context, the UNHCR, for instance, looks for ways how digital identity can facilitate protection and empowerment of refugees and asylum-seekers. In addition, the Refugee agency has conducted substantial work in the field of privacy and data protection and transition to online learning to ensure the right to education.

Digital policy issues

Digital identities 

To promote the inclusion of refugees, internally displaced persons (IDPs), stateless persons and other vulnerable individuals, the UNHCR focuses a part of its work on digital identity. Within this scope, it published in 2018 its “UNHCR Strategy on Digital Identity and Inclusion”. In this document, the UNHCR defines the challenges faced by individuals, in particular, foreigners, migrants, asylum seekers and refugees who lack their legal identity papers. It highlights the advantages brought about by digitalisation and defines three main objectives for achieving the digital inclusion and digital identity: 1) Empower refugees, stateless and forcibly displaced persons to access, among other things, the job market, education and financial services; 2) strengthen states’ capacity to register and document all individuals living on their respective territories and ensure conformity with international standards of data security and privacy; 3) improve service delivery (e.g. delivery of legal and protection) through the use of the Internet and mobile technologies.

From a practical point of view, the Refugee Agency uses Population Registration and Identity Management Ecosystem (PRIMES) which gathers UNHCR’s digital registration, identity management and case management tools into a single internally connected and interoperable ecosystem. The tool makes use of personal information including biographic and biometric data, to provide necessary assistance, protection and services to protection to refugees and other displaced populations.

Online education 

Online learning plays also features in UNHCR’s work. In a recent publication titled ‘Supporting Continued Access to Education during COVID-19’, the UNHCR underscored its vital role in advocating for and ensuring the inclusion of refugees in national response plans to ensure the continuity of learning. The document sheds light on some of the activities that it has undertaken in light of the health crisis, including, the launch of online learning platforms in Jordan as well as related education programmes in Uganda.

In the broader context of online education, in its ‘Education 2030: A Strategy for Refugee Inclusion’, the UNHCR highlights the increasingly important role played by digital technologies and proposes the strengthening of policies and practices to promote the development of digital and transferable skills through connected and blended learning

methods. Keeping within the broader approach, in 2016, the UNHCR, together with Arizona State University, initiated the Connected Learning in Crisis Consortium (CLCC). The objective of the initiative is to promote, coordinate and support the provision of quality higher education in contexts of conflict, crisis and displacement through Connected Learning that thanks to the use of information technology combine face-to-face and online learning.

To pursue its action in the domain of access to education, the Refugee Agency runs several platforms. To illustrate, its online platform ‘UNHCR Opportunities’ allows refugees, IDPs and other displaced persons to find accredited higher education academic or scholarship programmes that have been verified by UNHCR. The ‘Learn and Connect’ portal enables UNHCR staff and partners to access a comprehensive set of learning activities.

Sustainable development 

The UNHCR is firmly committed to achieving the 2030 Agenda for Sustainable Development. The interplay between digital and development is evident in the Agency’s contributions in the field of digital inclusion. To this end, the UNHCR has published the above-mentioned ‘Strategy on Digital Identity and Inclusion’.

The Agency has also developed Digital Access, Inclusion and Participation programme, to ensure that refugees and other displaced communities have access to digital technology and connectivity, and increasing their participation in Agency’s work. UNHCR’s Innovation Service leads the programme.

In 2018, the UNHCR launched the Global Compact for Refugees, a  framework for more equitable responsibility-sharing, noting that sustainable solutions to refugee situations cannot be realised without international cooperation. Therefore, it sets out four key objectives: to ease the pressures on host countries, enhance refugee self-reliance, expand access to third-country solutions, and support conditions in countries of origin for return in safety and dignity. Moreover, the Agency developed a digital platform for the Global Compact on Refugees, which enables the sharing of experiences and knowledge on the implementation of the Global Compact for Refugees.

The UNHCR has also worked with students and young people to raise awareness on many challenges faced by refugees. For instance, the Agency has launched ‘The MUN Refugee Challenge’ to encourage students worldwide to debate on and shape solutions to numerous refugee crises.

Privacy and data protection 

The UNHCR has been very vocal in the area of data protection, emphasising that ‘Data protection is part and parcel of refugee protection’. Since 2015, the Refugee agency has its own Data protection policy. The Policy is accompanied by the ‘Guidance on the Protection of Personal Data of Persons of Concern to UNHCR’, published in 2018, with the aim of assisting the UNHCR personnel in the application and interpretation of the above Policy.

The Refugee agency has recently published a ‘Data Transformation Strategy 2020-2025’ aimed at strengthening its role as a leading authority on data and information related to forcibly displaced and stateless persons.

World Trade Organization

Acronym: WTO

Address: Rue de Lausanne 154, 1202 Genève, Switzerland

Website: https://wto.org

Stakeholder group: International and regional organisations

The World Trade Organization (WTO) is an intergovernmental organisation that deals with the rules of trade among its members. Its main functions include: administering WTO trade agreements; providing a forum for trade negotiations; settling trade disputes; monitoring national trade policies; providing technical assistance and training for developing countries; and ensuring co-operation with other international organisations.

WTO Members have negotiated and agreed upon rules regulating international trade, fostering transparency and predictability in the international trading system. The main agreements are the Marrakesh Agreement Establishing the WTO, the General Agreement on Tariffs and Trade (GATT); the General Agreement on Trade in Services (GATS); and the Agreement on Trade-related Aspects of Intellectual Property Rights (TRIPS Agreement).

Digital Activities

Several Internet governance and digital trade policy related issues are discussed in the WTO. These include e-commerce, intellectual property (IP), and market access for information and communication technology (ICT) ICT products and services. E-commerce discussions are ongoing under the Work Programme on Electronic Commerce and among a group of members currently negotiating e-commerce rules under the Joint Statement on E-commerce. Discussions focus on several digital issues, including: data flows and data localisation; access to source code; cybersecurity; privacy; consumer protection; and customs duties on electronic transmissions.

As part of its outreach activities, the WTO organises an annual Public Forum, which brings together governments, non-governmental organisations, academics, businesses, and other stakeholders, for discussions on a broad range of issues, including many relating to the digital economy.

Digital policy issues

E-commerce and trade 

The WTO agreements cover a broad spectrum of trade topics, including some related to e-commerce, which has been on the WTO’s agenda since 1998 when the ministers adopted the Declaration on Global Electronic Commerce. The Declaration instructed the General Council to establish a Work Programme on electronic commerce. In that Declaration, members also agreed to continue the practice of not imposing customs duties on electronic transmissions (the ’moratorium’). The Work Programme provides a broad definition of e-commerce and instructs four WTO bodies to explore the relationship between WTO Agreements and e-commerce. The Work Programme and the moratorium have been periodically reviewed and renewed. In December 2019, the General Council agreed to reinvigorate the Work Programme and continue the moratorium until the Twelfth Ministerial Conference. In addition, members agreed to have structured discussions on all trade-related topics of interest brought forward by members, including on the scope, definition, and impact of the moratorium.

At the Eleventh Ministerial Conference in 2017, a group of members issued a Joint Statement on Electronic Commerce (JSI) to explore work towards future WTO negotiations on trade-related aspects of e-commerce. Following the exploratory work, in January 2019, 76 Members confirmed their ’intention to commence WTO negotiations on trade-related aspects of electronic commerce’ and to ’achieve a high standard outcome that builds on existing WTO agreements and frameworks with the participation of as many WTO Members as possible.’ Negotiations are continuing among 85 Members and are structured under 6 broad themes, namely: enabling digital trade/e-commerce; openness and digital trade/e-commerce; trust and digital trade/e-commerce; cross-cutting issues; telecommunications; and market access. Specific issues under discussion include provisions related to customs duties, paperless trading. cross-border transfers of information, spam, cybersecurity, electronic authentication and electronic signatures, location of computing facilities, consumer protection, protection of personal information, and market access.

Taxation 

WTO members agreed to a temporary moratorium on the imposition of customs duties on electronic transmissions at the Second WTO Ministerial Conference in the 1998  Geneva Ministerial Declaration. The moratorium has been extended periodically, including most recently in December 2019. While some WTO members argue that the moratorium should be made permanent, others have noted the need to clarify its scope and for further analysis of its impact; for example on development and customs revenues, especially given concerns that more types of physical goods could be digitised or transmitted digitally in the future. Other members have supported a more holistic approach to the moratorium, beyond the revenue implications.

Access 

Information Technology Agreement (ITA-I and ITA-II)

The ITA-I was concluded by 29 participants in 1996. Through this agreement, participating WTO members eliminated tariffs on several ICT products – including computers and mobile telephones – with the aim to intensify global competition among certain ICT goods allowing for greater access to the Internet and growth of the digital economy, including for least-developed countries. Currently, 82 WTO members are participants in ITA-I, accounting for approximately 97% of world trade in ITA-I products. At the Tenth WTO Ministerial Conference in Nairobi in 2015, over 50 WTO members concluded ITA-II, an agreement expanding the coverage of ITA-I by 201 tariff lines. ICT products such as optical lenses and GPS navigation equipment were added. The rationale of this product expansion was to keep the benefits of tariff elimination in touch with innovation. At present, the ITA-II consists of 55 WTO members, representing approximately 90% of world trade in ITA-II products. The ITA is being discussed in the JSI under the market access focus group.

Telecommunications infrastructure 

In 1997, WTO members successfully concluded negotiations on market access for basic telecommunications services through the GATS Annex on Telecommunications, which contains provisions to guarantee service suppliers access to and use of basic telecommunications needed to supply their services. Through a reference paper on regulatory principles, members also agreed to safeguard against anticompetitive practices by dominant suppliers of basic telecommunications. Since 1997, an increasing number of WTO members have undertaken commitments on telecommunications. Under the JSI negotiations, participants are discussing a proposal focused on telecommunications services, aiming to update provisions of the reference paper.

Digital standards 

International standards are important to the global digital economy as they can enable interconnectivity and interoperability for telecommunications and Internet infrastructures. The WTO Technical Barriers to Trade Agreement (TBT Agreement) aims to ensure that technical regulations, standards, and conformity assessment procedures affecting trade in goods (including telecommunications products) are non-discriminatory and do not create unnecessary obstacles to trade. The TBT Agreement strongly encourages that such regulatory measures be based on relevant international standards.

The TBT Committee serves as a forum where governments discuss and address concerns with specific regulations, including those affecting digital trade. Examples of relevant TBT measures notified to or discussed at the TBT Committee include: (i) measures addressing the Internet of Things (IoT) and related devices in terms of their safety, interoperability, national security/cybersecurity, performance, and quality; (ii) measures regulating 5G cellular network technology for reasons related to, among others, national security and interoperability; (iii) measures regulating 3D printing (additive manufacturing) devices; (iv) measures regulating drones (small unmanned aircraft systems) due to risks for humans/consumers, interoperability problems, and national security risks; and (v) measures dealing with autonomous vehicles, mostly concerned with their safety and performance.

Data governance 

The growth of the global digital economy is fuelled by data. Discussions on how provisions of WTO agreements apply to data flows are ongoing among WTO members. In this context, the GATS is particularly relevant, as it could apply to services such as: (i) data transmission and data processing by any form of technology (e.g. mobile or cloud technologies); (ii) new ICT business models such as infrastructure as a service (IaaS); (iii) online distribution services e.g. (e-commerce market platforms); and (iv) financial services such as mobile payments. The extent to which members can impose restrictions on data or information flows is determined by their GATS schedules of commitments. Under the JSI, proposals on cross-border data flows have been submitted and are being discussed. These proposals envision a general rule establishing free flow of data for the purpose of commercial activities. Proposed exceptions to this general rule are, for the most part, similar to the existing GATS General Exceptions and relate to, for example, protection of personal data, protection of legitimate public policy objectives, national security interests, and exclusion of governmental data. Issues related to data flows have also been raised by members in other contexts at the WTO, especially when national measures adopted for cybersecurity have been considered as trade barriers.

Intellectual property rights 

The TRIPS Agreement is a key international instrument for the protection of IP and is of relevance to e-commerce. The technologies that underpin the Internet and enable digital commerce such as software, routers, networks, switches, and user interfaces are protected by IP. In addition, e-commerce transactions can involve digital products with IP-protected content, such as e-books, software, or blueprints for 3D -printing. As IP licences often regulate the usage rights for such intangible digital products, the TRIPS Agreement and the international IP Conventions provide much of the legal infrastructure for digital trade.

IP-related issues are also being discussed in the JSI. Submitted proposals include text on limiting requests to the access or transfer of source code. The source code or the data analysis used in the operation of programmes or services is often legally protected by IP law through copyright, patent, or trade secret provisions. The main goal of the JSI proposals on access to source code is to prevent members from requiring access or transfer of the source code owned by a national of another member. Some exceptions to this general prohibition have also been proposed. For example, for software that is used for critical infrastructures and public procurement transactions.

Arbitration 
One of the core activities of the WTO is to provide a dispute settlement mechanism through which WTO members can enforce their rights under the WTO agreements. A trade dispute arises when a member considers that another member is violating a legal provision or commitment made under any of the WTO agreements. Disputes under this mechanism have involved Internet-related issues, telecommunications services, electronic payment services, IP rights, ICT products, and online gambling. The US – Gambling case concerning the cross-border supply of online gambling and betting services is particularly relevant to e-commerce.
Cybersecurity 

Cybersecurity issues have been addressed in several WTO bodies. For example, the TBT Committee has discussed national cybersecurity regulations applicable to ICT products and their potential impact on trade. In the TBT Committee, to date, WTO members have raised over 15 specific trade concerns related to cybersecurity regulations. Some of the specific issues discussed include how cybersecurity regulations discriminating against foreign companies and technologies can have a negative impact on international trade in ICT products. Proposals on cybersecurity have also been tabled in the JSI on e-commerce. Discussions have focused on strengthening national capacities for incident response and collaboration mechanisms; encouraging co-operation; and sharing of information and best practices on addressing incidents. Cybersecurity has also been discussed in the context of cross-border data flows and electronic authentication.

World Health Organization

Acronym: WHO

Address: Avenue Appia 20, 1211 Geneva, Switzerland

Website: https://who.int

Stakeholder group: International and regional organisations

The World Health Organization (WHO) is a specialised agency of the UN whose role is to direct and co-ordinate international health within the UN system.

As a member state organisation, its main areas of work include health systems, the promotion of health, non-communicable diseases, communicable diseases, corporate services, preparedness, and surveillance and response.

The WHO assists countries in co-ordinating multi-sectoral efforts by governments and partners (including bi- and multilateral meetings, funds and foundations, civil society organisations, and the private sector) to attain their health objectives and support their national health policies and strategies.

Digital Activities

The WHO has strengthened its approach to data by ensuring this strategic asset has a dedicated division: the Division of Data, Analytics and Delivery for Impact. This has helped strengthen data governance by promoting sound data principles and accountability mechanisms, as well as ensuring that the necessary policies and tools are in place that can be used by all three levels of the organisation and can be adopted by member states. Digital health and innovation are high on the WHO’s agenda; it is recognised for its role in strengthening health systems through the application of digital health technologies for consumers/people and healthcare providers as part of achieving its vision of health for all.

The WHO also established the new Department of Digital Health and Innovation in 2019 within its Science Division. Particular attention is paid to: Promoting global collaboration and advancing the transfer of knowledge on digital health; advancing the implementation of national digital health strategies; strengthening the governance for digital health at the global, regional, and national levels; and advocating for people-centered health systems that are enabled by digital health.  These strategic objectives have been developed in consultation with member states throughout 2019 and 2020, and will be submitted for adoption to the upcoming 2021 World Health Assembly.

The Division of Data Analytics and Delivery for Impact and the Department of Digital Health and Innovation work closely together to strengthen links between data and digital issues, as well as data governance efforts. Digital health technologies, standards, and protocols enable health systems to integrate the exchange of health data within the health system. Coupled with data governance, ethics, and public health data standards, digital health and innovation enable the generation of new evidence and knowledge through research and innovation and inform health policy through public health analysis.

More recently, the COVID-19 pandemic accelerated the WHO’s digital response, collaboration, and innovation in emergencies. Some examples include: Collaborating to use artificial intelligence (AI) and data science in analysing and delivering information in response to the COVID-19 ‘infodemic’ (i.e. overflow of information, including misinformation, in an acute health event which prevents people from accessing reliable information about how to protect themselves);  promoting cybersecurity in the health system, including hospitals and health facilities; learning from using AI, data science, digital health, and innovation in social science research, disease modelling, and simulations, as well as supporting the epidemiological response to the pandemic; and producing vaccines and preparing for the equitable allocation and distribution of vaccines.

The WHO is a leader among Geneva-based international organisations in the use of social media, through its awareness-raising  for health-related issues. The WHO was awarded first prize at the Geneva Engage Awards in 2016, and second prize in 2017.

The WHO/International Telecommunication Union (ITU) Focus Group on artificial intelligence for health (FG-AI4H) works to establish a standardised assessment framework for the evaluation of AI-based methods for health, diagnosis, triage, or treatment decisions. https://www.itu.int/en/ITU-T/focusgroups/ai4h/

Be He@lthy, Be Mobile: Accessing the right information, when one needs it, is at the heart of this WHO-ITU initiative. In support of national governments, Be He@lthy, Be Mobile is helping millions of people quit tobacco, control diabetes and cervical cancer, help people at risk of asthma and chronic obstructive pulmonary disease (COPD), and care for older persons.

Digital policy issues

Data and artificial intelligence 

The response to COVID-19 reinforced the centrality of data and AI for the health sector and the WHO’s activities. Data and AI policies are covered by the following instruments.

Digital Standards: Integration of health information exchange (HIE) 

The WHO collaborates with health information exchange standardisation bodies and organisations, such as HIE and HL7 (Health Level 7), to promote sustainable investment into interoperable digital health technologies and systems. Digital health technologies, standards, and protocols enable health systems to integrate the exchange of health data within the health system. Coupled with data governance, ethics, and public health data standards, digital health and innovation enable the generation of new evidence and knowledge through research and innovation, and inform health policy through public health analysis.

Digital Accelerator Kits and computable guidelines: Ensure countries can effectively benefit from investments in digital systems, ‘digital accelerator kits’ are designed to ensure the WHO’s evidence-based guideline content is accurately reflected in the systems countries are adopting. Digital Accelerator Kits distill WHO guidelines and operational resources into a standardised format that can be more easily incorporated into digital tracking and decision support systems. This in turn enables standardised health information exchange within the health system.

WHO Guideline: recommendations on digital interventions for health system strengthening: Recommendations based on a critical evaluation of the evidence on emerging digital health interventions that are contributing to health system improvements, based on an assessment of the benefits, harms, acceptability, feasibility, resource use, and equity considerations.

Classification of digital health interventions v1.0 – A shared language to describe the uses of digital technology for health: The classification of digital health interventions categorises the different ways in which digital and mobile technologies are being used to support health system needs. A shared and standardised vocabulary was recognised as necessary to identify gaps and duplication, evaluate effectiveness, and facilitate alignment across different digital health implementations

Electromagnetic field and health protection 

As the digital reality moves from ‘cable’ to wireless traffic (wi-fi and mobile), a growing number of concerns are emerging on the impact of electromagnetic fields on human health. This technology has become part of the wider public debate and has given rise to conspiracy theories such as those that claim 5G spreads COVID-19. These concerns increase the importance of the WHO’s research and policy-making within a broader evidence-based discussion on the impact of wi-fi and mobile devices on health.

Model legislation for electromagnetic field protection (2006)

Institute of Electrical and Electronics Engineers’ (IEEE) Standard for Safety Levels with Respect to Human Exposure to Radio Frequency Electromagnetic Fields, 3 kHz to 300 GHz

Online gaming 

Since 2018, gaming disorder has been included in the WHO’s International Classification of Diseases (ICD). While the negative impacts of online gaming on health are being increasingly addressed by national health policies, it has been recognised by some authorities, such as the US Food and Drug Administration (FDA), that some game-based devices could have a therapeutic effect. Given the fast growth of online gaming and its benefits and disadvantages, the implications on health are expected to become more relevant.

International Classification of Diseases (ICD-11) (2018)

Domain names: The .health top-level domain name 

Health-related generic top-level domain (gTLD) names, in all languages, including ‘.health’, ‘.doctor’, and ‘.surgery’, should be operated in a way that protects public health and includes the prevention of further development of illicit markets of medicines, medical devices, and unauthorised health products and services.

Resolution WHA66.24: eHealth standardization and interoperability (2013)

Net neutrality 

The issue of net neutrality (the equal treatment of Internet traffic) could affect bandwidth and the stability of digital connections, especially for high-risk activities such as online surgical interventions. Thus, health organisations may be granted exceptional provisions, as the EU has already done, where health and specialised services enjoy exceptions regarding the principle of net neutrality.

Resolution WHA66.24: eHealth standardization and interoperability (2013)

Access 

The WHO uses digital technology intensively in its development of activities, ranging from building public health infrastructure in developing countries and immunisation to dealing with disease outbreaks. The organisation also integrates digital health interventions in its strategies for certain diseases. The WHO’s Global Observatory for e-Health[BRC2] aims to assist member states with information and guidance on practices and standards in the field of e-health. 

Cybersecurity 

The WHO has dedicated cybersecurity focal points, who are able to work with legal and licensing colleagues, that provide frameworks for the organisation to not only protect WHO data from various cyber-risks, but also provide technical advice to the WHO and members states on the secure collection, storage, and dissemination of data. Health facilities and health data have always been the target of cybercriminals; however, the COVID-19 crisis has brought into sharp focus the cybersecurity aspects of digital health.

Ransomware attacks threaten the proper functioning of hospitals and other healthcare providers. The global Wannacry ransomware attack in May 2017 was the first major attack on hospitals and disrupted a significant part of the UK’s National Health System (NHS). Ransomware attacks on hospitals and health research facilities have accelerated during the COVID-19 crisis.

Considering that data is often the main target of cyber-attacks, it should come as no surprise that most cybersecurity concerns regarding healthcare are centered around the protection of data. Encryption is thus crucial for the safety of health data: It both protects data from prying eyes and helps assuage the fears patients and consumers may have about sharing or storing sensitive information through the Internet.

Content policy: Infodemic 

An infodemic is an overflow of information, including misinformation, that prevents people from accessing reliable information; in the context of the COVID-19 pandemic, it hampers the ability of people to know how to protect themselves. Our current infodemic cannot be eliminated, but it can be managed by: producing engaging reliable content and using digital, traditional media, and offline tools to disseminate it; engaging key stakeholder groups in co-operative content creation and dissemination; empowering communities to protect themselves; and promoting community and individual resilience against misinformation. Digital health technologies and data science can support these activities by: analysing the information landscape and social dynamics in digital and analog environments; to deliver messages; supporting fact-checking and countering misinformation; promoting digital health, media, and health literacy; and optimising the effectiveness of messages and their delivery through real time monitoring and evaluation (M&E), among others.

At the Munich Security Conference (15 February 2020), WHO Director-General Tedros Adhanom Ghebreyesus stated: ‘We’re not just fighting an epidemic; we’re fighting an infodemic.’ This translated into many WHO initiatives to counter the infodemic, such as working with the public and the scientific community to develop a framework for managing infodemics; bringing the scientific community together for the first WHO infodemiology conference; the development of a draft research agenda on managing infodemics, co-operation with UN agencies and the AI community; promoting reliable WHO information through a co-ordinated approach with Google, Facebook, Twitter, and other major tech platforms and services; and campaigns to counter misinformation.

Digital tools

  • Emergency preparedness and response: The WHO maintains a portfolio of digital tools and methods for emergency preparedness and response, for example: GoData, Epidemic Intelligence from Open Sources (EIOS), and Ethical considerations to guide the use of digital proximity tracking technologies for COVID-19 contact tracing.
  • WHO Digital and Innovation for Health online community to fight COVID-19: a platform for discussion and sharing experiences and innovative responses related to the COVID-19 pandemic.
  • Health Equity Monitor: a platform for health inequality monitoring which includes datatabases of disaggregated data; a handbook on health inequality monitoring; step-by-step manuals for national health inequality monitoring (generally and specifically for immunisation inequality monitoring);
  • Health Assessment Toolkit: software application that facilitates the assessment of health inequalities in countries. Inequality data can be visualised through a variety of interactive graphs, maps, and tables. Results can be exported and used for priority-setting and policy-making.
  • Harmonised Health Facility Assessment (HHFA): a comprehensive, external review tool for assessing whether health facilities have the appropriate systems in place to deliver services at required standards of quality.
  • District Health Information Software & Toolkit for Analysis and Use of Routine Health Facility Data: open source, web-based health management information system (HMIS) platform. The toolkit provides  standards and guidance for the analysis of Routine Health Information Surveys (RHIS) data for individual health programmes, as well as integrated analysis for general health service management.
  • WHO Health Data Hub (under development): a single repository of health data in the WHO and establish a data governance mechanism for member states.

Resources

  • Digital Health Atlas: The Digital Health Atlas is a global registry of implemented digital health solutions. It is open and available to anyone to register and contribute information about digital implementations. The registry provides a consistent way to document digital solutions, and offers functionalities in a web platform to assist technologists, implementers, governments, and donors for inventory, planning, co-ordinating, and using digital systems for health. The Digital Health Atlas includes a special focus on listing digital technologies related to the COVID-19 pandemic. The repository of information is open to all users to register projects, download project information, and connect with digital health practitioners globally. 
  •  Civil Registration and Vital Statistics (CRVS): registering all births and deaths, issues birth and death certificates, and compiles and disseminates vital statistics, including cause of death information. It may also record marriages and divorces.
  • WHO Classifications and Terminologies: operates a ‘one-stop-shop’ for WHO classifications and terminologies and is delivering and scaling use of terminologies and classifications.

The new Survey Count Optimise Review Enable (SCORE) for Health Data Technical Package:  published during one of the most data-strained public health crisis responses ever – that of the COVID-19 pandemic, score can guide countries to take action by providing a one-stop shop for best technical practices that strengthen health information systems, using universally accepted standards and tools.

The WHO has numerous platforms, instruments and monitoring mechanisms involving data exchanges and classification among its member states.

Monitoring health inequalities

The WHO’s digital and data efforts contributing to both sustainable development goal (SDG) 3 and Universal Health Coverage focus on identifying, understanding, and tracking progress in communities left behind. Measuring inequalities is crucial to identify differences in health between different population subgroups, which provides evidence for policies, programmes, and practices that tackle health inequities. Recognising this, the WHO has developed a number of tools and resources to build capacity for health inequality monitoring at global and national levels.

 All materials are publicly available through the WHO Health Equity Monitor, the WHO’s platform for health inequality monitoring, and include:

  • A large database of disaggregated data;
  • A handbook on health inequality monitoring;
  • Step-by-step manuals for national health inequality monitoring (generally and specifically for immunisation inequality monitoring);
  • Statistical codes for calculating disaggregated data using household survey data; and
  • A software application for assessing health inequalities (HEAT and HEAT Plus).

Building on these materials, the WHO delivers regular training workshops to build capacity for health inequality monitoring in WHO member states and regions.

The Health Equity Assessment Toolkit is a software application that facilitates the assessment of health inequalities in countries. Inequality data can be visualised through a variety of interactive graphs, maps, and tables. Results can be exported and used for priority-setting and policy-making.

There are two editions of this toolkit and further references are below:

  1. HEAT, the Built-In Database Edition, which contains the Health Equity Monitor database and
  2. HEAT Plus, the Upload Database Edition, which allows users to upload and work with their own databases.

Health Equity Monitor database: http://apps.who.int/gho/data/node.main.nHE-1540?lang=en

Health inequality monitoring handbook: https://www.who.int/data/gho/health-equity/handbook

Manual for health inequality monitoring: https://www.who.int/data/gho/health-equity/manual

Manual for health inequality monitoring in immunisation: https://www.who.int/data/gho/health-equity/manual_immunization

Statistical codes: https://www.who.int/data/gho/health-equity/statistical_codes

Health Equity Assessment Toolkit: https://www.who.int/data/gho/health-equity/assessment_toolkit

Capacity building: https://www.tandfonline.com/doi/full/10.1080/16549716.2017.1419739

Global and national reports: https://www.who.int/data/gho/health-equity/publications

Harmonized Health Facility Assessment modules – digital data collection and analysis of health service quality

The Harmonised Health Facility Assessment (HHFA) modules represent a comprehensive, external review tool for assessing whether health facilities have the appropriate systems in place to deliver services at required standards of quality.

Availability and quality of health services are integral to universal health coverage (UHC) and contribute to achieving the SDGs. The HHFA modules provide an in-depth assessment of facility service availability and quality, based on global health service standards, and using standardised indicators, questionnaires, and methodologies. HHFA data contribute to health sector reviews, planning, and policy-making and enable evidence-based decision-making to support the strengthening of health service delivery in a country.

There are four HHFA modules: 1) service availability, 2) service readiness, 3) quality and safety of care, and 4) management and finance. A module is defined as a set of questions (in questionnaire format) that aim to collect information for a defined set of indicators for a specific disease, programme, or service management area.

The standardisation of indicators and data collection methods promotes the alignment of health facility survey approaches among partners and enables comparability of results over time and among geographic areas.

The modular approach enables countries to adapt the HHFA to their needs based on the selection of core and additional indicators and targeting of various health facility levels. The implementation of the HHFA requires health facility visits to collect data through a variety of methods including facility audits, record reviews, provider interviews, observation, and client interviews. The HHFA can be carried out as a census of all facilities or as a representative sample of facilities.

Data collection is conducted using hand-held devices and questionnaires configured in the Census and Survey Processing System (CSPro), a software package for entering, editing, tabulating, and disseminating data from censuses and surveys. A comprehensive digital data analysis platform is in development to enable the efficient and secure analysis of data and the calculation of indicators with automated visualisation and report-creation functions.

The HHFA modules comprise a comprehensive package of downloadable tools: reference manual, questionnaires, indicator inventory, CSPro data collection tool, data analysis platform, implementation guide, and training materials.

Civil Registration and Vital Statistics (CRVS)

Monitoring health trends often requires numerators and denominators, and where possible in real time. Key denominators include birth and death registrations, and data from censuses. This type of monitoring is increasingly using digital technologies.

Move information not people: The WHO advocates for the use of electronic devices for the notification of vital events (births and deaths). Local informants (community health workers or village chiefs) can use mobile devices (phones or tablets) to notify the health facility or civil registration office of a birth or death in the community.  However, the registration of a birth or death is more a legal act that must be done in the presence of the next of kin and/or with witnesses in some count