Consultation and Analysis

The four stages in this section involve the analysis of societal impacts using an iterative process based upon the methodology, and in concert with identified stakeholders,  that looks at each of six aspects of societal impacts as described above.

Consult with stakeholders

The project manager and/or societal impact assessor should enter a dialogue with as many stakeholders as appropriate or meaningfully possible (taking into account the available budget). There are many reasons for doing so, not least of which is that they may identify some societal risks not considered by the project manager or assessor. By consulting stakeholders, the project manager may forestall or avoid criticism that they were not consulted. If something does go wrong downstream – when the project or technology or service is deployed – an adequate consultation at an early stage may help the organisation avoid or minimise liability. Furthermore, consulting stakeholders may provide a sort of “beta test” of the project or service or technology. Consulted stakeholders are less likely to criticise a project than those who were not consulted. The earlier a consultation process is entered into, the more benefits an organisation can expect to draw from it as any learning produced can be integrated into the project more rapidly, and additional information may help to avoid unanticipated problems in the project.

There are several different ways of consulting stakeholders and the assessor should consider which will be most appropriate in the circumstances. The assessor or other members of the SIA team could interview stakeholders directly. They could convene workshops of experts or stakeholder representatives. They could hold focus groups of ordinary consumer-citizens. They could conduct surveys by telephone or e-mail or face to face. They could post the project description on the organisation’s website and invite comments. They could hold public hearings where they describe the project and invite comments from the audience or from experts and then invite comments after the experts have spoken. They could prepare stories or adverts in the media and invite comments from readers. They could conduct a Delphi survey of experts, to query them on potential societal risks now and in the future.[1] There are current EU-funded research projects which are working to produce structured methods for consultation in security research.[2]

Social impact assessment has attracted a range of cautionary comments in relation to community participation. That participation can become a tokenistic exercise, can be inconsistent, often does not involve enough participation in actual decision-making, being reduced to a form of consultation (Peterman 2004; O’Faircheallaigh 2010; Müth 2000; Bishop & Davies 2002). Moreover, community participation is sometimes used as a seeming quick fix for problems, without addressing the root of the issue (which often lies in unequal power distributions that are deeply engrained in polities, and sometimes in the very institutions of the community whose participation is sought). As a result, community participation sometimes takes the form of a tokenistic exercise; once “affected communities” – or their leaders – have been heard, the respective box can be ticked off, and afterwards the rule of previous power relations resumes (Peterman 2004). To avoid this, the participation of stakeholders in an SIA exercise should be dialogic and a partnership, and go beyond simply writing down what stakeholders have to say. Stakeholders should have access to the researchers and ideally be able to exercise some influence over the direction of the project.

Compliance with legislation

A societal impact assessment for security research is more than a compliance check; nevertheless, the assessor or her legal experts should ensure that the project complies with any legislative or regulatory requirements. These may be high level laws relevant across contexts, such as (at the European level) the European Convention on human rights (http://www.echr.coe.int/Documents/Convention_ENG.pdf) and the EU Charter of fundamental rights (European Parliament et al 2010) as well as more specific laws, regulations, codes and guidelines applicable to the specific context and aims of the project being assessed. Research projects attracting institutional support will also have to comply with relevant standards and criteria selected by funding or sponsoring institutions. Individual institutions will likely have their own guidance on this, which should be identified here. The exercise of producing the SIA report will likely assist in compliance with these requirements.

 

The following table presents some legislation at the EU level that may be applicable to security research projects.

 

Way of life, fears and aspirations Charter of Fundamental Rights of the European Union; European Convention on human rights; Council Directive 2000/78/EC of 27 November 2000 establishing a general framework for equal treatment in employment and occupation; Directive 2004/38/EC on the right to move and freely reside; Gender recast Directive 2006/54/EC; Employment equality Directive 2000/78/EC/
Culture and community Charter of Fundamental Rights of the European Union; Council of the European Union, Directive 2000/43/EC of 29 June 2000 implementing the principle of equal treatment between persons irrespective of the racial or ethnic origin; Racial equality Directive  2000/43/EC
Political systems Charter of Fundamental Rights of the European Union; European Convention on human rights.
Environment Directive 2008/1/EC of the European Parliament and the Council of 15 January 2008  concerning integrated pollution prevention and control:  Directive 2011/92/EU of the European Parliament and the Council of 13 December 2011 on the assessment of the effects of certain public and private projects on the environment.
Health and well-being National Legislation for health; Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare; Council Directive of 12 June 1989 on the introduction of measures to encourage improvements in the safety and health of workers at work (89/391/EEC).
Personal and property rights Charter of Fundamental Rights of the European Union; Directive 95/46/EC of the European Parliament and the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; Directive 2002/58/EC of the European Parliament and the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector; Employment Equality Directive 2000/78/EC; Gender goods and services Directive 2004/38/EC; Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters.

Table 4: potentially applicable legislation at the EU level (source: authors)

 

Identify societal impacts and possible solutions

The assessor and her SIA team, preferably through stakeholder consultation, should identify all possible negative societal impacts, who these will impact, and their likelihood (frequency) and consequence (magnitude of impact) as well as the numbers of people who could be affected. Often, the best way to identify these impacts is to consider principles associated with each type of societal impact and/or a set of questions which can help identify negative societal impacts, as provided in section 2.1. The assessor will benefit from engaging stakeholder representatives and experts to have their views. The assessor, other members of the SIA team and stakeholders consulted should raise other questions that can help to identify the societal impacts of the proposed project.
The following tables demonstrate how an assessor should use the spiral methodology and approach the six relevant sectors in three phases.

 

 

Assessment Round 1: Ensuring security research meets the needs of society

Way of life, fears and aspirations

Culture and community

Political systems

Environment

Health and well-being

Personal and property rights

Which documented societal security need(s) does the proposed research address? (e.g. life, liberty, health, employment, property, environment, values).
How will the research output meet these needs? How will this be demonstrated? How will the level of societal acceptance be assessed?
Is the research project aware of challenges to these needs?
Does addressing the documented societal needs through the proposed research require any trade-offs with other documented societal needs? How is this trade-off decided? Is this trade-off still valid if the research is less effective than anticipated?
What threats to society (e.g. crime, terrorism, pandemic, natural and man-made disasters) does the research address?
How is the proposed research appropriate to address these threats?
What other measures could be adopted to address these threats?

 

Assessment Round 2:Ensuring security research does not have negative impacts on society

Way of life, fears and aspirations

Culture and community

Political systems

Environment

Health and well-being

Personal and property rights

How could the research have a negative impact on freedom of association?
How could the research have a negative impact on freedom of expression?
How could the research have a negative impact on protection of personal dignity?
How could the research have a negative impact on privacy and data protection?
How could the research have a negative impact on property rights?
How could the research have a negative impact on access to public space?
If implemented, how could the research have a negative impact on this aspect (culture and community, way of life, etc.)?
How could the research impact disproportionately upon specific groups or unduly discriminate against them?
Could the research have impacts upon vulnerable groups (including, but not limited to: the elderly, the disabled, children and young adults, homeless people, economically disadvantaged people and people in precarious situations, immigrants or non-citizens, and lesbian, gay, bisexual, transgender or queer (LGBTQ+) identifying people).
How could the research increase discrimination?

 

 

Assessment Round 3:  Ensuring security research benefits society

Way of life, fears and aspirations

Culture and community

Political systems

Environment

Health and well-being

Personal and property rights

What segment(s) of society will benefit from increased security as a result of the proposed research?
How will they benefit?
Are additional measures required to achieve this benefit?
Are additional measures possible to extend these benefits to other segments of society?
In what contexts might this benefit be lacking or not be delivered by the research project?
How will society as a whole benefit from the proposed research?
Are there other European societal values that are enhanced by the proposed research, e.g. public accountability and transparency; strengthened community engagement, human dignity; good governance; social and territorial cohesion; sustainable development.

Table 5: Assessment phases (source:authors)

 

Deciding how to mitigate or eliminate or avoid or transfer negative societal impacts is also a somewhat political decision as is the decision regarding which benefits to pursue. The assessor or project manager or organisation may decide that the benefits of the project or technology outweigh the perceived negative impacts arising from its development and deployment. Societal impact assessment should be regarded as part of the organisation’s risk management, although this should be balanced against the need to actually learn through the process. In order to facilitate socially robust innovation, it could be argued, SIA needs to provide room for genuine learning on the side of all actors involved, and the possibility that core policies and plans will be aborted or reformulated needs to remain a possibility.

The organisation should maintain an impact register, wherein the assessor (and/or other organisation employees) identifies the impacts, their seriousness, what the organisation has decided (if anything) to do about them, who is the person who is responsible for managing it. The impact register should be regularly updated (e.g. every six months or at appropriate milestones in the project), depending upon the length of the research project. It is important to include all identified impacts in this register even if they are accepted at later stages in the process.

Formulate recommendations

Based on her analysis of the societal impacts, the assessor should prepare a set of recommendations, which will form part of the SIA report. The assessor should be clear to whom her recommendations are directed – some could be directed towards different units within the organisation, some to the project manager, some to the CEO, some to employees (including researchers) or employee representatives (e.g. trade unions), to regulatory authorities, etc. The assessor should provide the rationale for each of her recommendations. The recommendations could include procedural and more general organisational matters, e.g. relating to training and raising awareness and accountability, as well as those relating specifically to societal impact.

Potential venues and options for the publication of research findings (for example, open-access publication) can be identified at this stage as they will contribute to the positive societal impacts of the security research.

 

Next: Reporting and Responding



[1] For a longer list of possible techniques, see OECD, Stakeholder Involvement Techniques, ISBN 92-64-02087-X, Paris, 2004, pp. 30-32 [Box 2. Commonly cited techniques for informing deliberation through stakeholder

involvement]

[2] see http://securitydecisions.org/about-dessi/, and http://www.siam-project.eu/