Civil Data Disobedience: Navigating Data Interaction Challenges in Human Rights Defense Organizations
This is a strong qualitative CHI paper because it reframes organizational data practice away from a simple compliance lens and shows how refusal, avoidance, and selective transgression can be competent, ethical responses to risk. Its main contribution is an integrated feminist-critical data literacy framing grounded in concrete organizational accounts rather than abstract policy critique alone.
Axes Lens
Rare contribution shape, typical evidence profile. The point here is not a score. It is to show what kind of claim the paper makes, and whether the evidence pattern is unusual or baseline in this 268 -review set.
Contribution shape
- Knowledge form
- descriptive knowledge typical · 92/268
- Novelty type
- framework typical · 59/268
- Abstraction level
- practice typical · 85/268
- Generalization target
- user population typical · 75/268
- Validation mode
- qualitative study typical · 63/268
Evidence profile
- Evidence strength
- strong typical · 158/268
- Claim alignment
- strong typical · 231/268
- Overclaim risk
- low typical · 53/268
Review Summary
This paper stands out by treating data interaction in human rights defense organizations not as a narrow problem of better compliance or better tooling, but as a situated political practice shaped by vulnerability, care, and uneven exposure to harm. The strongest move is conceptual: the authors explicitly combine data feminism and critical data literacy, then use that integrated lens to interpret how organizations navigate legal structures and digital infrastructures through judgement, resistance, and protective improvisation. That framing is not merely decorative. It helps explain why practices that might otherwise look deficient or noncompliant—avoiding digital storage, relying on paper records, withholding identifying details, or bending rules to provide support—can instead be understood as rational and ethical responses to structural constraints. The empirical contribution is also clear. The paper identifies three overarching themes of data interaction: avoidance or refusal, transgression of regulatory frameworks when immediate needs dominate, and strategic use of data for advocacy and legitimacy. Those themes give the work a useful structure and make it legible to HCI readers interested in data justice, feminist HCI, civic tech, and organizational practice. The evidence base is appropriate for the claims: seven organizations, eight interviews, social media observation, and document analysis. That is enough for a persuasive qualitative account, though not for broad generalization. The main limitation is scope. The study is confined to Swedish organizations and, by the authors’ own admission, does not include interviews with the marginalized groups being supported. So the paper is best read as a strong contextual account of organizational sensemaking and practice, not a complete account of all stakeholder experiences. Even so, it makes an important field-level intervention by showing that “good data practice” cannot be reduced to universalized security and compliance norms when those norms themselves can reproduce exclusion or risk.
What Changed
Canon before
Dominant assumptions prior to this paper treated data practices in civil society organizations as either compliance-driven or technical challenges, emphasizing formal regulation adherence (such as GDPR) and overlooking the nuanced, situated, and political nature of data interaction in marginalized contexts. Prevailing views also presumed universal applicability of data protection frameworks and the primacy of digital system use for effective data management, expecting technical proficiency and resources as prerequisites for good data practice.
Departure from common sense
This paper breaks the assumption that compliant and secure use of digital data systems is always the desirable or feasible approach for all organizations. It reveals that human rights defender organizations deliberately avoid, refuse, or transgress data regulations for safety and care, and that non-use or analog practices are protective and political acts rather than lack of access or skills. It challenges the idea that strict data privacy regulations uniformly empower all individuals by showing that they sometimes hinder support to marginalized populations.
Actual novelty
The paper contributes a novel integrated theoretical framework combining data feminism and critical data literacy to conceptualize how human rights defender organizations develop situated, feminist forms of critical data literacy. Empirically, it uncovers three modes of data interaction—avoidance/refusal for protection, transgression/proxy acting to meet immediate needs despite regulation, and data use as a resource for advocacy and legitimacy. It situates these as political, ethical, and care practices that reveal tensions and paradoxes in regulatory frameworks like GDPR when applied in precarious contexts and highlights grassroots data expertise as relational and embodied labor often invisible in formal discourse.
Evidence
The evidence comes from a qualitative multi-site study of seven Swedish human rights defender organizations. The authors combine eight hour-long semi-structured interviews with volunteers and professionals, three months of social media observation, and analysis of organizational policies and instructions. The results section explicitly identifies three overarching themes, while the theory section states the integrated framework joining data feminism and critical data literacy. Together these sections provide solid qualitative grounding for the paper’s descriptive and interpretive claims, though the scope remains bounded to this organizational context.
“ulnerability. To analyse their practices, we draw on an integrated framework that brings together data feminism and critical data literacy. Rather than treating these as separate theories, we understand data feminism as a feminist extension of critical data literacy, which centers power, intersectionality, and structural inequalities in data practices”
actual novelty · 3.1 A Feminist Approach to Critical Data Literacy · confidence 0.97
“A substantial part of our findings highlights the importance of technological infrastructure and tools for data handling and storage. Informants were very aware of the risks associated with digital data, particularly the need to safeguard vulnerable individuals. A prevalent strategy was therefore to deliberately avoid digital data collection or storage, despite the drawbacks this meant”
departure from common sense · 5.1 Data Avoidance and Refusal Practices · confidence 0.96
“. We only interviewed people that were engaged in the organizations, we have not interviewed anyone from the groups they support. However, sometimes these roles somewhat overlap so that a volunteer might also be part of the marginalized group.”
limitation · 4 Method · confidence 0.98
“others did not have anything documented. Some had well-developed communication strategies and were active in public debates, while others did not define what they did in these terms. In addition to gathering public information about our cases, we also systematically observed the social media activities of the included organizations for three months from 2023 to early 2024.”
validation scope · 4 Method · confidence 0.98
Limits
Method limits
The study is limited to seven organizations in Sweden and eight interview participants. The authors also state that they only interviewed people engaged in the organizations and did not interview members of the groups those organizations support, which narrows the perspectives represented. Because the work is qualitative and interpretive, it supports contextual understanding rather than causal inference.
Deployment limits
The findings are grounded in Swedish human rights defender organizations operating under GDPR and resource constraints, so transfer to other legal regimes, sectors, or infrastructure conditions should be made cautiously. The design implications are conceptual rather than validated through implemented systems.
Boundary conditions
The claims are bounded to human rights defender organizations supporting marginalized groups in Sweden, especially contexts where surveillance risk, scarce resources, volunteer labor, and GDPR-shaped compliance pressures structure data practice. The paper is most applicable where organizations must balance protection, advocacy, and legitimacy under precarious conditions.
Position in field
This paper positions itself within HCI, feminist data studies, and critical data literacy by shifting attention from compliance-centered accounts of organizational data management to situated, political, and care-oriented practices in civil society. Its contribution is strongest as a theoretically informed empirical account of how grassroots organizations negotiate data protection, refusal, and advocacy under structural constraint.