During the Covid-19 pandemic, many tech companies are offering pro-bono data services to public health organisations, governments, and communities. Their offers include free access to software and to people to help with managing data, analysing it, and building predictive models.

I don’t think it’s particularly worthwhile speculating on the internal motivations for these companies. I choose to believe they genuinely want to support the global effort to help societies and economies through this crisis, and are providing that help in the way they know how. Others believe it’s all about capturing markets, gaining access to personal data for other (nefarious) purposes, or developing their own intellectual property and capability. Probably the truth is somewhere between these two.

But it doesn’t matter: any organisation considering accepting such help has to consider the same set of things regardless, to retain public trust, safeguard its own future operations, and with an eye to the market effects it generates.

Before I dive into detail, just to say that any such arrangement needs to satisfy the basic hygiene factor of being a clear contractual relationship. Informal “partnerships” will leave you extremely exposed on many of the issues discussed here. And be aware that a pro-bono project is not free to you: even if you’re not paying them, you will be putting in time, effort and resources into the project. You have to consider the project – and whether the help you’re being offered is the best way of achieving its goals – in the round.

Retaining public trust

Public trust is important in the best of times, but it’s particularly important in situations where you want the public to pay attention to what you say and do what you tell them (eg stay home, install an app, report their symptoms accurately).

Most companies large enough to offer you pro-bono data services will have a bad reputation about their use of data. This reputation might have arisen due to actual security breaches, enforcement action by data protection regulators or previous dodgy deals. It might simply be that people are frightened because they know those companies have huge amounts of data about them already and they feel powerless. The bad reputation might be even more diffuse: about whether the company pays fair taxes or treats its workers well.

The point is you are not starting from a neutral position with the public: you’re starting from one in which the motivations of the companies offering support will be immediately questioned and treated with suspicion. The fact the services are offered for free makes this worse, not better: to the public and press this is a red flag about a hidden motive which probably involves little guys getting screwed over.

In making your decision about taking up an offer, you have to factor in the fact that countering this trust deficit will take time and effort on your part. This is a cost to weigh against the benefits of the services offered. The only way to counter the trust deficit, and protect your own reputation and the trust the public has in you as an institution, is clear, proactive, transparent communication and effective, representative, accountable governance – and even doing these isn’t guaranteed to work. You need an excellent comms team, proactively communicating about every aspect of the project. You need to draft in trusted external experts to oversee the work, and demonstrably listen and respond to their recommendations. All of this takes substantial effort and time. Don’t overlook or underestimate it.

You should operate under the assumption that every aspect of the deal you make will come to the surface eventually. The more you hide, and the more it feels like people have to fight to get hold of information about what you’re doing, the more time you will spend firefighting as they dig up dirt, and the more trust you will lose in the long term. Make sure you are completely satisfied that you can be open with the public about everything you’re doing. If you’re not comfortable doing that, it probably indicates that there’s an ethical problem somewhere in the deal that you need to resolve.

Deeper, though, than these aspects of reputation management, is the genuine issue of exploitation of data about the public and the efficacy and trustworthiness of the service being provided. Things to question here include:

Is this service genuinely useful? Is it something you would procure off your own bat, because you really need it? Or are you being offered a tech solutionist stab in the dark that might come with huge opportunity costs?

Are there any security issues, outside the control of the data services company, that you need to be aware of? For example, can you ensure data is stored in a way that provides protection against intelligence service intrusion?

How are the biases and discriminatory issues in the data service being handled? What other processes or practices will need to be in place to counter those biases and ensure that you’re not excluding people by relying on this solution?

How have you secured permission or authority for this arrangement? Is it within your standard organisational policies, good practices, or lawful constitution? If some of those constraints have been waived due to the crisis, do you still have a mechanism for consulting with affected people and communities (eg patient or public representatives) about the project?

Who will ultimately benefit from the data service and how? It is inequitable and unjust for data about one group of people to be used to build tools that are then used to benefit another group of people. This includes you as an organisation getting benefits from data that don’t somehow return to the community. How can you ensure that the people and communities the data is about also benefit from the intelligence and services that are built over that data?

Answering these questions should help you identify additional things you need to make clear in the contract (eg where data will be stored) and do as part of the project (eg provide access back to communities).

Ensuring sustainability

You need to think hard about what happens when the arrangement ends. If you become reliant on a data service that’s being offered to you for free now, you may be committing yourself to future costs. If you don’t construct the contract well, you might be left in the situation where your friendly pro-bono supplier suddenly has you over a barrel and can charge what they want for the service you now can’t do without. Don’t kid yourself that everything will disappear when the crisis lifts. Assume that it will stay in place, and create contractual protections around that assumption.

Make sure the contract contains provisions that mean you retain as much intellectual property (IP) as possible. You should get ownership of as much of the code, data and models that get created during the project as you can. Making that IP as open as possible (ie open source, open data or at least open codebooks and schemas, and open models and algorithms) and ensuring everything is publicly documented will help alternative suppliers to be able to understand the system before you even start tendering for it.

One area where data service suppliers may want to retain IP is in any AI or automated services they build. I think this is reasonable: you want alternative suppliers to offer better services, not necessarily exact replicas. Just make sure that you retain enough rights over things like training data such that an alternative supplier will be able to create their own equivalent or improved solutions. (And remember what I said above about thinking through who gets to benefit from what’s being built.)

The contract should also ensure that, at the end of the contract period, an alternative supplier (which could be you, if you take it in house) will have sufficient time and access to existing systems to be able to take over the service. Make allowances for a transition period during which the pro-bono supplier continues to run the service while the alternate supplier builds their solution. Include in the terms that the supplier needs to capture and supply any updates to the data they were originally furnished with. Include public documentation for the logic behind algorithms too, where that’s important.

In other words think deeply about your exit strategy before entering into the deal. Protect your future self.

Building the market

Any supplier who is offering pro-bono support is likely to already be in a good market position. Entering into an arrangement with them might well entrench that position. You’re giving them a reputational boost as well as building their internal capacity and possibly product set. Accepting an offer of pro-bono help from one company without having assessed their offer against those of other suppliers is not fair or open procurement.

However, in an emergency you might feel you don’t have time for a fair and open procurement process: you’re just choosing whether to take up this free offer or not. So it’s worth thinking of some ways to counter the market impact of that decision, and the costs of doing so, as you’re shaping the project and weighing up the deal.

Fortunately, if you’re doing the things described above you have a good foundation in place. To preserve trust, you’ve already dialed the transparency up to max, so other potential suppliers (which might range from smaller data companies through academics and civil society groups) know what you’re up to. You’ve already open sourced code, opened up the models and algorithms underpinning any solution, and made as much data as possible (or at least its descriptors) open for others. Now you need to actively encourage and enable other people to create alternatives to (the fun/innovative/interesting/capacity building parts of) what your pro-bono supplier is giving you.

Here, I’d suggest employing open innovation techniques and more specifically put out a data challenge. Describe what you’re doing and invite others to show you their best ideas and implementations. Provide a prize (perhaps from the money you’re saving because of that lovely pro-bono help) to give some motivation; or link up with a research council or philanthropic funder to provide supporting grants; or just rely on the fact curious hackers love to challenge themselves to find better ways to do things with technology, particularly if that involves saving the world.

If developing the kinds of data services you’re getting for free requires access to personal data, create synthetic datasets that mirror the important characteristics of those datasets without containing any real information about real people. Make those available to the challenge participants.

Showcase the best solutions. Build their reputation. Count it as a success if those solutions get incorporated into the offer of the competitors to your pro-bono supplier. Remember you’re building your future market through this process, as well as everyone else’s.

In summary, an offer of free help is never actually free, but it is possible to construct a project such that everyone gets to benefit from it. If it’s still worth going ahead with those additional costs taken into account, knock yourself out.