🌀
← Back to Articles & Artefacts
artefactseast

Indigenous Data Sovereignty & Community Consent Protocol

IAIP Research
you_are_mia_251030

Indigenous Data Sovereignty & Community Consent Protocol

For Weekly Team Meetings App Development Project

Framework Integration: OCAP Principles + CARE Principles + Two-Eyed Seeing
Prepared: October 30, 2025
Last Updated: Implementation ongoing

I. FOUNDATIONAL PRINCIPLES

A. Core Framework Integration

This protocol integrates three critical Indigenous governance frameworks:

OCAP® Principles (First Nations Information Governance Centre)

  • Ownership: Indigenous communities own their information
  • Control: Indigenous communities control research data management at all lifecycle stages
  • Access: Indigenous communities access data about themselves and make access decisions
  • Possession: Physical control remains with Indigenous-controlled steward

CARE Principles for Indigenous Data Governance

  • Collective Benefit: Data ecosystems enable Indigenous Peoples to derive collective benefits
  • Authority to Control: Indigenous Peoples govern collection, access, use, and reuse of data
  • Responsibility: Users engage ethically and respectfully with Indigenous Peoples
  • Ethics: Ethical data governance reflects Indigenous worldviews and ethical standards

Two-Eyed Seeing (Etuaptmumk)

  • See from one eye with strengths of Indigenous ways of knowing
  • See from other eye with strengths of Western ways of knowing
  • Use both eyes together for benefit of all relations
  • Recognition that both knowledge systems have equal value and are mutually necessary

B. Sacred Principles

Beyond regulatory frameworks, this protocol is grounded in:

  1. Reciprocity: All data relationships are reciprocal, not extractive
  2. Relationality: Data reflects relationships between peoples, lands, and spirits
  3. Responsibility: Data stewardship is a sacred responsibility to ancestors and future generations
  4. Respect: Honoring the autonomy and sovereignty of Indigenous communities
  5. Relevance: Data use must benefit the community's stated priorities

II. COMMUNITY CONSENT PROTOCOL

A. Consent Requirements - Before Project Initiation

Stage 1: Community Identification (Weeks 1-2)

Actions:

  • Identify all Indigenous communities whose territories or peoples are affected by the project
  • Include communities whose members will use the technology
  • Include communities whose knowledge or cultural materials inform the project
  • Include communities in the geographic region where development occurs

Deliverable: Complete community mapping document

Stage 2: Relationship Building (Weeks 3-6)

Actions:

  • Assign dedicated community liaison (preferably Indigenous team member)
  • Schedule initial meetings with community leadership and Elders
  • Share project vision using accessible, non-technical language
  • Listen to community concerns and priorities without defensiveness
  • Acknowledge historical context of data extraction and colonial practices
  • Build trust through consistent, transparent communication

Deliverable: Meeting notes and relationship assessment

Stage 3: Information Sharing (Weeks 7-12)

Actions:

  • Provide detailed project documentation in accessible formats:
    • Written summaries (plain language)
    • Video presentations with Elders explaining concepts
    • Visual diagrams of architecture
    • FAQ documents addressing community concerns
  • Explain what data will be collected, how it will be used, who will access it
  • Clarify how community protocols will be honored
  • Present benefits AND risks honestly
  • Allow adequate time for community deliberation

Deliverable: Comprehensive information package in multiple formats

Stage 4: Community Deliberation (Weeks 13-18)

Actions:

  • Hold community meetings where decision-making authority rests with community
  • No project representatives present during internal deliberations
  • Support Elders and community leaders in assessing appropriateness
  • Provide written record of community meetings (if community consents to recording)
  • Allow minimum 4 weeks for internal decision-making
  • Be prepared for rejection or conditional consent

Critical: Government or corporate representatives should NOT be present during community deliberation

Stage 5: Consent Documentation (Weeks 19-20)

Actions:

  • Obtain written consent that specifies:
    • What was agreed to (and what was NOT agreed to)
    • Conditions on implementation
    • Ongoing monitoring requirements
    • Grievance mechanisms
    • Benefit-sharing arrangements
    • Community's right to revoke consent
  • Document who has authority to provide consent (identify decision-makers)
  • Include signature/thumbprint of authorized community representatives
  • Provide copies to community in their possession

Deliverable: Signed Community Consent Agreement

B. What Consent Is NOT

  • Not mere consultation or information gathering
  • Not securing approval after decision is already made
  • Not extracting permission through pressure or coercion
  • Not one-time agreement; ongoing process
  • Not tokenistic inclusion; authentic decision-making power
  • Not override by external authority (government, corporation)

C. What Constitutes Valid Consent

  • Free and voluntary (no coercion, no incentive-based pressure)
  • Prior to implementation (advance notification)
  • Informed (full understanding of implications)
  • Given by authorized community representatives
  • Documented in writing
  • Specific about what is/is not consented to
  • Revocable if community circumstances change

III. DATA GOVERNANCE FRAMEWORK

A. Data Ownership & Classification

Community-Owned Data

Definition: Data about Indigenous peoples, their territories, languages, knowledge systems, or practices

Governance:

  • Community retains ownership regardless of funding source
  • Community makes all access decisions
  • Community benefits from any derivative use
  • Community retains right to revoke access

Examples:

  • Team member information (if Indigenous)
  • Place names and territorial information
  • Cultural knowledge integrated into requirements
  • Community feedback and stories
  • Usage data from Indigenous teams/communities

Project-Generated Data

Definition: Technical data generated during development (code, architecture diagrams, non-identifying usage patterns)

Governance:

  • Shared governance model
  • Community has input on data retention and access
  • Non-identifying data may be used for improvement
  • Community must approve any publication or sharing

B. Data Collection Standards

Collection Principles

  1. Minimization: Collect only data necessary for stated purpose
  2. Consent: Collect only data for which consent has been obtained
  3. Transparency: Clearly communicate what data is collected and why
  4. Security: Implement culturally appropriate security measures
  5. Access Control: Restrict access to people who need the information
  6. Retention Limits: Delete data when no longer needed

Collection Process

Step 1: Identify need for data

  • Document specific purpose
  • Justify why this data is necessary
  • Identify alternatives to data collection

Step 2: Seek specific consent

  • Present to community/individuals from whom data will be collected
  • Explain how data will be used and protected
  • Allow time for questions and consideration
  • Document consent

Step 3: Collect using agreed methods

  • Use only approved collection methods
  • Train collectors in cultural sensitivity
  • Maintain confidentiality and security
  • Document collection process

Step 4: Store securely

  • Encrypt all sensitive data
  • Restrict access to authorized personnel only
  • Back up data in secure location
  • Document storage location and access logs

Step 5: Use as consented

  • Use data only for purposes specified in consent
  • If new use emerges, seek new consent
  • Monitor for unauthorized access
  • Report any breaches immediately

C. Data Sharing Protocol

No Automatic Sharing

Data is NOT automatically shared even with:

  • Government agencies
  • Academic researchers
  • Technology partners
  • Funders
  • Other organizations

Sharing Requires:

  1. Specific written consent from data source/owner
  2. Data sharing agreement that includes:
    • Authorized recipients
    • Permitted uses
    • Security requirements
    • Duration of access
    • Acknowledgment requirements
    • Breach notification procedures
    • Community's right to audit use
  3. Community approval before any publication
  4. Benefit-sharing if use generates revenue or benefit
  5. Attribution acknowledging community ownership

D. AI Training Data Protocols

Critical Safeguard

Indigenous data, community feedback, or cultural knowledge will NOT be used to train AI systems (including Anik and Gaia) without explicit, specific consent.

Training Data Standards

  1. Explicit purpose: Community understands exactly what training will occur
  2. Limited scope: AI training uses only consented data for specific purpose
  3. Community oversight: Community can audit AI outputs for cultural appropriateness
  4. Modification rights: Community can request data removal from training sets
  5. Benefit-sharing: Community receives benefit if AI system generates value
  6. Transparency: Community knows how AI system was trained

AI Output Review

Any AI-generated content about Indigenous peoples or cultures requires:

  • Human review before publication
  • Community review if about specific communities
  • Attribution of source materials
  • Removal or correction of inaccuracies within 48 hours of discovery

IV. COMMUNITY BENEFIT & ACCOUNTABILITY

A. Benefit Sharing Framework

Benefits Beyond Funding

Community should receive:

  1. Access to technology: Community gets free/priority access to developed tools
  2. Capacity building: Training for community members in technology, data governance, decision-making
  3. Employment: Opportunities for community members on project team
  4. Intellectual property: Community may hold IP rights on community-specific features
  5. Knowledge: Shared learning about technology, governance, and Indigenous approaches
  6. Representation: Community voice in decision-making structures
  7. Recognition: Public acknowledgment of community's contributions

Benefit Distribution

  • Immediate: Training, employment, access during development
  • Medium-term: Capacity building, leadership development
  • Long-term: Ongoing revenue sharing if project generates profit; sustainability funding

B. Accountability Mechanisms

Community Review Board

Established during Phase 2, with authority to:

  • Review project decisions for cultural appropriateness
  • Approve data collection and sharing
  • Recommend course corrections
  • Terminate project if protocols are violated

Composition:

  • At least 50% Indigenous community representatives
  • Minimum 1 Elder advisor
  • Balance of technical and non-technical members
  • Geographic/community diversity

Monthly Reporting

Community receives monthly reports including:

  • Technical progress summary (plain language)
  • Data collected (inventory of data and purpose)
  • People involved (new team members, access authorized)
  • Community feedback addressed (specific examples)
  • Issues or concerns identified
  • Corrective actions taken

Quarterly Community Meetings

Open forums where:

  • Project updates are presented
  • Community asks questions and raises concerns
  • Changes are discussed
  • Celebrations of progress occur
  • Course corrections are made

Annual Community Audit

Independent review of:

  • Protocol compliance
  • Data governance adherence
  • Benefit distribution
  • Community satisfaction
  • Suggested improvements

Grievance Mechanism

Community members can raise concerns through:

  1. Immediate reporting: Concern raised to project lead (verbal or written)
  2. Investigation: Project lead consults with community partner pair within 5 business days
  3. Response: Written response to griever within 10 days with proposed resolution
  4. Appeal: If unsatisfied, escalate to Community Review Board
  5. Resolution: Board has authority to require corrective action or recommend project halt

V. FPIC (FREE, PRIOR, INFORMED CONSENT) IMPLEMENTATION

A. "Free": Absence of Coercion

Actions to ensure freedom:

  • No promises of funding contingent on consent
  • No employment threatened for withholding consent
  • No social pressure or shame tactics
  • No artificial time pressure
  • Full right to say no without consequences
  • No armed police or military presence during consent process
  • Adequate time for deliberation (minimum 4 weeks)
  • Support for community decision-making regardless of outcome

B. "Prior": Before Implementation

Timeline Requirements:

  • Information shared minimum 4 weeks before decision deadline
  • Community deliberation minimum 4 weeks
  • Consent obtained minimum 2 weeks before implementation
  • If project needs to proceed faster, extend timeline with community consent

Documentation:

  • Written record of when information was shared
  • Evidence of community receipt and understanding
  • Records of community deliberation meetings
  • Consent document with date

C. "Informed": Full Understanding

Information that must be provided:

  1. Project purpose: What is being developed and why
  2. Community involvement: How community will be involved, what decisions they control
  3. Data collection: What data will be collected, how it will be stored and used
  4. Risks: Potential harms (data breach, cultural misuse, AI bias)
  5. Benefits: Specific benefits to community
  6. Alternatives: If community doesn't consent, what happens
  7. Duration: How long will project last, when will engagement end
  8. Contact information: Who to reach with questions or concerns
  9. Withdrawal: Community's right to revoke consent and how that works
  10. Track record: Examples of how similar projects impacted other communities

Format Requirements:

  • Plain language (no jargon)
  • Accessible (audio, video, visual aids)
  • In community languages where possible
  • Available in multiple formats
  • Tested with community for clarity
  • Reviewed by independent party for bias

D. "Consent": Collective Decision-Making Authority

Key Elements:

  • Decision made by authorized community representatives (not external authorities)
  • Reflects community's values and priorities
  • Community deliberates without external observers
  • Community can set conditions on implementation
  • Community can reject the project entirely
  • Decision-making process respects community governance structures
  • Community controls approval/rejection announcement

VI. SPECIFIC PROTOCOLS FOR THIS PROJECT

A. 47 Requirements Community Review

Protocol:

Each of the 47 requirements must be:

  1. Community-reviewed for cultural appropriateness
  2. Checked against protocols for potential harm
  3. Blessed in ceremony before implementation
  4. Monitored during development for adherence
  5. Audited in final review before release

Review Process:

  • Requirement presented to Community Review Board
  • Community identifies potential concerns
  • Project team responds with mitigations
  • If concerns unresolved, requirement modified or removed
  • Final blessing before implementation

B. Anik & Gaia AI Assistant Protocols

Data Input Restrictions:

  • Only trained on explicitly consented data
  • No community data without written consent
  • No extraction from academic databases without consent verification
  • No use of historical data that may have been collected unethically

Output Review:

  • Every interaction logged and regularly reviewed
  • Community has access to review logs
  • Any problematic outputs reported immediately
  • User can request output correction or deletion

Transparency:

  • Community knows what Anik and Gaia can see and do
  • Clear explanation of AI limitations and biases
  • Documentation of training data sources
  • Regular audits for cultural appropriateness

VII. IMPLEMENTATION TIMELINE

Phase 1: Preparation (Before December 1, 2025)

  • Identify affected communities
  • Conduct community relationship-building meetings
  • Distribute project information in accessible formats
  • Establish Community Review Board structure
  • Create data governance policies
  • Draft community benefit agreement

Phase 2: Consent (December 1, 2025 - December 21, 2025)

  • Community deliberation period (minimum 4 weeks)
  • Consent documentation and signing
  • Winter Solstice ceremony including community members
  • Final review and approval before Phase 2 implementation

Phase 3: Ongoing (Throughout Project)

  • Monthly reports to community
  • Community Review Board meetings (quarterly minimum)
  • Data governance oversight
  • Benefit tracking and distribution
  • Grievance resolution
  • Annual audits and community meetings

VIII. RESOURCES & SUPPORT

Academic References

  1. Carroll et al. (2020). "CARE Principles for Indigenous Data Governance"
  2. First Nations Information Governance Centre - OCAP® principles and training
  3. UN Declaration on the Rights of Indigenous Peoples (UNDRIP)
  4. Operational Guidance on FPIC (Accountability Framework Initiative)
  5. Sheryl Lightfoot (2020). "Indigenous Laws and Governance in Indigenous Self-Determination"

Communities Providing Models

  • Stk'emlupsemc Te Secwepemc Nation (British Columbia)
  • Squamish Nation (British Columbia)
  • Juruna People (Brazil)
  • Okanagan Nation Alliance (British Columbia)
  • Penobscot Nation (Maine)

Support Organizations

  • First Nations Information Governance Centre
  • Research Data Alliance - Indigenous Sovereignty Interest Group
  • Equitable Origin (FPIC implementation support)
  • Local Indigenous technology ethics specialists
  • Community consultation organizations

IX. COMMITMENT STATEMENT

By implementing this protocol, the project team commits to:

"Conducting this work in genuine partnership with Indigenous communities, centering their sovereignty, protecting their data, respecting their governance, and ensuring that this technology serves their priorities and benefits their peoples. We commit to ongoing learning, accountability, and course correction. We understand that consent is not a one-time permission but an ongoing relationship grounded in trust, reciprocity, and mutual respect."

This protocol is a living document. It evolves with community feedback and changing circumstances. Communities can request modifications. Updates are shared with all stakeholders for feedback before implementation.

Sacred Trust Statement:

"This data governance protocol is sacred trust. We commit to honoring it not because we are required to, but because we understand that data about Indigenous peoples is not a commodity but a reflection of relationships, kinship, and responsibility to seven generations. We will protect this trust or release it, never exploit it."