Biometric and digital identity technologies can seriously disrupt the lives of displaced people. Interviewing dozens of migrants and refugees in Europe who fled conflict in East Africa, I was told how minor discrepancies in identity databases can cause bureaucratic chaos. A misspelled name, for example, can be used as a threat to separate a child from her parents or reject an asylum application.

It is not a simple matter of getting the database to work correctly — for some government officials, biometrics were used to carry out policies that discriminate against displaced people. Fearing surveillance technologies, some refugees avoided camps requiring fingerprint scans in exchange for food and shelter.

For humanitarian organizations, monitoring and collecting data are essential for delivering the right amount of aid to the right people at the right place and time. When these organizations collect data, they are trusted more than companies or governments because their mandates include the principles of humanity, neutrality, impartiality and independence.

Yet to date, the humanitarian sector has not developed the calculus to weigh the benefits of digital identity systems against the costs to fundamental rights. A report commissioned by Oxfam released last year found a concerning lack of evidence to support the assumption that biometrics will reduce fraud at key points in the food distribution process. If most of the Yeminis burdened with proving their identity in the food lines are not the masterminds behind Houthi schemes to divert aid, is the biometric response proportional?

One might say that in a war zone, the risk to privacy is insignificant compared with the dangers of going without food. This may be true in the immediate moment. But potential harms related to data are often latent or shifted to a later time.

If an individual or group’s data is compromised or leaked to a warring faction, it could result in violent retribution for those perceived to be on the wrong side of the conflict. When I spoke with officials providing medical aid to Syrian refugees in Greece, they were so concerned that the Syrian military might hack into their database that they simply treated patients without collecting any personal data. The fact that the Houthis are vying for access to civilian data only elevates the risk of collecting and storing biometrics in the first place.

Data collectors and data brokers hold power. This is why surveillance technologies can be so alluring. International organizations that deploy large-scale identity collection systems can become the largest data brokers in a crisis region.