Why the ICO should not be charitable with fundraisers
Fury erupted this week on social media feeds from the normally sedate Fundraising Regulator and Charity Commissioner's 2017 conference. The cause? A presentation by the Information Commissioner Elizabeth Denham explaining the data protection obligations which those organisations operate under.
The problems came from comments about how fundraisers set about raising money. Twitter lit up with protests that this was "disrespectful" and that the sector was "drowning in a lack of understanding of what good fundraising looks like." Remember, this is the sector which was revealed to be so lacking in the fundamentals of data protection that an entirely new regulator was created just to make sure it got its house in order.
So what did the ICO say that merited such a strong response? Only that individuals need to be told what their data would be used for and that, where this had not happened, charities could not simply make use of personal information any how they chose to. Cue howls of outrage and objections that this would mean contacting large donors before knowing if they were likely to give any money. In other words, wealth screening is not allowed unless the privacy notice made it clears that this was part of the purpose for which the data was being collected and an opportunity to opt out provided,
GDPR will make this even more evident with its separate consent to profiling. The ICO has made it clear that it intends to uphold this interpretation of the existing law by fining the British Heart Foundation and RSPCA for profiling donors this way (triggering a separate Twitter storm of protest in its wake).
To avoid being on the wrong side of this debate and either being fined, appearing in Daily Mail headlines, or both, here are three things to all charities need to bear in mind:
1. Data protection is a fundamental human right - that means it is every bit as important as other human rights which many charities work to protect, such as the right to a family life, health, childhood, religious and political tolerance, or even which sports club to support. (You'd be surprised how many of them are registered charities.) Upholding this right should be at the heart of any cause's mission statement, alongside the good it intends to do.
2. No special pleading for charities - data protection law is universal and applies to any organisation holding personal information. That means charities every bit as much as commercial organisations (and the public sector). The ICO is not asking fundraisers to go further than companies have to, despite claims to that effect.
3. No charity has a special right to exist - just as no commercial business can claim special protection or be too big to fail, so charities have to work out how to thrive within the law, rather than through their donors' ignorance of it. That could be tough on some and may even see them close down. But with 195,289 registered charities in the U.K., be under no illusion that a shakeout would be bad. It might actually be the best thing that could happen as far as donors are concerned.
to be GDPR compliant.
Register with us for all the news