KNOWLEDGE/OPINION: ICO and enforcement action against charities

In December 2016, the Information Commissioner’s Office took enforcement action against the British Heart Foundation and RSPCA for breaching data protection legislation. This page collects the ICO statements and blogs responding to ICO’s action, both critical and in support of ICO, as well as any best practice advice. We’ll add to this as and when blogs are published.

ICO outputs

Analysis and best practice advice:

ICO fines – what are the legal implications for charities?

Lawrence Simanowitz, Hannah Lyons, and Melanie Carter (Bates, Wells and Braithwaite) on Institute of Fundraising website.

Choice quote:”There are alternatives to consent to ensure that processing is fair. In particular, if processing is in an organisation’s ‘legitimate interests’, and such processing does not disproportionately prejudice the rights and freedoms or legitimate interests of the data subject, then it will be lawful to process the data without consent. In other words, a balance between the interests of the organisation and the rights of the individual must therefore be achieved.” 

UK fundraising and European data protection ruling: what it means and what your organisation should do right now

Adrian Salmon (Grenzbach Glier and Associates) on GG+A blog.

Choice quote:

“In our understanding, adding wealth and updated contact information to individuals’ records is not in itself illegal. What was deemed to be a breach of the law was that the charities in question did not have wording anywhere in their Privacy Notices to alert individuals that such external data might be gathered and appended to their records, and for what purpose.”

In defence of ICO/critical of charities:

Fair cop

Tim Turner (data protection trainer) on 2040 Information Law blog.

Choice quote:

“Some big charities have run an end-justifies-the-means approach to marketing and they have got away with it for a decade. Fundraisers ruled the roost, and compliance has been sidelined or ignored. Given how much money the RSPCA and the BHF have raised from fundamentally unlawful practices, they should pull back and rethink how they get donations in the future.”

Small Change

Tim Turner (data protection trainer) on 2040 Information Law blog.

Choice quote:

“Despite years of ignoring the Data Protection and PECR requirements in favour of a flawed, fundraiser-driven approach, the ICO has not taken disproportionate action against the charities. The action taken is a small percentage of the overall total. Special pleading and blame-shifting will not help the sector. Compliance with the law will.”

Critical of ICO/in defence of charities:

Why ICO’s rulings are a job half done

Dan Fluskey (Institute of Fundraising) on UK Fundraising

Choice quote:

“Yesterday the ICO confirmed that it is fining two charities for breaches of data protection law. Well, that wasn’t quite the headline or tone of the language used. Instead it was ‘exploiting supporters’, ‘secretly screening’ and ‘disregard for people’s privacy.’…It is disappointing that an independent and serious regulator seemed to be trying to write the tabloid headlines for them.”

Does the ICO have ‘unreasonable’ expectations about wealth screening?

Ian MacQuillin (Rogare) on Critical Fundraising

Choice quote:

“ICO now has a choice. It can choose to use the reasonable expectations provision to hold nonprofit organisations to higher standards than for-profits, and in so doing, permit commercial organisations to continue with particular practices that are forbidden for charities.”

The philosophical dispute between fundraising and data protection

Ian MacQuillin (Rogare) on Critical Fundraising

Choice quote:

“A possible Social Contract Theory argument in respect of wealth screening could be that citizens ought to/could consider modifying certain of their data protection rights in return for the aggregate added protection and benefits this brings overall for members of society (not just services for those in desperate need, but new art galleries, theatres, sports facilities and museums).”

Disentangling facts and values in the UK’s wealth screening controversy

Ian MacQuillin (Rogare) on Intelligent Edge blog

Choice quote:

“Whether it is right or wrong that charities ‘exploit’ their donors (however you choose to interpret ‘exploit’ in this context) is a very interesting ethical question. But providing they ‘exploit’ their donors in a way that is compliant with the data protection legislation, it is of absolutely no concern to the data protection regulator, acting as a data protection regulator.”

Isn’t it all a bit illegal?

Susie Hills (Graham Pelton Consulting) on LinkedIn

Choice quote:

“If we want to build long-term, meaningful (and consensual!) relationships with our supporters and explain to them why we’re doing so, then knowledge of their philanthropic interests and ability to give is vital. It is not distasteful; it is professional, thoughtful, and responsive.”

A response to the ICO’s findings that RSPCA and British Heart Foundation broke data protection laws

Christian Propper (Graham Pelton Consutlting) on LinkedIn

Choice quote:

“A good privacy policy will make it clear that you may engage in this activity – an even better privacy policy would expand this to include the fact that the charity may review publicly available information about an individual to help them gain a better understanding about their supporters.”

Annus horribilis

Chris Carnie (The Factary) on The Factary blog.

Choice quote:

“This lack of research will drive a wrecking-ball through relationships between high-value philanthropists and non-profits. It is not coincidental that so many people of wealth are now establishing their own foundations; it is already hard enough to persuade them that they should build a relationship with an existing non-profit.”

We need to talk about money. A response to the ICO fines on RSCPA and BHF

Adrian Beney (More Partnerships) on LinkedIn.

Choice quote:

“I am dismayed when we see a state regulator joining in what appears to be a visceral and emotionally unexplored reaction against the “outrage” that a charity might plan to ask people for money and then to do it again.”

In defence of the public domain

Chris Carnie (The Factary) on The Factary blog.

Choice quote:

“People in the public domain – in Who’s Who, or LinkedIn, the Times or Companies House – are there for a variety of ‘purposes.’ They expect that the information will be used in a variety of ways – including, yes, by people who will lead them into great philanthropic acts.”

Why the ICO and its investigation into charity data practices is completely self-defeating

Matt Ide (Giving Insight) on LinkedIn

Choice quote:

“Who’d have thought a government institution whose remit is to ‘uphold information rights in the public interest’; an institution so important to our everyday lives….a protector of the people as it were, would write a press release with the delicacy of a pile of tabloid dross.”


Hard lessons in fundraising as the ICO shifts the goalposts

Alan Barker and Owen O’Rorke on Farrer and Co blog.

Choice quote:

“It will be of little comfort to others (notably those already under investigation) to note that many would agree with the BHF that the ICO is in fact wrong on this question: for example, in its insistence on the need to obtain clear individual consent for this kind of activity.”

Let’s push our own re-set button

Charlie Hulme (DonorVoice) on UK Fundraising.

Choice quote:

“If our immediate defence is to say, ‘but commercials can do it, why can’t we?’ we miss the point. It goes without saying that it’s just as intrusive and irritating when done by a commercial. But do people feel the same sense of guilt ignoring what they send as they do when it’s sent on behalf of someone in desperate need?”

AM logos May 2016

One thought on “KNOWLEDGE/OPINION: ICO and enforcement action against charities”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.