Fundraisers and data protection experts appear to have very little common ground on which to talk about ICO’s recent enforcement action. Ian MacQuillin suggests the gulf between the two could be down to different philosophical approaches.
There are three types of people in the world: those who support charities, those who don’t (either through some point of principle or because they are unable to) and those who benefit from the goods and services charities provide. You are at least one of these and you could also be a combination of two of them. Now, suppose you didn’t know in advance whether you were going to grow up to be a charity supporter, someone who chooses not to support charities, or a charity beneficiary, only that you stood some chance, of being at least one and possibly two. How might this influence the sort of society you would want to grow up in?
If you knew you were going to be someone who was going to rely on the support, help and services provided by a charity, how would you want charities to be regarded in that society?
You’d probably want to ensure that you had access to those charities that could help you and they weren’t actively prevented from helping you. You’d probably want them to be able to speak up about anything wrong in society that was affecting your situation. You’d also almost certainly want them to have the resources to be able to help you. And if the only way you could get those resources was to go and ask the rest of society to voluntarily give them, then you’d probably want to make it as easy as possible for a charity to be able to do that. You also probably wouldn’t want those who chose not to give to charity to make it harder for those who do give to be asked to provide those resources.
You might already have recognised this as a variation on John Rawls’s ‘original position’ thought experiment (see here for a more detailed explanation or here for a an animated video), which the American moral and political philosopher described in his highly influential 1971 book, A Theory of Justice.
In this thought experiment, representatives of citizens are asked to draw up from scratch (the original position) their ideal, just, society. But they do so from behind a ‘veil of ignorance’, not knowing which groups of citizens they are representing (educated, talented, downtrodden, unemployed, faith or non-faith, property owners, high or low earners, etc, or, indeed, charity donors or charity beneficiaries). Under such circumstances, would you risk designing a society that had, say, inbuilt inequalities, such as mechanisms that resulted in two per cent of the citizens owning 95 per cent of your society’s wealth, if you might end up suffering significantly because you’re one of the 98 per cent scrabbling for a sliver of the other five per cent? Would you design a society that limited the freedom of speech of a particular faith if you didn’t know whether you might end up being told to keep your gob shut because you’re a member of that faith group?
The original position thought experiment is designed to lead you to consider what, from behind the veil of ignorance, and thus divested of all vested interests, would be the fairest, most just, society.
And so to the charity context: What kind of system for controlling and regulating charities would you help design if you didn’t know when you were taking part in this process whether you were representing donors, non-donors, or beneficiaries, or which of those you would end up being?
Fundraising regulation in the original position
I first conceived this blog earlier this year thinking about the Fundraising Preference Service in its original form of having the ‘big red’ total reset button. The point being that if you were in the original position (charity edition), would you be advocating for a system in which one half of society could opt out of being asked to voluntarily help the other half, if you didn’t know which half you’d be in? And then the enforcement action taken this month by the UK’s Information Commissioner’s Office (ICO) against the British Heart Foundation and RSPCA pushed wealth screening and data profiling to the front of the to-think-really-carefully-about list.
From behind a veil of ignorance, would you make provision for charities to be able to identify who would be most likely to provide the most resources for beneficiary services? Or you would make provision for everyone, not just those with the most resources, to be spared solicitations to help, either through an opt-out like the FPS or strict data protection laws?
I can almost feel the DP Twitterstasi hovering over their keyboards even as I type these words. My recent blog on Critical Fundraising about the ICO set several hares running among DP types, who, I think, misunderstood the thrust of this blog (though check out the three Storify links at the end of this blog and come to your own conclusion).
There seemed to be three strands to their criticism of my blog (aside from the ad hominem attacks on me).
First, they seemed very protective of the ICO: what it does is beyond reproach, criticism or challenging.
Second, fundraisers collectively as a profession have little right to speak up because they have lost that right by failing to take responsibility for poor practice – one said that fundraisers should improve their practice before criticising ICO; in other words, until you are doing what ICO tells you you should be doing, you have no right to challenge ICO over whether they’re right about what they’re telling you.
But third, most of the criticism I got was that I was not just defending poor practice – and remember, the BHF and RSPCA were actually found to be in breach of the letter of the Data Protection Act 1998 – but advocating future noncompliant data protection. I wasn’t then and I’m not now.
My original blog contains these lines:
At the point that the law is the law, where the data protection rules prohibit certain actions – such as emailing individuals without their consent – then there is nothing more to be said: you cannot do what the law proscribes, even if so doing would help your beneficiaries. The ICO adjudications against BHF and RSPCA show several instances where this is the case.
(Perhaps though if I were writing that blog again, I’d put something like this much nearer the start.)
Rather, that blog was a critique of how ICO appears to be approaching the way it is enforcing data protection at charities, particularly around wealth screening, and specifically about whether they are operating different (stricter) standards for charities than they do for companies.
That doesn’t seem to me particularly controversial, since regulators should always be held to account, not just by oversight bodies, but also by those they regulate, to ensure their regulation conforms the five principles of better regulation:
- Proportionality Regulators should intervene only when necessary. Remedies should be appropriate to the risk posed, and costs identified and minimised.
- Accountability Regulators should be able to justify decisions and be subject to public scrutiny.
- Consistency Rules and standards must be joined up and implemented fairly.
- Transparency Regulators should be open, and keep regulations simple and user-friendly.
- Targeting Regulation should be focused on the problem and minimise side effects.
Neither does it seem to me a difficult question, because the answer has to be one of:
- No, we do not have different standards for charities.
- Yes, we do have different standards for charities.
- We don’t know (on the two occasions I’ve asked ICO, the answer I’ve had is closer to this than the other two, although what I have inferred from what they’ve told me is: Yes, we do).
The response to c) then has to be, sort it out!
The totally legitimate response to b) is: Why do you have different standards for charities? Explain yourself and justify yourself. Anyone can ask the ICO – or any regulator, including the police and the security services – those kinds of questions, irrespective of whether you are the one who’s being accused of malpractice. It’s highly anti-democratic to claim that you have no right to confront your accuser.
So let’s get completely clear that there are two issues that are being conflated:
- ICO found charities breached the Data Protection Act and punished them for doing so (I wouldn’t dream of challenging ICO’s decisions as I have nowhere near enough knowledge of data protection law to be able to do so).
- Separately to the enforcement action it has taken, does ICO’s approach to regulating charities conform to the principles of better regulation, or is it overstepping these, specifically point three about consistency of implementation and point two about accountability?
These are two separate issues. Yet, the DP community’s response (at least to me via Twitter) has been to focus on the first and ignore the second, and can be characterized as: “This is where we are, deal with it.”
However, the original position thought experiment allows us to ask whether we ought to be where we are. And if we are not where we ought to be, perhaps we can actually change it to make it fairer.
I’m not advocating changing the Data Protection Act to give exemptions for charities (others might do that; I wouldn’t). I am advocating that the same standards be applied to charities as are applied to companies, and that might mean challenging ICO’s approach towards charities and persuading them to adopt a different approach, perhaps a ‘fairer’ one.
And yet I see this suggestion being received pretty badly by the DP community and whereas earlier I could sense their fingers hovering over their keyboards, now I can hear them come crashing down. Because I suspect they just won’t bite the bullet that any change is necessary or desirable, and not just because the Data Protection has the concept of “fair” use of data built into, so they will already consider it sufficiently fair.
Regulators have duties to beneficiaries – an ‘extraordinary’ idea
Jon Baines, the chair of the National Association of DP and FOI Officers (NADPO) described my original blog (see Storify 2 link in Appendix) as “extraordinary” because it suggested that “ICO has a moral duty to beneficiaries of charities that overrides rights of donors” – my theory of Rights Balancing Fundraising Ethics actually says that the ICO (and everyone, come to that) has a duty to beneficiaries that may override its duty to donors, not that it necessarily does. Baines considered my blog to be extraordinary not because it was asking a very good ethical question about how the rights of donors and beneficiaries ought to be balanced in the regulation of fundraising – a question that has rarely been posed, let alone satisfactorily answered – but because the self-evident answer was that the ICO did not have such a duty. He really was aghast I’d even suggested such a heretical idea.
I pointed out that we all have a duty to give aid to those in need – it’s a major plank of Kant’s duty of beneficence (see here, for example), and features prominently in the ideas not just of John Rawls (who calls it a ‘duty of mutual aid’ – see p97 of the 1999 edition of a Theory of Justice) but also of Peter Singer.
Baines’s response was that if charities failed to comply with the law, they would fail to help their beneficiaries, which would be a moral failing. This I agreed with, but pointed out my blog was not a defence of charities breaking the law, but a critique of ICO’s regulatory approach, which brings us back to the conflation of two themes I outlined above.
“The duty of helping another when he is in need, providing that one can do so without excessive loss or risk to oneself.”
So the question that Rights Balancing Fundraising Ethics is designed to help address in all ethical or moral dilemmas in fundraising – not just in relation to the ICO’s approach to wealth screening (but not enforcement of, provided it is done consistently in line with better regulation principle 3) – is to balance the duty to provide aid, by giving to charity, against the disamenity (loss or risk to oneself) of being asked to do that by a fundraiser.
While data protection maverns will, I am sure, argue otherwise, it is by no means self-evident that the disamenity to data subjects of a charity wealth screening its database outweighs the benefit of the aid that wealth screening delivers to beneficiaries, provided it is done lawfully by the charity. Any attempt to interpret the law solely to tip the balance in favour of the rights of data subjects – such as operating a double standard for charities and companies – would indeed, be unethical. To me, that idea doesn’t sound “extraordinary” in the slightest.
Social Contract Theory v Libertarianism
So why does there appear to be little common ground between those on the fundraising side who are critical of the ICO’s approach, and those on the data protection side who are steadfastly in support of it? When two sides of an argument are so patently talking past each other, then we need to delve a bit deeper to find out what’s going on. Because I think there is a much more principled reason for the data protection side’s rather vehement reaction to the charity sector’s arguments, and it rests in a clash of philosophies.
Rawls is a social contract theorist. Social Contract Theory is the idea that we agree to live under and abide by the ‘social contract’ of the society we live in, and surrender certain rights to individual liberty in return for the protection the society gives us. So under Social Contract Theory, there is always a trade off between individual rights.
I suspect those on the data protection side of the debate are libertarians. Libertarianism is the collection of ideas – one of the best known being Robert Nozick‘s Anarchy, State and Utopia, written as a direct response to A Theory of Justice – that state that the rights of the individual are absolutely paramount, take priority and primacy over all other considerations, and cannot be forcibly overridden by third parties in the pursuit of the interests of others.
A possible Social Contract Theory argument in respect of wealth screening could be that citizens ought to/could consider modifying certain of their data protection rights in return for the aggregate added protection and benefits this brings overall for members of society (not just services for those in desperate need, but new art galleries, theatres, sports facilities and museums).
The Libertarian opposition to this idea is that an individual’s personal data is absolutely sacrosanct, and absolutely no-one should be able to make any claims on the use of that data just because others may benefit from that use. That’s why Jon Baines considered my original blog to be “extraordinary”, because it ran headlong into his Libertarian principles*.
I can’t suggest a way to get the libertarians and social contract theorists talking together about this, partly because I’m running out of space and partly because I haven’t really given much thought how to do it. But knowing we’re in a clash of philosophies at least gives us a starting point.
But what it does show us, once again, is that fundraising has virtually no theoretical or philosophical foundation, and that when issues arise that need to be addressed at a theoretical level – such as what is the right balance to be struck between the rights and interests of donors and beneficiaries – all we can do is conflate this with the ongoing practical implications and consequences: in this case, did charities break the law?
This allows me to finish with a restatement of what I founded Rogare to do – to move the debate away from questions about what fundraisers do, to the theory and philosophy that underpins why they do those things. And hopefully through the more constructive discussions that come out of this, we will be able to put the profession on a much firmer theoretical foundation.
* Jon Baines has contacted me to point out that he is not a libertarian and does not have libertarian principles:
- Ian MacQuillin is director of Rogare – The Fundraising Think Tank.
Appendix – Twitter discussions on Storify
- Data protection Tweets – Storify 1
- Data protection Tweets – Storify 2
- Data protection Tweets – Storify 3
- Critical Fundraising‘s round up of blogs exploring ICO’s recent enforcement action.
- Download Rogare’s white paper: Rights Stuff: Fundraising’s Ethics Gap and a New Theory of Normative Fundraising Ethics.
7 thoughts on “NEW IDEAS: The philosophical dispute between fundraising and data protection”
Although I disagree with your characterisation of this as a “DP vs fundraising” debate, I respect your right to air it. However, I do question how helpful overall this kind of divisive back-and-forth is to the sector and either profession. Maybe the fundraising and data protection communities should be focusing on helping and educating each other instead?
Only an idiot would wish to shield the ICO from criticism, and as far as I am aware, very few in the Data Protection community would seek to try. Certainly, as one of the people the author of this piece interacted with, I can say that I have been a critic of the ICO for much longer than he has, and a much deeper knowledge of their failings. They are timid, reactive and overly-cautious.
However, the specific criticism of the ICO made here (and previously) is nonsense. The action taken against charities is entirely in line with the ICO’s general approach. Under PECR, the ICO has fined dozens of commercial companies for shoddy direct marketing practices. Some of these practices are analogous to those adopted by charities – data sharing without consent, ignoring TPS, targeting vulnerable prospects – and some are different. The fact that the author is ignorant of years of ICO enforcement does not mean it did not happen.
The most obvious way in which the ICO treated charities differently from the commercial sector is in a massive reduction in the final penalty. No sector has ever had the penalty reduced solely because of the distress that might be caused (in this case, to donors). The ICO has fined austerity-strapped NHS bodies and councils without any similar reduction. If Mr MacQuillin is so keen on equanimity, presumably, he should argue for charities to get the same treatment as the PPI spammers, whose practices are uncomfortably close to what some fundraisers do in the name of their cause, and whose fines never get reduced.
By blaming the Information Commissioner for tackling fundraising culture, the author is making future enforcement much more likely. Feeding a sense of grievance in the sector, deflecting the blame from the fundraisers to the regulator, making this whole situation seem like unfair regulation rather than the consequence of years of bad practice will make charities – and especially some fundraisers – believe that the righteousness of their cause outweighs the unfair and disproportionate actions of the ICO. The sector cannot move on until it accepts what it got wrong. The above piece will do nothing to help.
Mr. Turner’s rebuke notwithstanding, it seems as though consistency of enforcement with the ICO’s approach does not address Mr. MacQuillin’s suggestion that perhaps there is room to discuss whether the approach is the correct/fair/ideal one. Criticism of the ICO’s practice seems to be one aspect of the problem but there is a perhaps larger underlying problem.
To that end, the philosophical argument posited by Mr. MacQuillin is a thought experiment. Practically, there is no view from nowhere. As such, we (and the ICO) approach questions from our own perspectives. For many, that is the perspective of someone who is asked to support a charity, not as a beneficiary. While we can’t actually experience an original position and a tabula rasa state, if we truly did not know who we were (philanthropist or beneficiary or both) we might evaluate the consequences of activities such as wealth screening differently. If you put a group of wealthy people together in a room and ask them to devise a tax code, you would get a much different result than if you put people who live in poverty in that same room.
The concern that is not being addressed in any of these discussions is the counterweight of the interests of the beneficiaries (who may also include the philanthropist either directly or indirectly). Introduction of those interests in the discussion is the key to forward progress on these issues.
It looks like we are finally seeing some of the true colours behind the vehemence of some of the DP arguments in response to this blog when you say that the ICO should not be blamed for “tackling fundraising culture”.
The role of the ICO is to enforce the Data Protection Act and ensure that all data processing done by charities is done lawfully. It has no remit to “tackle fundraising culture” and the suspicion that this is what it is aiming to do lies at the root the fundraising sector’s concerns.
You’ve compared charity fundraising to PPI in this comment and elsewhere. Whether charities ought to conduct their fundraising in a manner analogous to PPI marketers (or any other commercial marketer) is certainly a debate, but it is a different one to whether they conduct that marketing in a lawful or unlawful fashion.
The role of the ICO is to stick to the facts and ensure that charities conduct their data processing lawfully. It has no remit, authority, or right to enforce any kind of value about how it thinks fundraising ought to be carried out. That is the ultimate responsibility of the trustees of each charity.
And while my blog tries to separate these two issues, in your comment you’ve once again conflated facts and values.
Despite your latest blog containing details of enforcement action taken by ICO in 2016 (the first half of which was under the leadership of the previous data commissioner) that shows it has been more lenient on charities, you haven’t really responded to any of philosophical issues I’ve raised in either of my blogs about how ICO plans to move forward in regulating charities.
I’d hate to put words in your mouth because I know how much this upsets you, but it does seem that you’d much rather be outraged that the charity sector has raised concerns about its treatment rather than genuinely try to understand why it might have those concerns.
It might be that you are more right that we are. It might be you are considerably more right that we are. Grandstanding the way you do isn’t going to make people take note of your arguments.
The fundraising culture I referred to is a culture that ignores the law in favour of maximising donations. Secret profiling and secret data sharing may be unethical, but if that was all that they were, I wouldn’t have much to say. People with low ethical standards behave poorly in all walks of life; it’s unremarkable.
My point is that the unethical approach of some fundraisers is also unlawful. That’s why the charities got fined. You don’t have to accept this if you find it unpalatable. However, that both charities are not going to appeal suggests that they are more accepting of reality than you are. You can continue to feed a victim mentality if you like, and those who take comfort from your viewpoint will probably make the same mistakes that RSPCA and BHF are guilty of.
A further interesting variant of the “original position” thought experiment is to consider that there are some outputs of non-profits which benefit all people, so that it’s inherently impossible that the “philanthropist”, “beneficiary” and “uninvolved” groups are separate. Examples would be benefits which are inherently indivisible or where their incidence is universal.
So, the benefit of medical research leading to elimination of fatal diseases (think smallpox) is inherently universal. Everyone in the “original position” would know they could be a beneficiary because all share the benefit of never getting smallpox and never fearing getting smallpox.
More contentiously, one could argue that abating harmful global warming is a universal benefit – everyone enjoys benefits regardless of where they are and whether they gave up some of their interests to contribute to abatement. Contentious, of course, because at least in the short-term some people and economies will benefit from global warming (think opening of Artic sea-lanes as a simple case), and because of the debate about whether there are dis-amenities which are greater than the benefits.
So, if non-profits contribute to medical research or abatement of harmful global warming, then arguably “everyone is a beneficiary”.
For this argument, let’s put aside the factual debate about whether any of these benefits truly are universal, and assume some universal benefits exist. Does this mean that the positions of the “philanthropists” and “uninvolved” in the Rawls thought experiment would change?
I think yes. They would incline more to design a system which “tips the balance” more towards generating those universal benefits, because they “know” that they will or may share the benefits. In the balance of rights, fundraising which makes possible those benefits would be more “favoured”.
However, this leads us in a murky direction – does this mean trying to treat differently non-profits, government entities and businesses which happen to generate universal benefits? How could those be distinguished from other activity in a practical sense? And for charities, and consequently fundraising, would that mean designing a system which affords a lesser support of philanthropy to non-profits whose benefits are for identifiable groups, not universal?
I think this points us to one of the public policy reasons for “treating the charity sector differently” – as an entire sector. That is, it is practically difficult to disentangle “universal” benefits delivered by charities, from benefits from identifiable groups.
And this distinction becomes harder still when charities deliver a mix of “universal” and “specific group” benefits. (Think, for example, the familiar argument about charitable status of the arts – that artistic work benefits both direct consumers, and society more universally by the value of the social debate engendered, the elevated cultural tone etc.)
Returning to the original subject matter of this post, and the ensuing debate via Replies, we can see the “for and against” of different treatment in the area of “data protection”.
In Australia at present, this debate is focused on the exemption of charities from the force of the individual opt-in telemarketing “do not call register” operated by the Australian Communications and Media Authority. Unlike the UK Telephone Preference Service, charities are legally exempt from adhering to an individual’s “do not call” opt-in via this register. Note, however that some Australian charities voluntarily follow the do not call register, and the relevant professional fundraising Standard does require a charity to adhere to an individual’s preference when the individual has told the charity (directly) not to call.
So the policy objectives of exempting charities from the “do not call register” have landed squarely on the view that charities deserve to be treated differently than businesses. (And in the history of this legislation, the exemption of political parties from adhering to the “do not call” register is another factor, which might suggest that it wasn’t all a high-minded exercise of rights balancing.)
The “rights balancing” framework is not explicit in this discussion in Australia. However for now it appears that implicitly the privacy rights of individuals are balanced against the social benefits which charities provide (and which fundraising enables). Some curtailment of an individual’s privacy rights (more precisely, the ease and legal enforceability of asserting that right, in relation to phone calls) have been embodied in the legislation.