The Fundraising Regulator has urged the Information Commissioner’s Office to make an “urgent amendment” to the wording of its consent guidance in relation to the Fundraising Preference Service.
As part of its consultation submission to the ICO in regards to the data watchdog’s guidance on consent in relation to GDPR, the Fundraising Regulator said that the ICO should update its guidance to more accurately reflect how the Fundraising Preference Service will work in practice.
The response written by Stephen Dunmore, chief executive of the Fundraising Regulator and published on the organisation's website on 4 April, said: “Regarding our forthcoming Fundraising Preference Service, the guidance states that: 'The Fundraising Regulator has set up the Fundraising Preference Service (FPS). The FPS operates as a sector-wide withdrawal of consent to charity fundraising. If an individual wishes to stop receiving marketing from charities, they can use the FPS to withdraw consent from all charities at once.’”
Dunmore said this was not how the FPS would operate, and claimed it was not the first time he'd informed the ICO of this.
“As previously discussed with Richard [Marbrow, group manager, corporate governance at the ICO] this paragraph requires urgent amendment on the following basis: The new service will not allow individuals to use the FPS to ‘withdraw consent from all charities at once’. It will allow individuals to withdraw consent from specific charities that they name. The guidance should be updated to reflect this.”
The ICO have yet to confirm whether they will amend their guidance in relation to the Fundraising Regulator’s request.
Regulator calls for clarity around notion of ‘opt-out consent’
The Fundraising Regulator also noted that the GDPR consent guidance from the ICO said “there is no such thing as opt-out consent”, a phrase it thought might be confusing given pre-GDPR guidance issued by the ICO last year.
Dunmore said that the ICO’s “pre-GDPR Direct Marketing guidance”, published in May 2016, could be misinterpreted by fundraisers moving forward as it discussed “positive action” and “explicitly provided some limited examples of where opt-out consent could potentially be legitimate under pre-GDPR regulations”.
In Fundraising Magazine
As a result, the regulator said that the ICO should consider adding a line in its guidance pointing fundraisers to this change in language.
"While we appreciate and support the need for stronger wording in the new guidance under the stricter GDPR, we would advocate that a statement is provided acknowledging a change in language used and contextualising this, to avoid the risk of being seen to contradict previous guidance. This could be as simple as adding that “there is no such thing as opt-out consent under GDPR”.
The regulator also said that the ICO should change its wording about which organisations can process data under legitimate interests, given that some charities may be able to do so, as they can meet the conditions. At the moment, the guidance says that only "private sector organisations" can process under legitimate interests.