The Fundraising Regulator has recommended that charities should only contact people who have opted in to receive fundraising communications, say it is the “clearest" and "safest” form of consent.
Ahead of the joint conference on data protection being held in Manchester today by the Information Commissioner’s Office, the Fundraising Regulator and the Charity Commission, the fundraising watchdog has published a guidance document called Personal Information and Fundraising: Consent, Purpose and Transparency.
In the document, the Fundraising Regulator said that a move to communicating only with people who have opted in represents the “clearest, safest, most future-proof way” for charities to ensure they have the consent of donors once the General Data Protection Regulations - a new EU law governing the handling of data - comes into force in May 2018.
The regulator recommended that: “Charities must have a clear understanding of the basis on which they will justify their collection and use of personal information for their direct marketing purposes."
It also said that: "Communications should include a mechanism to withdraw consent easily at any time.”
The document said that existing ICO codes of practice and guidance, the existing GDPR definitions of consent, and the desire of the Fundraising Regulator to ensure that the sector adheres to good practice "all point to opt-in methods as the clearest, safest, most-future proof way of collecting and demonstrating consent".
The paper also questioned the use of the "legitimate interests" argument, which says fundraisers can say they needed to use donor data to carry out the legitimate interests of their charity.
It recommended that fundraising charities “do not rely on legitimate interests unless it can be shown that the data was obtained fairly and lawfully” and also said that legitimate interests will not be enough to “make live calls to non-TPS and non-previous object numbers”.
‘This is guidance, not standards’
The Fundraising Regulator said that the document was “guidance, not standards” and nothing contained within it were stipulations or changes to the Code of Fundraising Practice.
Stephen Service, policy manager at the Fundraising Regulator, said: “The first thing is, we haven’t said to charities that they have to move to opt-in. Effectively what we’re doing is going along with what the ICO is saying on this which is effectively that opt-in represents the safest way by which charities can evidence consent from individuals.”
Service said that, as far as the Fundraising Regulator understands, some form of opt-out communications will still be legally valid after GDPR comes into force. However, Service did say that the Fundraising Regulator “agrees with the ICO” that fundraising charities will need “some form of positive action from the individual to evidence consent”.
“We’d agree with the ICO that you need some form of positive action from the individual to evidence consent,” said Service. “If charities choose to ignore that, what the Fundraising Regulator is saying is there’s a real risk there that if you’re asked to evidence it, that evidence will be ambiguous.”
Gerald Oppenheim, head of policy and communications at the Fundraising Regulator, said that the guidance was the first step in a process, and that the guidance would be amended in the future, before it informs any changes to the Code of Fundraising Practice.
“If our assumption is right that GDPR will allow opt-in and opt-out what GDPR will do is that all of us will adapt our guidance accordingly fully and properly and we will then take that into the Code, so as to codify the rules around opt-in and opt-out so that we can make our judgements in that way.”
Service said that the guidance was about “identifying where the risks lie, inviting charities to make a decision on that basis but ensure that they’re fully informed about what the consequences of that decision might be if they choose to go opt-out, and the risk that is potentially posed with that decision”.
Gerald Oppenheim will be discussing the Fundraising Regulator’s guidance at the Fundraising and Regulatory Compliance Conference in Manchester this afternoon. A live stream of the event can be viewed here.
He also wrote a blog outlining why the Fundraising Regulator decided to release this guidance, which can be read here.