For almost any sizable fundraising charity, the use and management of data can be a significant challenge. Few would argue whether the public should have a say in how their contact details are used and shared, and yet for the fundraising community, a right to ask is critical and, for that to happen, they seek freedom in approaching a wide net of people.
With the implementation of EU-governed General Data Protection Regulation, Member States may face shared challenges, but also an opportunity to have clarity and unity in the way they reach out to supporters within and beyond national borders. The Commission's proposal for modernised and uniform data protection rules are intended to remove barriers to market entry.
The European Commission is proposing to regulate the area centrally, by establishing one coherent and comprehensive framework that will supersede national laws.
The Draft EU Proposal was published in January 2012. More than 3,000 amendments later, the proposal is still being kicked about in parliament and the subject of intense negotiations.
The Commission is working to a timetable of reaching agreement on the new proposal before the European Elections in 2014 and for regulation to take effect two years later, although there is some doubt as to whether these dates will be met due to the large number and breadth of stakeholders involved.
Günther Lutschinger, EFA President and Chief Executive of Fundraising Verband Austria, says: “The real challenge is that the current legal requirements differ immensely from nation to nation.”
EU legislation must bridge the patchwork of 28 often contradictory national data protection rules. For example, cold calling - the practice of calling people that have no current relationship with the organisation - is outlawed in some parts of the EU such as Germany and Austria, but common practice in others, including the UK, which has raised concerns about likely changes having a detrimental impact on fundraising.
Under the European Commission proposal, a company could process personal information only after obtaining clear permission from the person, who could withdraw his/her consent at any time. Direct mail is a common fundraising technique and is permitted in nations such as the UK unless individuals opt-out of such mailings. Concerns have been raised that new EU rules will mean that people would have to proactively opt-in to receive such mailings and that this would dramatically reduce the number of people charities could reach out to for funds.
Charities also worry about the right to be forgotten, where people can request that their personal records are erased from their system. If such legislation were to apply to suppression lists, they would become ineffective. The concern is that every charity’s potential market for direct mail, email, telephone and SMS fundraising could be greatly minimised, while the administrative burden for managing data would be far greater. Organisations may also be required to appoint a member of staff expressly to look at the data protection rights of contacts, as is the case in Germany.
The good news is that EU officials appear to be easing up on some such requirements, having since clarified that, whatever form the final regulation takes, explicit consent to be contacted would be required “only if organisations are processing sensitive personal information, such as individuals' medical records.”
Organisations must still request consent and respect contact preferences of course, but it would seem that implied consent (through not opting out), may be enough to continue to use it for direct marketing purposes.
Within the proposals, organisations with a ‘legitimate interest’ should be able to process personal data without consent. This is by no means a green light for marketing activity, but clear examples of what legitimate interest might mean are given in the amended draft report published earlier this year , produced by Green Party MP, Jan Philipp Albrecht, the appointed lead Rapporteur of the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs,. They include "processing of personal data necessary for registered non-profit associations, foundations and charities, recognised as acting in the public interest under EU or national law, for the sole purpose of collecting donations".
The nonprofit sector has taken heart that fundraising is recognised explicitly within the report and this follows a series of meetings between EFA the rapporteur and other senior officials.
Lutschinger adds: “Many of Europe’s fundraising associations have lobbied MEPs in recent months and an early success is that the charity sector is now being considered as a special interest group with a right to use data. But, whether this will manifest itself in more favourable regulation for nonprofit groups remains to be seen.”
“As senior officials continue to debate the future of data protection law across the EU, it is crucial that charities’ views are represented every step of the way. We must be party to discussions and continue negation with politicians and civil servants in Brussels and at a national level.”
Under Irish Presidency of the European Union, data protection legislation has been prioritised and accelerated. Just last month, the Council of the European Union’s Justice and Home Affairs released a draft compromise text addressing the first four chapters of the proposed regulation, reflecting many of these concerns and seeking to move from a detailed, prescriptive approach toward a risk-based framework. The document even addresses the possibility that the current directive may simply be replaced, deferring to national legislation after eight Member States objected to centralised regulation. Consultation continues and informal negotiations are timetabled between the European Parliament and the Council of the European Union to take place this Autumn.
Few would argue that clear data protection legislation is important to engender trust and protect privacy. One central EU law will ensure a more fluid data flow and provide clarity over regulation, helping facilitate cross-border campaigns and enabling charities to approach new markets. But it is a complex area and, in its current form, the proposed regulatory framework carries many risks to charities that are yet to be resolved. Greater understanding of how centralised legislature might work in practice is key and charities are urged to follow developments closely.
More regulatory briefings:
To read up about other key areas of legislatory reform and development and how they might impact your organisation, click on the links below:
- VAT - Unification of VAT legislation could be the sector’s chance to tackle the estimated irrecoverable VAT bill of €6 billion once and for all. Read more.
- European Foundation Statutes - a specific tool developed to help foundations better channel resources across borders, helping to promote and facilitate cross-border philanthropy. This is particularly important as it is the first time that there will be one central EU definition of charitable foundations and purposes. Read more.
- Single Euro Payments Area – SEPA is nothing new for cross-border payments in the eurozone, but the need for all these nations to meet SEPA requirements in regular domestic transactions from February 2014 is already having an impact on charities. Read more.