When the Daily Mail launched a campaign to clean up fundraising, charities knew it was a game changer. They now face a stricter regulatory world; one where ensuring people want to receive marketing communications is paramount.
The recommendations turn on tighter permissioning restrictions and enabling people to easily say no. These are key parts of both the Etherington Report and the Institute of Fundraising’s (IoF) new code of conduct.
The Etherington Report, accepted in full by Government, calls for charities to fully review how they use donors’ information. They must also take steps towards adopting ‘opt-in’ only in their marketing communications.
Critics argue an ‘explicit consent’ regime would disadvantage charities, with other sectors still able to rely on ‘unambiguous consent’. Etherington contends ‘opt-in’ is likely to be enforced for all, under forthcoming EU data regulation reforms (GDPR) and therefore charities should lead the way. He accepts it will be challenging, but states: “fundraising needs to move above and beyond regulation and compliance, from simply just doing things right to doing the right thing”. The issue of consent is still hotly contested in the GDPR negotiations, so not a done deal yet.
So if they don’t have to, organisations may be reluctant to jump ship now to an overall ‘opt-in’ approach, uncertain of the size of the impact and wary other charities may not follow suit.
The IoF report takes a less strident approach in its updated Code of Fundraising Practices. It recommends opt-in for data sharing only (although under PECR it would, of course, still be required for email marketing). It says charities should be banned from selling supporters’ data for commercial gain, and says an individual’s data should only be shared with third parties if that person has specifically given permission for them to do so. Even this move has elicited a hostile response from marketing data agencies, leading to claims it will severely damage fundraising and wipe out data pools completely.
Whether universal opt-in or just for data sharing, change is inevitable. Organisations need to re-evaluate how they view data. The culture of volume is everything needs to be replaced with quality not quantity; a concept that some argue has fallen on deaf ears for too long. Organisations need to accept properly managed opt-in needn’t be catastrophic. Jenny Moseley, director of the data protection compliance consultancy, Opt-4 says, “the move to opt-in will result in more people giving consent to be contacted by email but few consenting to being contacted by phone.” She believes direct mail consent rates will remain more or less unchanged.
Standardised clear permissioning statements with minimum font sizes are also on the cards. The IoF says donors require increased transparency in order to manage their preferences, taking control of the fundraising communications they receive.
This plethora of new rules leaves charities looking to a future of depleted fundraising coffers. The ban on calling donors registered with the TPS, unless specific consent has been gained to do so, will see thousands of numbers wiped from call lists.
In a potential reprieve for charities, the call for a Fundraising Preference Service (offering the public the ability to specifically opt-out of charity fundraising calls and direct mail) is proving problematic. Information Commissioner Christopher Graham says it will lead to more confusion and be virtually impossible for the ICO to enforce. So it looks like it may lack the teeth Etherington might have hoped for.
The swathe of negative publicity has damaged the reputation of the whole charity sector, and full-scale change is inevitable. Many observers wonder why this hasn’t happened sooner. Complaints departments have long listened to stories of vulnerable and elderly people aggressively targeted for charity donations, especially during the festive season fundraising bonanza.
Nobody disputes that for too long bad practice has gone unchecked, so what will happen in the new world of charity compliance? Etherington and the IoF agree tough sanctions are essential for future transgressions. Organisations could face naming and shaming (with charities especially vulnerable to reputational damage), being forced to undertake training and could even be banned from specific marketing methods. The success of a new regulator remains to be seen, but the Government has made it clear failure will lead to statutory regulation. Something no one wants.
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.