The ICO today announced that 11 charities are being fined for abusing their donors’ personal data over a number of years, among them some high-profile names such as Great Ormond Street and Oxfam.
ICO have a good overview of who they fined, and why, but I wanted to touch on the bigger picture briefly. Fining charities has some fairly obvious ethical implications; these aren’t organisations that are out to make a profit, they’re there for a social good, and the money that will pay these fines was donated by people who expected their money to fund these charities’ work.
On the other hand, the people who gave up their personal data along with their money have a set of fairly common sense rights enshrined in law, which derive from our Article 8 right to respect for private and family life. On balance, the argument that charities should be immune to financial penalties seems to be an argument that the ends justify the means, and so I can’t say that I find it all that persuasive – as much as I admire the work that these organisations do.
Longer term, the ongoing damage to these charities is likely to be reputational rather than financial. Many donors will, rightly in my opinion, feel aggrieved that their support was rewarded with secretive (and ultimately illegal) background checks and cross-referencing. As always, complying with data protection isn’t just about the law, it’s about the trust between individuals and the organisations that they engage with. Working within the guidelines set by data protection law doesn’t just avoid financial penalties, it’s a fantastic step towards building sustainable long-term trustworthy relationships.
On balance, we should probably be welcoming today’s action. Partly for protecting the rights of donors, but mostly because in the long term these trust-breaking practices will make it harder for any charity to build positive relationships with their supports.
At the University of Southampton’s Meaningful Consent Project, we’re trying to understand trusted, consentful relationships – and helping to design the tools and infrastructure that will help build them . For a real-life example of consent management infrastructure, check out consentua.com