Or: “How I Learned To Stop Worrying And Love The GDPR”
It’s almost inappropriate for a generic term like “data” to become a buzzword. But, it’s 2018 and, well… here we are.
And what a time it is to be alive, because we’ve never had so much access to so much information, and so many different ways to interpret it. On the flip side, your personal digital footprint has never been so identifiable. It will only develop more nuances with every click.
On the plus side, there are many merits to analyzing your data. Research gives us the opportunity to fine-tune our campaigns and our external messaging. In contrast, relinquishing your data ownership can have serious consequences when not considered carefully.
On many occasions, several third parties have asked Click & Pledge to take part in “data dives.” These are events when many parties collectively analyze their data sets to identify business trends on the macro level. And every time, we say, “No, thanks.” That’s because participation in a data dive implies a sense of ownership by the involved parties. Here’s why we think that’s a problem.
The Perceptions (And Misconceptions) Of Privacy
Unfortunately, most people don’t take the time to read what’s actually in those Privacy Statements and Terms Of Use. One could assume it’s because they’re usually too long and full of legalese. But I put forth there’s a more sinister reality. Too many of us have become complacent with letting others use our digital data in exchange for their products and services. This is especially concerning for nonprofits, as stated in a recent review from Stanford University’s Center on Philanthropy and Civil Society:
“The nonprofit sector has largely had to compromise its values, often unwittingly, to fit the default commercial offerings of these digital platforms and tools, and has only occasionally been able to leverage any collective power to develop and maintain digital tools that align with its values. Even then, the sector’s reliance on commercial and public digital infrastructure compromises the sector’s cherished sense of independence.”
There’s a lot to unpack there. I’m willing to wager that not a lot of people know how their fundraising software providers use and keep sensitive information. So let’s use a couple of real-life examples to show how some fundraising platforms treat your donor data.
Behind The Legalese
Example 1
Here’s one from what we’ll call Platform A. Like an episode of Dragnet, the privacy policy you are about to see is true. The name has been changed.
“The information that you provide is used only to complete your donation, provide you with a donation receipt or, upon request, provide you with a donation history.”
OK, so far so good. Platform A says in its Privacy Statement that a donor’s information is explicitly used for processing purposes. But let’s take a look at Platform A’s Terms Of Use, shall we?
“Except as provided herein, all User Data shall be deemed to be jointly owned by [Platform A], and you… [Platform A] may use Individually Identifiable User Data for statistical analyses and internal business purposes such as identifying fundraising trends.”
So, not only does Platform A disclaim its Privacy Statement in another Web page, they also claim to own your donors’ data.
Example 2
Now let’s take a look at Platform B. Again, this is copied from a real service agreement:
“You own Your data.”
BUT…
“You grant to [Platform B] and its suppliers a nonexclusive, fully paid-up license to use, reproduce, store, modify, and display Your Data.”
That term — “nonexclusive” — comes up a lot in other statements. It means that if Platform B decides to share your digital data with another third party, you waive your ability to withhold consent.
And here’s what’s equally concerning about this whole thing: Out of the dozens of Privacy Statements we reviewed, there were several other examples where a platform didn’t explicitly state anywhere on its website which entity retained data ownership. At its best, this is a thoughtless practice. At its worst, it’s shady, legally problematic, and potentially unsafe.
We mention this because it’s important for organizations to consider their own standards and practices, yet so few of them actually do. If you’re using a platform that contains clauses like the examples in their Privacy Statements or Terms Of Use, would you be OK with that? More importantly, would your donors be OK with those practices?
How Click & Pledge’s Privacy Statement Is Different
If you’re a frequent visitor of the blog, you’ll remember that we’ve talked about using your organization’s donor data to shape your fundraising strategy. So why are we so gung-ho about not using that data as part of a data dive? Because it’s not ours.
There are essentially two ways to collect data, and we’ve covered this before during our Facebook Live BeeP series. A Data Controller is an entity that collects and owns data for its own use. On the other hand, a Data Processor collects and stores data on behalf of another party. Click & Pledge is an interesting example, because we sometimes act as the controller, and at other times act as the processor.
When someone visits clickandpledge.com, we act as the Data Controller. For example, we use Google Analytics to monitor what pages on our website are most popular, and use that to determine what type of content to produce for the blog. But when an organization uses our products to accept an online donation, we act as the Data Processor. So when someone makes a donation to your nonprofit, we process that information and deliver it to you for your records.
So, respectively, there’s the data we collect for ourselves, and the data we collect for your organization’s purposes. When it comes to the latter, our policy is absolute: We do not own your data. Period. We never share your donor data with anyone unless it’s absolutely (often legally) essential.
Why? Because we believe it’s the right thing to do. Because we believe it’s better to be absolutely transparent about this, rather than hiding disclaimers in our Privacy Statement. Because we believe in the power of choice. When you use our Donor Management app, or our Facebook Ads integration to promote your donation page, we do so by giving your organization full ownership of its data, and the choice of whether to take full advantage of those features.
To be clear, we aren’t condemning the general practice of data-diving. We just believe that every Cause is different, and each organization should have the ability to choose whether they want to be a part of it, or not.
A New Age In The Digital Era Is Here
We started thinking a lot about this topic about three months ago. That’s because the General Data Protection Regulation (GDPR) is now in effect for anyone who does business in the European Union. In short, the GDPR is the reason your email inbox was recently flooded with privacy policy updates. But its importance cannot be emphasized enough; the GDPR is the single-most important effort to protect Internet users’ privacy in the last two decades.
Complying with the GDPR was a headache for multiple parties, and will continue to challenge data processors for months to come. But that’s only one side of the story. The GDPR was also an opportunity for those parties to be more transparent with their audiences; a chance to get gritty and honest with the way they handle sensitive information.
In the aftermath, multiple corporations and public entities will still choose to hide behind the veil of a complex legal disclaimer to avoid the tough questions. We just decided to be different.
