Donor Privacy

Proposed data protections in the European Union have charities on the other side of the pond panicking. The changes include making opt-in consent mandatory for telemarketing and direct mail (currently opt-out), banning the tracking of IP addresses and the deletion — rather than the suppression — of email users who have opted out. The proposed changes, if approved, would go into effect in 2017.

The changes were first proposed in 2012 as a way to give consumers more control of their data, according to Andy Taylor, a consultant with U.K. firm The Desired Effect. “A laudable goal, yes, but how it hopes to achieve this could make it less likely for donors to get a good and relevant experience from the charities they support, make it harder for us to tell them how their money is spent and drastically limit the number of people we can ask for support when we need it the most,” wrote Taylor in a report titled “The European Union and Data Protection: The Biggest Challenge in Fundraising for a Generation?”

These issues, however, don’t register as strongly with U.S. nonprofits, even those that mail to the E.U., according to Rachel Thomas, vice president of government affairs for the Direct Marketing Association (DMA). “When I talk to nonprofits about the issues of greatest concern, the top two are maintaining the charitable deduction and saving the postal service, keeping mailing rates low,” she said. “When I start talking about data privacy, security, I get a lot of blank stares.”

Taylor posits that requiring an opt-in for telemarketing and direct mail, as well as email or SMS (currently required to be opt-in or a soft opt-in) could result in a “loss of up to 50 percent in numbers” for third-party list rental services. While those that do opt-in will most likely be more responsive, “payback and a positive ROI comes from keeping new donors, and then having them give again. Even the most responsive and generous new donors might be off limits because they would have to give consent again to your charity, and they’re probably less likely to do that under new laws, than they were not to opt-out,” wrote Taylor.

Also on the table could be deletion of data if the recipient asks for it. A recipient could ask the charity to stop contacting them, but in the future suppression files might be illegal. “The result? We’ll contact them again — not great for our reputations to say the least, and certainly not great for the donor,” according to Taylor.

While the proposals are not law, Taylor suggested using the time between now and 2017 wisely. “With so much depending on explicit consent, it’s here that efforts should be focused,” he wrote.

Chief among efforts should be “testing how to get consent in a way donors will understand and accept,” wrote Taylor. “Partly it will be a matter of creativity, of finding the right words and the right tone that will make donors say ‘yes!’” Easier said than done, however; imagine trying to make the case in one sentence for allowing your organization to use their IP address, Taylor wrote.

Another tactic is to prepare for a rush of email recipients asking to be deleted from your system. Make sure everyone in the organization knows how to do this. “A donor won’t always ring a supporter care number,” wrote Taylor.

Of concern to Thomas is the E.U.’s potential targeting of Safe Harbor programs. E.U. law prohibits the transfer of data of European citizens to countries deemed not to have adequate data protections, of which the U.S. is one. But safe harbor programs allow companies and nonprofits based in the U.S. to be rated as adequate individually.

“That program been around a long time, and is absolutely vital for fundraisers to grow donor base in Europe,” said Thomas. “It is very much a concern that the Europeans are questioning that it’s a viable program.”

Taylor recommended that EU-based nonprofits and U.S.-based nonprofits that mail to the E.U. track the issue, but not make any changes to their operations unless and until the proposals become law. NPT