Regulation: Data Accumulation And Use

Why federal privacy legislation is important to nonprofits

Consumers are rightly concerned about the data that marketers and others collect about them and how it’s used. Most Americans have a large online part of our lives. People know from the ads they see and stories in their news feeds that they are being tracked and data is being collected about their actions.

All sorts of entities are using that information, for all types of purposes, good and perhaps bad.

Direct marketers have used data for decades to deliver messages that match the consumers’ interests. For example, new parents benefit from discount offers on baby items, and weekend athletes would appreciate receiving offers of running gear.

Nonprofits also use consumer data to bring messages to consumers who are most likely to support their causes. If a consumer has expressed interest in getting information about protecting the environment, they might be a good contact for an organization working to protect wildlife. A nonprofit promoting healthy living might look to contact seniors who want information on healthy eating. Having access to information on consumers’ interest areas lets nonprofits reach the right audiences and avoid sending messages to people who aren’t likely to be interested.

The nonprofit world has been through a few periods like this – when consumers want to limit access and have more control over what and whether they receive communications in their mail box or inbox or by phone. We are now at a new, critical moment that will define how nonprofits will be able to talk to the public about the important issues organizations are addressing.

Why is access to consumer data important to you? Both online and offline data is the key to finding those people who will support you in the most cost-efficient manner.

Most nonprofits with larger direct mail programs are using the popular co-operative databases called “co-ops.” These databases contain billions of transactions and thousands of data points on tens of millions of consumers. Modelers use these data points to create prospect groups, to identify potential higher gift donors, to help reactivate lapsed donors, and new uses for data are happening all the time.

The same is true in nonprofit Internet communications. The same types of data are collected about your donors and prospects in their Internet activities along with a host of new data. How long you spend looking at something is an example of that data. The digital and traditional data collected about consumers can be combined to improve the effectiveness of both new and old media efforts. If nonprofits lose access to consumer data, fundraising appeals will be less targeted, the cost of fundraising will increase, and fewer dollars will be available to support programs.

Regulation of Internet data collection and usage is already underway. The risk is that it will be overly focused on the concerns of the very largest online companies, and smaller organizations like most nonprofits will be impacted by laws that didn’t take into account, or even understand, how nonprofits operate online.

Following the enactment of the General Data Protection Regulation (GDPR) in the European Union, California passed the California Consumer Privacy Act (CCPA) in 2018. While this law doesn’t apply to nonprofits, it will likely have a serious negative impact on your ability to reach consumers in the nation’s most populous state.

As this is being written, 19 states are working on similar laws. Marketers are hoping reasonable federal privacy legislation can be created. Federal law overrides local and state laws, and a good federal Internet privacy law would provide a single national set of requirements rather than dozens of state-by-state laws to which you and your suppliers would have to adhere.

By the time you read this, the discussion on this issue will likely be very active in Washington, D.C. There’s already action. A number of representatives have outlined various positions. At least one bill has been proposed in the U.S. Senate and legislative committees have addressed the issue. There’s bipartisan interest in creating federal regulation. There’s a lot of variation in what’s being proposed and a considerable amount of misunderstanding about the ways nonprofits and their commercial partners gather and use consumer data.

It’s no surprise the largest online platforms are playing the central role in the discussion. The largest companies are the ones politicians are focusing on, apparently not considering that virtually all Internet activity will be impacted by regulation. Facebook, Apple, Amazon, Netflix and Google (sometimes called the FAANG companies) are spending huge sums to lobby Congress and push their positions, which are very different from the interests of nonprofits.

The largest difference is the very nature of how a consumer uses those platforms. A consumer joins Facebook or Netflix or Gmail. Some are free and supported by advertising. Some charge a monthly fee while some sell products. All require that the consumer enter personal information to access an account profile and change the settings, such as name and address, interest, payment information and such, when they wish. The user clicks “Accept” on the Terms and Conditions without ever reading them, thus giving the platform permission to collect and use data in a wide range of applications.

Nonprofits don’t have that kind of online database relationship with their donors, members, volunteers, advocates, and other engaged people. Your database isn’t open to the public to view and change. It’s a more traditional marketing platform from which you drive a primarily “one-sided” conversation. You almost entirely speak to your donor online or offline, and they respond or don’t. A few contact you with questions or concerns, but only a small number.

The FAANG-type platforms enjoy the luxury of consumers who seek them out and join, wanting to use their free services or buy their products. Nonprofits that use the Internet for promotion are almost always sending messages to prospective supporters who probably didn’t actually request the communication, much as charities always sent acquisition direct mail to prospects who haven’t asked to receive it.

This contradiction is referred to as opt-out marketing versus opt-in. The consumer who creates a Gmail account opts in. Consumers who respond to a nonprofit’s communications are also opting in. But when you first reach out to them as prospects, they have only had the opportunity to opt-out by joining a “do not solicit” list such as the one most non profits and their suppliers use in direct mail.

But, wait. Can’t nonprofits avoid any impact here if the federal regulation exempts them, as the California law does? Unfortunately, no they can’t, because the promotions nonprofits are doing online and offline are very dependent on the data their commercial partners know about consumers.

This data collection is going to increase in importance as the world migrates to digital communication. Just like when you use a particular mailing list for acquisition to target consumers who appear interested in your mission, your online efforts are also delivered to consumers who are the most likely prospects to support your cause. Many data points indicate who are the best prospects for your appeal.

The consumer’s interest in causes like yours, how active they are online, their age, income and education are just some of the data points that your providers use to create audiences for your messages. While nonprofits might be exempted from regulation, their service providers won’t be, and the ability of those providers to create the greatest impact from your investment in online (and offline) marketing will be greatly weakened.

The first major challenge is making sure legislatures understand the environment the giant FAANG platforms and their lobbyists are defining isn’t the same environment you work in, and that legislation will impact everyone, not just the biggest players.







There are many aspects that need to be addressed in a good regulation that will endure. Here are some of the issues for nonprofits:

  1. Opt-in versus opt-out. Different proposed regulations are based on one of these or the other. Opt-in is a disastrous concept for nonprofits. In your traditional direct mail fundraising, you honor a donor or prospect’s right to optout of receiving your appeals. If you had to have their permission before sending an appeal (opt-in), your audience would virtually go away. Not many people take the time to opt-out and even fewer take the time to opt-in.

This same concept applies to data collection on the consumers who support causes or are prospective supporters. Having data on consumers lets nonprofits target messages (and budgets) to the right individuals. If you and your commercial partners don’t have access to this data, your digital and direct mail performance and impact will decline. In promoting opt-out versus opt-in, the nonprofit community should always support the consumer’s right to say “Do not contact, or collect data, on me.”

  1. The right of the consumer to know what data is collected and how it is used or shared. This is a good concept and nonprofits support the rights of the consumer in this matter.

Many in the nonprofit community are recommending that this information be in generalized categories, rather than Continued from page 11 specific data points and uses applying to each individual consumer. That is to say, the consumer has a right to know the types of information that nonprofits collect, how it is used to target appropriate messages to each consumer, and the types of organizations with which the data might be shared.

Being required to tell a specific consumer exactly what data you have and exactly how you’ve used it over time would be a large task that will take funds away from the mission your organization works to achieve.

  1. The right of the consumer to see and change the data you collect about them. Not all nonprofits are ever going to develop the kind of interactive platforms that Amazon or the Apple Store offer, where you can simply log on and change your address or how your name is spelled. You need to have the option to address these requests in a more traditional manner, where the consumer contacts you in one way or another and you make the requested changes in your database.

Your constituent relationship management (CRM) platform is not going to become an open platform in the near future, and regulators need to recognize this and make accommodations for it.

  1. Penalties for non-compliance need to be determined in each case, not in the law itself. Some proposals have included a hard dollar amount per consumer effected in the event of a breach of privacy, such as a hacker gaining access to a database. Amounts such as $1,000 or more per consumer have been used. (There are more than 300 million “consumers” in America.) Many people believe potential penalties should be decided by juries, judges or other impartial parties and not written into the law.

Getting a good federal privacy law in place will be beneficial to the nonprofit community. The consumer needs to know we are all concerned about and respectful of their right to privacy and to have their right to choose the communications they receive.

Protecting those rights in a manner that also lets nonprofits gain public support is what a good law will preserve. Right now it’s critical that nonprofits support efforts to get a good law enacted. Not just a law that works for the giant online platforms, but one that protects the smallest nonprofits as well.

Stephanie Ceruolo is senior vice president and general manager of Nonprofit Solutions at Infogroup. Her email is [email protected]. Larry May is senior vice president of strategic development for Nonprofit Solutions at Infogroup. His email is [email protected]