Consenting adults

Around two months ago, the Etherington Review into charity fundraising and governance published a series of recommendations about the way the sector should be run. The most eye-catching and ridiculous is the Fundraising Preference Service, which I wrote about at the time. The reaction to the FPS from charities has been almost universally negative, with a series of articles appearing in charity publications and on charity websites, all condemning the idea that the public should be able to stop communications from charities.

There is nothing in Data Protection, the Privacy and Electronic Communications Regulations (PECR) in general or the Telephone Preference Service (TPS) provisions in particular that stops a charity from contacting a person who wants to be contacted. The FPS is non-statutory, and so cannot change it. Since 1995, Data Protection law has been built on a requirement that any contact based on consent requires a freely given, specific and informed indication of the subject’s wishes. That’s what the Directive says, so any claim that somehow the upcoming DP Regulation represents a significant shift in how consent works is exaggerated. The problem for some charities is they have ignored this. When I make a donation, that is a freely given, specific and informed indication of my wish to make that donation. If the charity wants to call me, or text me and rely on consent, they need a freely given, specific and informed indication that I want to be called.

The current practice of charity posters that ask for a quick £3 or £5 text donation for a specific cause are a classic example of how this doesn’t work. Yes, there is minuscule small print on the poster that indicates that further calls or texts will be made and I can opt-out, but unless one has carried a magnifying glass onto the Tube or into the toilet cubicle, the text is impossible to read, and easy to overlook. Many charities using the one-off donation technique seem to be doing so to harvest mobile numbers for fundraising calls. In Data Protection terms, this is unfair and does not represent consent (breach of the 1st principle); in PECR terms, if the number is on the TPS, the charity has not obtained consent and any calls made to a TPS registered number harvested in this way will be unlawful.

An article in Civil Society published shortly after the FPS proposals were first mooted contains this key quote:

The idea is that members of the public would be able to simply and easily add their names to a “suppression list” so they would not be contacted by fundraisers. Rather than rely on charities using the existing mail and Telephone Preference Services, the FPS would allow you to put a stop to all contact with charities.

The TPS already allows you to put a stop to all contact with charities by phone, along with everyone else. Charities are not unfairly discriminated against by the TPS, any more than any other sector might be. The TPS is a blunt instrument, but it is a fair one. The fact that charities see the FPS as being a problem suggests to me that they either don’t understand the TPS (they believe the donation = consent nonsense), or they think they can ignore it. Civil Society reported at the end of October that the Institute of Fundraising (which represents, remember, organisations that make money out of fundraising, rather than charities themselves) was changing its guidance in line with the expectations of the Information Commissioner’s Office. The IoF nevertheless claims that this change (i.e. complying with PECR) “unduly” restricts the ability of charities to “maintain relationships with their supporters“.

Donation = consent isn’t the only myth that has been propagated. Civil Society’s David Ainsworth claimed a few weeks ago that all the blame lies at the door of the ICO (and that’s often a valid argument). The problem is, the story isn’t true. Ainsworth said “In 2010 David Evans, a senior data protection manager at the ICO, explicitly told charities they were allowed to call people registered on the TPS, so long as they received no complaints. Just in case there was any doubt, this was followed up with official guidance which effectively said that the ICO did not intend to apply the law to charities.” I asked Ainsworth on Twitter if he could provide evidence that this is what the ICO said. All he could provide was a note written by the Institute of Fundraising, who are hardly objective. But even that note contradicts Ainsworth’s article, stating the TPS position clearly, with only a little bit of nuance.

TPS regulations ‐ any person registered on the telephone preference service (TPS) cannot be called unless they have advised the calling party that they are happy to receive calls. In practice, a charity might judge that, given the nature of the relationship between them and the supporter, they might be able to make a marketing call to that subscriber despite TPS registration.

In truth, what Evans said is a line I have heard many times from different ICO people – if a data controller thinks it has consent, acts on that consent, and crucially, the ICO doesn’t receive any complaints, then they probably had consent. In other words, the ICO won’t act on complaints it hasn’t received. The ICO did not give charities an exception. Should any charity have bothered to investigate, they would have found that ICO has no power to do so. The problem was, as Christopher Graham told Parliament last month, there were thousands of complaints about charity direct marketing, but they were all going to the Fundraising Standards Board, a self regulatory body that regulates the Institute for Fundraising’s code. The FRSB did not pass any of the complaints on to the Information Commissioner.

**UPDATE: originally, this blog said that the Fundraising Standards Board was ‘run by‘ the Institute for Fundraising, which was poorly worded shorthand, treating the IoF as if they are the embodiment of fundraisers and charities. The FRSB is a membership body, paid for by its members (who are charities and fundraisers), and its role is to act as a self-regulator for the Code of Fundraising Practice drawn up by the IoF. I don’t believe that the FRSB is properly independent of the Institute for Fundraising not least because they ‘enforce’ a code written by the IoF, and which was legally inadequate. I’m not the only person who thinks this: post-Etherington, the FRSB is being abolished, and responsibility for the Fundraising Code is being transferred to a new regulator. The IoF’s Chief Executive welcomed the new regulator’s creation (tacitly welcoming the abolition of the FRSB), and recognised that moving the Code from the IoF to the new regulator was necessary to avoid the perception of a ‘conflict of interest‘.**

The biggest barrier to charities accepting legal reality – either by complying with the TPS, or with some workable version of the FPS if such a thing is possible – may be the fact that some in the sector don’t really believe in consent at all. Matthew Sherrington, a consultant writing in Third Sector this week, wasn’t exactly subtle: “The awkward truth, which is difficult for charities to argue publicly, is that the generous public (the UK is the most generous in Europe, as it happens) do not give off their own bat, but need to be asked” (my emphasis). The same argument was made by Ian MacQuillin, blogging on behalf of Rogare, a fundraising think tank: “Everyone knows that most people give because they are asked to do so” and later on “I suspect that the FPS would be used not just by people who really are on the receiving end of such a deluge of fundraising material that it was making their lives a misery; but more by people who want to spare themselves the difficult choice of deciding how to respond to a donation request, and the guilt and cognitive dissonance that results when they say no“. The thinking that runs through both articles, and others, is that fundraisers must be able to ask, that the potential donor / prospect / target (which is what we all are to the fundraiser) should not be allowed to opt-out of being asked. We should have to listen to the pitch, and should be forced into the awkward, embarrassing (or in MacQuillin’s word) guilt-ridden option of saying no. There is, in this world, something inappropriate, even immoral in having a choice about whether to be approached in the first place.

**UPDATE: I have had a long Twitter conversation with Matthew Sherrington. He hasn’t put a comment on the blog (which he and anyone is welcome to do) but he thinks I have misrepresented what he said about consent and marketing, and I think that I should mention this. I stand by my comments above, but I’m linking to his article again here so you can read it and make up your own mind about what he says.**

It’s possible that fundraisers and consultants genuinely don’t understand the TPS, don’t understand that it’s already supposed to be possible to opt-out of every marketing phone call, or that texts and emails are opt-in in the first place. Fundraisers see widespread abuse of PECR and Data Protection, so assume that it’s all fine and that daft proposals like the FPS represent unfair singling out of the charity sector. At this point, it is fair to criticise the Information Commissioner for their generally insipid enforcement. I think there is also a sense of entitlement among charities (which is one thing, as most charities have a clear public interest objective), but also among fundraisers (who are, in the main, just private businesses making a profit). There are no exemptions. There is no charity carve-out or defence. The European Data Protection Directive, from which everything in UK DP and PECR law is derived, makes clear that charities are included along with everyone else. It’s in article 30, if you’d like to check.

In amongst all of the anger and self-justification available in the charity press, one article in Civil Society also caught my eye: “Trust in charities is at its lowest point since 2007, with charities now less trusted than supermarkets“, according to a survey carried out by npfSynergy. Some might blame the Daily Mail and Camila Batmanghelidjh, but purely anecdotally, on every training course about direct marketing that I have run in the past five years, the main examples people come up with for poor quality, persistent, sometimes rude marketing calls are either PPI or charities. Fundraisers and charities alike need to ask themselves if they want to be in company with spivs and spammers. Rather than try to rewrite history, or the law, or continue to adopt an approach based on pestering and guilt, perhaps the big charities should look at a business model that is bringing them into disrepute. There is a real question about how they raise funds without marketing calls and other contacts to people who don’t want to receive them but the only solution to this is to get PECR and the DPA amended to remove charities from the marketing requirements, but as this would deprive the public of their existing rights and mean that the UK is in direct breach of EU law, I doubt they’ll get very far. I still think the Fundraising Preference Service is unnecessary in the light of existing provisions, but if it is implemented in some meaningful form, and finally gets the message across to the most unrepentant of charity spammers, maybe I’m wrong.

King Canute famously stood in the waves and ordered back the sea, but only to show that his powers were limited. Some charities and fundraisers are up to their necks in water, but think that they have the ability and the right to turn the tide of history. If they don’t wise up, they will drown.