Sir Stuart Etherington’s report on “Regulating Fundraising for the Future” included the recommendations for the creation of a Fundraising Preference Service (“FPS”).
The initial proposal for a “big red button” – which would have stopped all charities from sending fundraising communications to an individual who signed up to the FPS – has been changed significant by the final decision of the Fundraising Regulator’s Board in late November 2016:
Importantly, the Fundraising Regulator also highlighted that the FPS opt-out will have the statutory force of a Data Protection Act Section 11 Notice to cease direct marketing. This prompts two questions: what is a Section 11 Notice, and how will the GDPR affect this in May 2018?
Section 11 Notices
These Notices have been around since 1998:
“An individual is entitled at any time by notice in writing to a data controller, to require the data controller to cease, or not to begin, processing for the purposes of direct marketing personal data in respect of which [they are] the data subject.”
This is the “right to prevent processing for purposes of direct marketing” – i.e. the right to object to receiving Direct Marketing. This is where we get the term “opt-out” from – because people have a right to object to (opt-out of) receiving Direct Marketing.
So if you are already managing opt-outs, the FPS should not be a big issue – the major change will be that the Fundraising Regulator (rather than the individual themselves) will be asking you to cease sending direct marketing.
The GDPR develops the rights to object to direct marketing. Article 21 states that individuals still have the right to object, but adds an obligation on organisations to “explicitly” bring this right to the attend of the individual, regardless of the communication channel you are using. This must be done in a manner that is “clearly and separately from any other information” and “at the latest at the time of the first communication” with the individual.
The important points to note are:
1. The Fundraising Regulator is lining up behind the ICO to ensure the FPS can be enforced with legal weight behind it. This is because a failure to adhere to a Section 11 Notice is a failure to adhere to individuals’ rights – which is a breach of Principle 6. This is a tacit recognition that everything about the FPS (and, it could be argued, large parts of all fundraising activity) focus on the collection and use of personal information – and this is the domain of the ICO.
2. This focus on the ICO is part of a pattern. The ICO issues their first fines for non-compliant fundraising practice in early December. And from 30 December 2016 ownership of the Telephone Preference Service (TPS) was transferred from Ofcom to the ICO. These recent developments again highlight the importance of the ICO, and of compliant data protection and privacy regulation, for any fundraising or direct marking activity.
3. All fundraisers will therefore need to have clarity on how they are compliant: clarity over the Direct Marketing purpose they wish to collect and use personal information for; clarity on the lawful basis that justifies this activity, and clarify in the privacy notices and policies they use to inform individuals.