As technology has advanced, the fundamental right to privacy has gradually evolved to encompass a right to protection of personal data. The coming years will undoubtedly see the spread of laws protecting such data. The European Union, for example, already adopted its General Data Protection Regulation. What are the implications when these protections intersect - or even conflict - with other rights? The question is not an academic one for many civil society organizations (CSOs). CSOs, for example, enjoy a fundamental right to access resources, but what happens when data protection regulations improperly restrict that right? When and how can CSOs use personal information of supporters?
ECNL’s paper on Data Protection Standards for CSOs (available here) helps to identify how the right to privacy interacts with CSOs’ right to fundraise. It provides general guidance as to the application of data protection standards to CSOs’ fundraising initiatives. By canvassing existing international, regional and domestic data protection and privacy laws and policies, the paper explains at a high level the ramifications of data protection standards for CSOs, with a particular focus on how data protection standards may protect or constrain CSOs’ right to fundraise.
Why should your CSO care about data protection?
The data that many CSOs hold – for example,information on existing or potential supporters - may be of interest to any number of malevolent actors, including non-state actors. The responsibility to protect their donors and supporters lies at CSOs. At the same time, CSOs can rely on data protection laws to defend against protects CSOs from arbitrary and unlawful surveillance. Privacy and data protection obligations may have a broad range of implications for CSOs which be felt both as CSOs carry out their core functions, as well as when they conduct fundraising to support those functions.
Why now?
The European Union’s General Data Protection Regulation (“the GDPR”) will go into effect in May 2018, considerably strengthening data protection in Europe. The GDPR expands individuals’ rights, extends the role and enforcement powers of data protection authorities and places a stronger burden on data controllers to be transparent and accountable to individual data subjects.
Why does it have global relevance?
Nowhere is the march of new data protection regulations more evident than in the EU, but since the GDPR applies to all entities that process EU citizens’ data, its consequences will likely affect all CSOs, even those based outside of the EU.
Want to learn more?
Read ECNL’s paper on Data Protection Standards for Civil Society Organisations and consider its recommendations or check out its summary:
The report fits into ECNL’s endeavors to create better standards for fundraising by creating global guidelines and a toolkit on the minimum standards and principles of fundraising regulation and self-regulation. To ground this process ECNL has already published comprehensive study (The Regulatory Framework for Fundraising in Europe) comparing the legal framework for fundraising in 16 European countries.
To get informed about the developments follow us on twitter @enablingNGOlaw and look for #standards4giving.
This report is wholly financed by the Swedish International Development Cooperation Agency (Sida) and it was conducted as part of the ‘Sustainable Frameworks for Public Fundraising: research and guidance’ project, managed by the European Center for Not-for-Profit Law (ECNL). The project is made possible by the International Center for Not-for-Profit Law (ICNL) through the Civic Space Initiative.