Fundraisers and data protection experts appear to have very little common ground on which to talk about ICO’s recent enforcement action. Ian MacQuillin suggests the gulf between the two could be down to different philosophical approaches.
There are three types of people in the world: those who support charities, those who don’t (either through some point of principle or because they are unable to) and those who benefit from the goods and services charities provide. You are at least one of these and you could also be a combination of two of them. Now, suppose you didn’t know in advance whether you were going to grow up to be a charity supporter, someone who chooses not to support charities, or a charity beneficiary, only that you stood some chance, of being at least one and possibly two. How might this influence the sort of society you would want to grow up in?
If you knew you were going to be someone who was going to rely on the support, help and services provided by a charity, how would you want charities to be regarded in that society?
You’d probably want to ensure that you had access to those charities that could help you and they weren’t actively prevented from helping you. You’d probably want them to be able to speak up about anything wrong in society that was affecting your situation. You’d also almost certainly want them to have the resources to be able to help you. And if the only way you could get those resources was to go and ask the rest of society to voluntarily give them, then you’d probably want to make it as easy as possible for a charity to be able to do that. You also probably wouldn’t want those who chose not to give to charity to make it harder for those who do give to be asked to provide those resources.
You might already have recognised this as a variation on John Rawls’s ‘original position’ thought experiment (see here for a more detailed explanation or here for a an animated video), which the American moral and political philosopher described in his highly influential 1971 book, A Theory of Justice.
In this thought experiment, representatives of citizens are asked to draw up from scratch (the original position) their ideal, just, society. But they do so from behind a ‘veil of ignorance’, not knowing which groups of citizens they are representing (educated, talented, downtrodden, unemployed, faith or non-faith, property owners, high or low earners, etc, or, indeed, charity donors or charity beneficiaries). Under such circumstances, would you risk designing a society that had, say, inbuilt inequalities, such as mechanisms that resulted in two per cent of the citizens owning 95 per cent of your society’s wealth, if you might end up suffering significantly because you’re one of the 98 per cent scrabbling for a sliver of the other five per cent? Would you design a society that limited the freedom of speech of a particular faith if you didn’t know whether you might end up being told to keep your gob shut because you’re a member of that faith group?
The original position thought experiment is designed to lead you to consider what, from behind the veil of ignorance, and thus divested of all vested interests, would be the fairest, most just, society.
And so to the charity context: What kind of system for controlling and regulating charities would you help design if you didn’t know when you were taking part in this process whether you were representing donors, non-donors, or beneficiaries, or which of those you would end up being?
Fundraising regulation in the original position
I first conceived this blog earlier this year thinking about the Fundraising Preference Service in its original form of having the ‘big red’ total reset button. The point being that if you were in the original position (charity edition), would you be advocating for a system in which one half of society could opt out of being asked to voluntarily help the other half, if you didn’t know which half you’d be in? And then the enforcement action taken this month by the UK’s Information Commissioner’s Office (ICO) against the British Heart Foundation and RSPCA pushed wealth screening and data profiling to the front of the to-think-really-carefully-about list.
From behind a veil of ignorance, would you make provision for charities to be able to identify who would be most likely to provide the most resources for beneficiary services? Or you would make provision for everyone, not just those with the most resources, to be spared solicitations to help, either through an opt-out like the FPS or strict data protection laws?
I can almost feel the DP Twitterstasi hovering over their keyboards even as I type these words. My recent blog on Critical Fundraising about the ICO set several hares running among DP types, who, I think, misunderstood the thrust of this blog (though check out the three Storify links at the end of this blog and come to your own conclusion).
There seemed to be three strands to their criticism of my blog (aside from the ad hominem attacks on me).
First, they seemed very protective of the ICO: what it does is beyond reproach, criticism or challenging.
Second, fundraisers collectively as a profession have little right to speak up because they have lost that right by failing to take responsibility for poor practice – one said that fundraisers should improve their practice before criticising ICO; in other words, until you are doing what ICO tells you you should be doing, you have no right to challenge ICO over whether they’re right about what they’re telling you.
But third, most of the criticism I got was that I was not just defending poor practice – and remember, the BHF and RSPCA were actually found to be in breach of the letter of the Data Protection Act 1998 – but advocating future noncompliant data protection. I wasn’t then and I’m not now.
My original blog contains these lines:
At the point that the law is the law, where the data protection rules prohibit certain actions – such as emailing individuals without their consent – then there is nothing more to be said: you cannot do what the law proscribes, even if so doing would help your beneficiaries. The ICO adjudications against BHF and RSPCA show several instances where this is the case.
(Perhaps though if I were writing that blog again, I’d put something like this much nearer the start.)
Rather, that blog was a critique of how ICO appears to be approaching the way it is enforcing data protection at charities, particularly around wealth screening, and specifically about whether they are operating different (stricter) standards for charities than they do for companies.
That doesn’t seem to me particularly controversial, since regulators should always be held to account, not just by oversight bodies, but also by those they regulate, to ensure their regulation conforms the five principles of better regulation:
Proportionality Regulators should intervene only when necessary. Remedies should be appropriate to the risk posed, and costs identified and minimised.
Accountability Regulators should be able to justify decisions and be subject to public scrutiny.
Consistency Rules and standards must be joined up and implemented fairly.
Transparency Regulators should be open, and keep regulations simple and user-friendly.
Targeting Regulation should be focused on the problem and minimise side effects.
Neither does it seem to me a difficult question, because the answer has to be one of:
No, we do not have different standards for charities.
Yes, we do have different standards for charities.
We don’t know (on the two occasions I’ve asked ICO, the answer I’ve had is closer to this than the other two, although what I have inferred from what they’ve told me is: Yes, we do).
The response to c) then has to be, sort it out!
The totally legitimate response to b) is: Why do you have different standards for charities? Explain yourself and justify yourself. Anyone can ask the ICO – or any regulator, including the police and the security services – those kinds of questions, irrespective of whether you are the one who’s being accused of malpractice. It’s highly anti-democratic to claim that you have no right to confront your accuser.
So let’s get completely clear that there are two issues that are being conflated:
ICO found charities breached the Data Protection Act and punished them for doing so (I wouldn’t dream of challenging ICO’s decisions as I have nowhere near enough knowledge of data protection law to be able to do so).
Separately to the enforcement action it has taken, does ICO’s approach to regulating charities conform to the principles of better regulation, or is it overstepping these, specifically point three about consistency of implementation and point two about accountability?
These are two separate issues. Yet, the DP community’s response (at least to me via Twitter) has been to focus on the first and ignore the second, and can be characterized as: “This is where we are, deal with it.”
However, the original position thought experiment allows us to ask whether we ought to be where we are. And if we are not where we ought to be, perhaps we can actually change it to make it fairer.
I’m not advocating changing the Data Protection Act to give exemptions for charities (others might do that; I wouldn’t). I am advocating that the same standards be applied to charities as are applied to companies, and that might mean challenging ICO’s approach towards charities and persuading them to adopt a different approach, perhaps a ‘fairer’ one.
And yet I see this suggestion being received pretty badly by the DP community and whereas earlier I could sense their fingers hovering over their keyboards, now I can hear them come crashing down. Because I suspect they just won’t bite the bullet that any change is necessary or desirable, and not just because the Data Protection has the concept of “fair” use of data built into, so they will already consider it sufficiently fair.
Regulators have duties to beneficiaries – an ‘extraordinary’ idea
Jon Baines, the chair of the National Association of DP and FOI Officers (NADPO) described my original blog (see Storify 2 link in Appendix) as “extraordinary” because it suggested that “ICO has a moral duty to beneficiaries of charities that overrides rights of donors” – my theory of Rights Balancing Fundraising Ethics actually says that the ICO (and everyone, come to that) has a duty to beneficiaries that may override its duty to donors, not that it necessarily does. Baines considered my blog to be extraordinary not because it was asking a very good ethical question about how the rights of donors and beneficiaries ought to be balanced in the regulation of fundraising – a question that has rarely been posed, let alone satisfactorily answered – but because the self-evident answer was that the ICO did not have such a duty. He really was aghast I’d even suggested such a heretical idea.
I pointed out that we all have a duty to give aid to those in need – it’s a major plank of Kant’s duty of beneficence (see here, for example), and features prominently in the ideas not just of John Rawls (who calls it a ‘duty of mutual aid’ – see p97 of the 1999 edition of a Theory of Justice) but also of Peter Singer.
Baines’s response was that if charities failed to comply with the law, they would fail to help their beneficiaries, which would be a moral failing. This I agreed with, but pointed out my blog was not a defence of charities breaking the law, but a critique of ICO’s regulatory approach, which brings us back to the conflation of two themes I outlined above.
“The duty of helping another when he is in need, providing that one can do so without excessive loss or risk to oneself.”
So the question that Rights Balancing Fundraising Ethics is designed to help address in all ethical or moral dilemmas in fundraising – not just in relation to the ICO’s approach to wealth screening (but not enforcement of, provided it is done consistently in line with better regulation principle 3) – is to balance the duty to provide aid, by giving to charity, against the disamenity (loss or risk to oneself) of being asked to do that by a fundraiser.
While data protection maverns will, I am sure, argue otherwise, it is by no means self-evident that the disamenity to data subjects of a charity wealth screening its database outweighs the benefit of the aid that wealth screening delivers to beneficiaries, provided it is done lawfully by the charity. Any attempt to interpret the law solely to tip the balance in favour of the rights of data subjects – such as operating a double standard for charities and companies – would indeed, be unethical. To me, that idea doesn’t sound “extraordinary” in the slightest.
Social Contract Theory v Libertarianism
So why does there appear to be little common ground between those on the fundraising side who are critical of the ICO’s approach, and those on the data protection side who are steadfastly in support of it? When two sides of an argument are so patently talking past each other, then we need to delve a bit deeper to find out what’s going on. Because I think there is a much more principled reason for the data protection side’s rather vehement reaction to the charity sector’s arguments, and it rests in a clash of philosophies.
Rawls is a social contract theorist. Social Contract Theory is the idea that we agree to live under and abide by the ‘social contract’ of the society we live in, and surrender certain rights to individual liberty in return for the protection the society gives us. So under Social Contract Theory, there is always a trade off between individual rights.
I suspect those on the data protection side of the debate are libertarians. Libertarianism is the collection of ideas – one of the best known being Robert Nozick‘s Anarchy, State and Utopia, written as a direct response to A Theory of Justice – that state that the rights of the individual are absolutely paramount, take priority and primacy over all other considerations, and cannot be forcibly overridden by third parties in the pursuit of the interests of others.
A possible Social Contract Theory argument in respect of wealth screening could be that citizens ought to/could consider modifying certain of their data protection rights in return for the aggregate added protection and benefits this brings overall for members of society (not just services for those in desperate need, but new art galleries, theatres, sports facilities and museums).
The Libertarian opposition to this idea is that an individual’s personal data is absolutely sacrosanct, and absolutely no-one should be able to make any claims on the use of that data just because others may benefit from that use. That’s why Jon Baines considered my original blog to be “extraordinary”, because it ran headlong into his Libertarian principles*.
I can’t suggest a way to get the libertarians and social contract theorists talking together about this, partly because I’m running out of space and partly because I haven’t really given much thought how to do it. But knowing we’re in a clash of philosophies at least gives us a starting point.
But what it does show us, once again, is that fundraising has virtually no theoretical or philosophical foundation, and that when issues arise that need to be addressed at a theoretical level – such as what is the right balance to be struck between the rights and interests of donors and beneficiaries – all we can do is conflate this with the ongoing practical implications and consequences: in this case, did charities break the law?
This allows me to finish with a restatement of what I founded Rogare to do – to move the debate away from questions about what fundraisers do, to the theory and philosophy that underpins why they do those things. And hopefully through the more constructive discussions that come out of this, we will be able to put the profession on a much firmer theoretical foundation.
* Jon Baines has contacted me to point out that he is not a libertarian and does not have libertarian principles:
- Ian MacQuillin is director of Rogare, the fundraising think tank at Plymouth University’s Hartsook Centre for Sustainable Philanthropy.
Appendix – Twitter discussions on Storify
- Data protection Tweets – Storify 1
- Data protection Tweets – Storify 2
- Data protection Tweets – Storify 3
- Critical Fundraising‘s round up of blogs exploring ICO’s recent enforcement action.
- Download Rogare’s white paper: Rights Stuff: Fundraising’s Ethics Gap and a New Theory of Normative Fundraising Ethics.