Digital Fundraising
The Legal Bits
Institute of Fundraising Conference 12 September 2012
Augustus Della-Porta
What is the scope of digital fundraising?
Platforms Website Email SMS Social media
Donations Trading
Your website
Your website
Our website is developing in exciting ways. It now has video-blogging, photographs, interactive tools, online donation facilities
and a sophisticated design.
How do we ensure we are not breaching others’ IP rights and how do we protect
our own IP on the website?
What should we look for in agreements with website suppliers?
IP and your websites
• Layers of IP in back office and content◦ Source code; text; design; look and feel; photos; videos;
trade marks
• Approaching third party IP use◦ Ensure clearance for online use (beware of territories)
◦ Use standard consent forms
◦ Obtain assurances and indemnities from contributors
◦ Credit the creators (where you have agreed to do so)
◦ Copyright and trade mark statements, where necessary
◦ Remove material immediately if complaint of infringement (and you are unsure of rights’ status)
IP and your websites
• Protecting organisation’s own IP◦ Ensure you own it – agreement with developer
◦ Security measures
◦ Credit your IP/trade marks
◦ Deal with it in terms and conditions and specific statements on site
◦ Infringement action
Terms and conditions with developers
Don’t be put off by ‘standard’ small-print Ts and Cs – always room for negotiation
Balance negotiation against value of the website
Protect your IP. Developer may own IP in the coding but should release code if new developer appointed
Agreed procedure if disruption – outside business hours
Terms and conditions with developers
Clear termination right for unsatisfactory service (as judged reasonably by your organisation!)
Obligation to release coding to new developer without disruption to service and co-operate for a smooth handover
Deal with hidden costs – upgrades, maintenance, transfer to new developer
Detailed “SMART” specification
Third parties with access to supporter data
Text donation service providers, fulfilment houses, website hosts and providers
Data controller (charity) remains liable Should ensure written data processor
agreement in place
Privacy and cookies
Privacy & Cookies
My organisation will be collecting personal information about visitors through the website and
will be using cookies - so that users are recognised when they come back to the site and
to process payments and donations.
What are the legal risks?
Privacy
• Data Protection Act 1998◦ Personal data – information relating to a living individual who can
be identified by that information (or when the information is combined with other information in your organisation’s possession)
◦ If you collect personal data, the Data Protection Principles apply including:◦ Personal data shall be processed fairly and lawfully
◦ Personal data shall be obtained for lawful purposes
◦ Personal data shall be adequate, relevant and not excessive in relation to the purpose
◦ Personal data shall be accurate and, where necessary, kept up to date
◦ Personal data shall not be kept for longer than is necessary for the purpose
◦ Appropriate measures shall be taken to protect against unlawful processing and to protect against accidental loss/destruction
Privacy – practical tips for data protection
◦ Explain how you are using and storing personal data – there is not a general requirement for consent but you must have provided the information
◦ Use personal data in a reasonable, transparent and proportionate manner
◦ Be clear about any sharing of personal data with third parties
◦ Obtain consent for email marketing from users (e.g. from the form collecting the contact information)
◦ Consider security measures for users (e.g. passwords, encryption, security checks, destruction of information once not relevant) and discuss with web developer
Cookies
• Change in law – May 2011:
◦ Obligation to give clear and comprehensive information about cookies
◦ Obligation to “opt in” i.e. give consent to the use of cookies
◦ Exceptions – “strictly necessary” (e.g. shopping basket, donations)
Cookies – practical steps
• Assess what type of cookies you are using
• Spring clean your cookies
• How intrusive are your cookies? (The more intrusive, the greater the obligation for consent)
• Consider how best to obtain consent (in privacy policy or T&Cs, tick boxes, clear statements, pop ups)
• Be wary of third party websites using cookies on your users
• Read and keep up to date with the ICO guidance/advice on cookies
Social Networking
Social Networking
Our digital fundraising strategy is developing and we intend to offer social networking
services where website users can donate online, express views, chat, contact each other, upload content such as videos and
photographs.
What are the legal risks?
Social Networking
◦ Clear and accessible “House Rules” which may include:◦ Rules about IP infringement with indemnity
◦ Rules about obscene/offensive materials
◦ Information about your moderation
◦ Rules prohibiting spam emails to other users or marketing of commercial services
◦ Clear right to suspend access or require content to be edited
Social Networking
◦ Clear complaints procedure
◦ Provision allowing your organisation to use the information for its purposes
◦ General rules about how you wish individuals to use the website
Consider posting statement on website about
level of moderation and clarifying that views
posted are not those of the organisation.
Electronic marketing
Electronic marketing
What does the law require?
In addition to DPA 1998, Compliance with Privacy and Electronic Communications Regulations 2003
Applies to direct marketing messages to email, text messages, picture or video messages
What is direct marketing? Not just offer for sale of goods or services Includes promotion of charity’s aims and ideals Includes fundraising appeal
electronic marketing (to individual or corporate) should Give identity of sender Valid address for opt-out request Any other information necessary to enable processing of data to be
fair
Electronic marketing – key points
no unsolicited e-marketing to “individual subscribers” without consent
“Solicited” message = actively invited e.g “I would like to receive marketing from…”
consent must be given to the sender (i.e. no bought-in lists unless marketing is solicited)
exception: prior consent not necessary for existing relationship in connection with sale of similar goods/services – NOT charity donations!
Online version
XYZ Organisation
Data Protection Act 1998
I would like to receive information from you [and your subsidiary companies] relating to your activities (including fundraising)
I am happy for you to pass my details to other organisations [with similar objects] so that they can contact me about their activities
Please untick the relevant box(es) if you do not wish us to do this
[Note: ICO good practice differs]
How does this apply to text donations?
Provide information before you collect mobile no./received text e.g. on website/in literature
“Please donate by texting [ ] to [ ]. We will use your details to update you on our events and activities”
Tell supporter who you are and what you are using their data for
Applying to text donations – Consent to unsolicited marketing
Include opt-in statement on link from text e.g. on gift aid form (see example below)
Gift aid wording:
I am happy for [X] charity to keep in touch and tell me about their events and activities
My email address is [ ]
Gift aid and text donations
Gift aid rules apply to text donations Minimum information needed from donor Can be completed via mobile
CAP Code
Advertising Standards Authority - CAP Code
CAP Code applies to charities’ website relating to donations, fundraising and selling of products/services, third party sites under its control, social networking pages of the charity
Obligations include: Not misrepresenting the body, activities or the
benefits of donated funds or the scale/nature of the cause it is supporting
Addressing fund-raising messages to children
Other legal issues to consider
Sale of goods and services – compliance with the Distance Selling Regulations – conditions to be met: Before consumer buys from you Once consumer has decided to buy Cancellation
Phonepayplus guidance – applicable where premium rate lines are used
Payment Card Industry Data Security Standards Corporate fundraising – commercial participators
Contact
Augustus Della-Porta
Associate
Bates Wells & Braithwaite
2-6 Cannon Street
London EC4M 6YH
Tel: 020 7551 7607