Subscriber Exclusive

Katherine Raskob outlines how the national political agenda could impact charities and what action FIA is taking

Data privacy and security of personal information is an issue that’s currently on the national political agenda. The Attorney General’s Department is now reviewing the Australian Privacy Act 1988. Since last October, the Department has been asking for organisations to provide their feedback on proposed changes to the Act.

This comprehensive review is considering the definition of personal information; whether the existing exemptions for small businesses (eg charities) should remain; if the privacy laws should be more in line with those in the European Union (eg the General Data Protection Regulation launched in 2018), and if a privacy tort should be created.

The review was agreed to as part of the Commonwealth Government’s response to the Australian Competition and Consumer Commission’s (ACCC) Digital Platforms Inquiry.

FIA is concerned about some of the proposed changes, especially that all organisations, including those with a turnover of less than $3 million, will be required to comply with the Privacy Act. Currently, they don’t have to, but the government is considering whether this threshold should be removed. This change would negatively impact many of our charity members and the broader sector. 

Our worry is the excessive red tape burden that would hurt a sector that’s suffered a significant drop in income due to the pandemic and the uncertain economic climate that’s resulted. While charities struggle for funding, the demand for service delivery, particularly around food insecurity and mental health assistance, has skyrocketed. FIA believes that removing the exemption for charities would have minimal impact on the intended target, digital platforms like Facebook and Google, but would increase compliance costs and put considerable pressure on smaller charities that are already burdened enough as it is.

Other proposed changes include:

  • An updated definition of personal information to include technical data and online identifiers
  • Strengthening the ‘notification’ requirement
  • Strengthening the consumer ‘consent’ requirement
  • An individual right to the erasure of personal information
  • Strengthening of individuals’ rights to privacy by equipping them with a direct right to encourage privacy obligations under the Privacy Act and addition of a statutory tort for invasion of privacy 

When GDPR was introduced in the EU, it had a depressing impact on the European fundraising sector. FIA thinks the situation would be similar here and predicts fundraising income would decrease significantly in the first year of any similar introduction (and probably longer), and the cost of fundraising would rise.

In its submission to the Digital Platforms Inquiry in 2019, FIA opposed the updating of the personal information definition. Expanding the definition of personal information as proposed is not necessary to capture activity on digital platforms. The definition was updated in 2014 with the digital economy and likely future technological developments, including technical data relating to an identifiable individual. Making this change would require organisations to adapt their privacy processes and procedures in the same way it collects and uses other information.

FIA also opposes the strengthening of the notification requirement as this would be an additional red tape burden on charities and not-for-profits. Around the consent requirement, FIA feels there is no evidence that existing Australian Privacy Principles (APPs) are inadequate. 

FIA does support the proposal to enable the erasure of personal information. This is already common practice and provided for under APP 4. 

The review is currently considering whether a direct right of action should be created for individuals to enforce privacy obligations or a statutory tort of privacy should be created. FIA opposes this as there is no evidence that these are necessary or desirable.

FIA has urged the government to take other factors into account when considering the ACCC’s recommendations:

1. The ‘bargaining power’ equation is entirely different between that of a donor and a charity as opposed to that between a consumer and a digital platform, bank, utility or telecommunications provider. 

As has been recognised by the ACCC in its consideration of the application of Australian Consumer Law (ACL) to fundraising activities, the relationship of a donor to a charity is different from that of a consumer and a supplier of goods and services. A donation is a gift given unconditionally. Goods and services are purchased by a consumer with the expectation they will meet the claims made for them, and redress is available if not.

Since the amendments to the Privacy Act, which introduced the APPs, other regulations have been implemented which give greater power to donors.

In 2012, the national charities regulator, the Australian Charities and Not-for-profits Commission (ACNC), was established, giving donors instant access to comprehensive financial and other information about charities so they could make informed choices and have confidence in their charitable giving. The ACNC also provides donors with a complaints avenue.

In 2017, the Commonwealth, state and territory governments promulgated regulatory guidance to fundraisers on the application of the ACL with regard to fraudulent activity. In 2017, the NSW government amended its Charitable Fundraising Act to create a new court of inquiry with the power to hold public investigations into alleged breaches of the fundraising law. 

At the regulatory and self-regulatory level, the ACNC, Office of the Australian Information Commissioner (OAIC) and FIA have developed guidance and codes to address issues around vulnerable Australians, particularly regarding the ageing population. In FIA’s case, specific code material on people in vulnerable circumstances was part of its total code review and fundraising sustainability exercise in 2016-17.

In making future decisions on the Privacy Act, FIA urges the government to take into consideration the considerable amount of activity and regulation that has taken place over the years to empower donors. This demonstrates that charities, fundraisers and regulators have been working together to create a more donor-centric environment, rendering further changes to the APPs to protect donors unnecessary.

2. The impact of the report on charitable fundraising in Australia, exemplified by the introduction of GDPR in the EU. 

When GDPR was introduced in the EU, it had a depressing impact on the European fundraising sector. FIA thinks the situation would be similar here and predicts fundraising income would decrease significantly in the first year of any similar introduction (and probably longer), and the cost of fundraising would rise. 

Proposed new consent provisions would also disrupt the lifeblood of all charitable fundraising endeavours: new donor acquisition. This is something to consider as Australia’s current environment consists of an ageing population and stagnant wage growth, not to mention the uncertain economic climate caused by the pandemic.

Any movement towards more restrictive data and privacy laws presents difficult policy choices for FIA and its members. FIA will consider advocating for a fundraising ‘carve out’ or charity exemption and/or seek to embrace a new privacy and data regime with a program of donor engagement, education and training. FIA is currently holding consultations with members to determine a policy position on this issue.

Further announcements are expected from the government this year. Meanwhile, FIA urges members to be up to date on privacy issues. This includes ensuring that data collection and retention practices comply with the current requirements of the Privacy Act and processes are in place to make any of the proposed changes.

FIA also advises fundraisers to examine if privacy policies are up to date and compliant, that there are procedures in place for the safe and secure collection and keeping of personal information, and that members act swiftly in the event of a data breach. 

Katherine Raskob is the CEO of Fundraising Institute Australia.

Subscribe to access this article.

Continue reading your article with an F&P subscription

Join with other top fundraisers to receive insight, analysis and inspiration to help you raise more funds.

subscribe now for $1

Cancel anytime.

Already a subscriber? LOGIN HERE