Mobile Giving Regulations Lead to Charity Warning

The Data Protection Commissioner (DPC) has received several queries in recent months in relation to collections by charities of donations via SMS (text message) on mobile phone accounts. 

Given the increased interest in SMS donation campaigns by charities, and the recent regulations by the DPC for charities and for members of the public in relation to the data protection issues, which arise in this area, a special information session was co-hosted by Fundraising Ireland, The Wheel and ICTR for the sector.

The well attended event held at the Chartered Accountants of Ireland House drew a cross-section of fundraisers, service and operations managers as well as information systems specialists from various community, voluntary and charitable organisations.

According to the latest provisions: “If the sole purpose of the donation campaign is to collect donations by text message, then it is unlikely that any data protection issues would arise. However, should the SMS transmitting the donation on behalf of the phone subscriber automatically place the phone subscriber into a position that they are assumed to be automatically consenting to being further contacted (apart from being sent an SMS receipt for the donation), then this use of telephone numbers contravenes the Data Protection Acts 1988 & 2003 and SI 336 of 2011 (Privacy and Electronic Communications Regulations).”

Lead speaker and data protection expert, Daragh O'Brien, MD of Castlebridge Associates, said the implications of the recent regulations for mobile giving include:

  1. Follow up calls to mobile numbers for direct marketing purposes require charities to have obtained explicit consent to the making of the call
  2. Consent cannot be assumed
  3. Burden of proof for consent rests with the Data Controller

The Data Protection Commissioner (DPC) requires that campaigns that use SMS donations to then trigger follow-up outbound calls or recruitment of regular donors must provide double opt-in; this means a customer must be asked at the onset if they opt-in to a follow-up to their mobile.

"breaches are criminal offences"

Daragh O'Brien said ensuring that charities are up to speed with data protection regulations on mobile giving is not only the best practice - it's mandatory as breaches are criminal offences, which may be prosecuted in the District Court where, on summary conviction, with fines of up to €5,000 per offence handed down.

Charities as data controllers must ensure that before they commence any marketing activity to phone numbers that have been used to make donations on foot of advertising (once off transaction), that the unambiguous consent of each telephone subscriber concerned for such marketing is obtained - in effect, that means that each targeted subscriber must have opted-in to receive such marketing contact.

Tim O’Dea, Head of Development, Barretstown, in his contribution advised Charities that are in any doubt about the consent issue to avoid making contact with the donors concerned.

The session also included discussion about the need to establish a sector-wide Code of Practice for Data Protection Governance and Compliance. If you are interested in becoming a part of the data protection steering committee please contact Anne Hanniffy at Fundraising Ireland:

Click here for more on the DPC Advice issued to Charities in October 2013.

Download (PDF) the European Communities (Electronic Communications Networks And Services) (Privacy And Electronic Communications) Regulations 2011 – SI 366 / 2011