Month: April 2020

Safe Harbour in a Storm

Posted on by Chris

On Wednesday it was headline news in Luxembourg where I was working with clients: the European Court of Justice had struck down the Safe Harbor agreement. Max Schrems had won a battle with Facebook and the Irish data protection authorities.

The court ruling that European Commission Decision 2000/520 is invalid means that we can no longer share data easily with US colleagues: Texting your New York colleague with your UK donor’s data of birth just became illegal.

There have always been two routes to data transfer from the EU to the USA: Safe Harbor, and the use of a model contract. The latter route is still open, according to the lawyers; there are useful posts on the ruling and its implications from Norton Rose here and from Clifford Chance here.

So how will this affect prospect research, fundraising and philanthropy?

First, it underlines the relevance of employing prospect researchers. Increasingly, prospect researchers are the custodians of personal data relating to potential and actual supporters. We act as the interface between fundraisers who want to know everything about everybody and the law which restricts what we can record and what we can share. Especially, what we can share with colleagues outside the EU.

Second, it reminds us that personal data is personal. There is an increasingly uncertain frontier between what is public and what is private as social media carries more and more of our donor’s lives. At Factary we have long had concerns about the material that people post in their Facebook pages, and have excluded it from profiles as a general policy. All of us in prospect research should continue to review and re-review our protocols to ensure that we are up-to-the-minute in data protection.

Third, it will mean some hard work over the coming weeks for organisations (universities, arts and culture, NGOs…) with sisters outside the EU (for example, your “Friends of” organisation in Washington DC) to revise or renew agreements that allow data transfer.

Fourth, it means UK suppliers such as Factary should review their data processes to ensure that all of their data is held inside the EU. At Factary we did this some time ago, and yes, all our data and servers are inside the EU.

Finally, this will be especially difficult time for fundraising and philanthropy. Increasingly philanthropists are international – a home here, a business there, and a foundation somewhere else. To work with a donor who lives in Paris but works out of New York we need to be able to share data quickly and effectively with our team. Our philanthropists (major donors, strategic donors) want us to react quickly and to provide coordinated, joined-up service. That is going to be a delicate, difficult job following this ruling.

The closure of Safe Harbor means choppy seas for all of us.