by Jason Kelley
Electronic Frontier Foundation
Reprinted under Creative Commons Attribution license
Jump straight to the Online Privacy for Nonprofits Guide to Better Practices
Today, the vast majority of websites and emails that you encounter contain some form of tracking. Third-party cookies let advertisers follow you around the web; tracking pixels in emails confirm whether you've opened them; tracking links ensure websites know what you click; some websites even collect data on forms you've never actually submitted; still others share detailed interactions, such as appointments you've booked, with companies like Facebook. Each of these types of technology works by turning your actions into data: websites with tracking collect and store data about the site you are on, when, and what you are doing there; emails with tracking collect and store data about which email you opened and how you interacted with it.
All of this amounts to an incredible amount of data about you being collected without your permission. That data doesn't all end up in one place—sometimes it's collected by individual websites, sometimes by ad tech companies, and sometimes by third parties you've never heard of. But regardless of who has the data, it amounts to a massive violation of user privacy that can have far-reaching consequences. Choosing to collect the data of supporters, clients and visitors isn't just a marketing, monetary or ideological decision: it's a decision that puts people in danger. In a post-Roe world, for example, law enforcement might use internet search histories, online purchases, tracked locations, and other parts of a person's digital trail as evidence of criminal intent – indeed, they already have.
If you are a nonprofit organization, you may be part of the problem. Unfortunately, a 2021 report from The Markup showed that many nonprofits don't take threats to privacy seriously. That may be changing: Planned Parenthood, for example, has suspended the use of marketing trackers on some portions of their website in response to the dangers they could create for people seeking information on abortions. Hey Jane, an online provider of abortion pills, has also removed the Meta (Facebook) tracking pixel.
But there is still significantly more to do.
For example, you may use tools and software to improve the effectiveness of your marketing, and they may in turn collect copious amounts of data on visitors and clients. That data is often shared with third parties, and from there could make its way to law enforcement or into court. And even if you are working in a space where data collection doesn't obviously endanger your clients or supporters, don't forget that what is currently legal may not always be legal. For example, in 2021 legislatures in 22 states introduced bills to ban or otherwise criminalize best practice medical care for transgender young people. There are also many laws that are vague or conflicting: many states have legalized cannabis, for example, but the federal government still considers it illegal.
Given all this, it's no stretch to say that the data you're collecting in order to further your mission could be weaponized against the very people you're trying to support. Thankfully, it doesn't have to be that way, and we can prove it—and show you how to fight back.
We've made a guide intended for any nonprofit or civil society group that cares about privacy. Not all of the advice may apply to you, but all of the principles should be helpful for thinking about steps to move you towards better privacy practices.
We recognize that some nonprofits may rely on various forms of data collection, or even on the surveillance advertising ecosystem, and may be nervous about changing that. In the reproductive rights space, for example, Google Adwords or Facebook ads may be a critical way to drive users to accurate information. For other organizations, knowing how users arrived at a website can be essential to determining the cost-effectiveness of promotional choices.
It's reasonable to want to know whether an ad worked —but that knowledge comes at the price of handing information about your users and clients to the control of a third party.
Still, we understand many nonprofits may be reluctant to throw out all tracking or data collection, or the analytics tools that offer your organization important data. We aren't asking you to do that. Instead, our goal is to give you the knowledge necessary to consider what data collection and tracking is essential to your mission and what isn't, and to help you thrive while protecting the privacy of your supporters, clients, and users by finding alternative ways to get that information while respecting user privacy.
What's Wrong With Tracking Your Users
Nonetheless, many ad tech companies argue that pervasive online tracking helps users by connecting them with services and products they want. But this argument assumes that they want to be tracked by default. It ignores the damage done by the online surveillance ecosystem, particularly by behavioral advertising. And it ignores the many inaccurate or wrong conclusions ad tech companies make. In fact, there's plenty of evidence that ad tech doesn't work nearly as well as it claims, in part due to the fraud that runs rampant in the industry. (EDRi's report, "Targeted Online" has a detailed breakdown of problems with the ad-tech industry if you'd like more information.)
The reasons for NOT tracking are myriad: First, you'll engender goodwill with your supporters. Second, you may not imagine your organization to be the likely target of ransomware or of a data breach, but the less data you collect, and the less you share with outside organizations or companies, the less likely that your supporters will be affected. Third, data privacy laws vary across regions, and we are in a time of rapid change with respect to those laws. Minimizing data collection and retention can help ensure you're complying with those laws.
Lastly, sensitive data on those in a variety of advocacy spaces has the potential to be weaponized by law enforcement. Whether you are a small or a large organization, holding onto significantly less data can make the legal process of discovery much less troubling for you–and for your supporters and clients.
It bears repeating: what is currently legal may not always be legal; administrations change, and what is criminalized (and what laws are enforced, and how) shifts. For example: there are currently a record number of bills that specifically target LGBTQ+ youth that have been introduced or passed in the past year, most of which criminalize speech and healthcare. If law enforcement are interested in who is seeking that healthcare information, nonprofits working in that space may be targeted, and the data they have—in house, on servers, or in the cloud—may all be relevant. And in a post-Roe world, organizations or website operators that work in the reproductive rights space may receive subpoenas and warrants seeking user data that could be employed to prosecute abortion seekers, providers, and helpers. If Target can use recent purchases to determine a person is likely pregnant, law enforcement can use the data trail a pregnant person creates online to determine that they are considering (or did consider) abortion—and they already have. And many of the privacy concerns that worry us today are just the latest example of issues that have already been happening to many other people.
Looking at all these reasons together, protecting privacy should be an obvious choice for most nonprofits and civil society organizations. And as if all this isn't enough, there are plenty of other ways to gain powerful insights about users and supporters without collecting individualized data about their online activity.
We know, because we walk the talk. For more than thirty years, EFF has fought to protect the rights of the user—the person who's making use of a technology, such as a website or a smartphone. For us, that includes giving users the ability to choose to not be tracked, to remain anonymous or private, and to not have their data collected without their permission. In keeping with that mission, here's what we do:
This Website Does Not Track
On the surface, EFF's website looks pretty similar to other websites out there. But there's one major difference: we are preserving your privacy to the very best of our ability. Where most sites collect and store significant amounts of visitor data, like your IP address, location, browser, device type, and more, we log only a single byte of your IP address, as well as the referrer page (how you got here, if it's known), time stamp, user agent, language header, and a hash of all of this information. After seven days we keep only aggregate information from these logs. We also geolocate IP addresses before anonymizing them and store only the country.
This means that we have less information on visitors than most websites—if we look back at who visited the site a week ago, we can see how many visits from which countries each page received, but not where they came from, for example. But that is good enough for us to make decisions for our site and our advocacy. And we think it's enough for most other nonprofits as well.
"But doesn't this make your work harder?" some of you may be asking. "How can you do research or marketing without these insights?" At times, yes, this lack of information makes our work very slightly more difficult. We rely on donors like you to support our work, and as an advocacy organization, we rely on digital activism to get the word out. Knowing which of our emails are the most read, or having easier access to detailed analytics data about the visitors to our website, could help us do both of these things slightly more effectively. But that would require us to collect large amounts of data about our users, supporters, and followers, and we don't believe the trade-off is worth it. (We also recognize that unlike many organizations, EFF has on-staff engineers to help determine privacy options and implement them. Still, most groups should be able to take at least some of the steps listed here.)
EFF is an active, growing, and successful organization—as are plenty of other privacy-respecting nonprofits, like the Internet Archive and The Markup, not to mention companies like Basecamp.
So here's our challenge to other nonprofit organizations and civil society groups, and companies, who care about user privacy: turn off tracking.
If you'd like to join us, you can visit: Online Privacy for Nonprofits: A Guide to Better Practices.