Behold the pinnacle of slactivism, digital solutionism, and GDPRubbish

All weekends, holidays, and shore leave are cancelled until the summer due to GDPR. And I’m loving that. Supporting agencies and software developers to adopt the principles of privacy by design, to audit their data storage and flows, and to improve documentation and transparency is far more enjoyable than it should be. It is the single most transformative process I have seen in twenty-one years of working on the web, and the magic ingredient is not the code. It’s the person doing the pitch. By being positive, encouraging, and inspirational, you create evangelists who go on to do the same.

That’s not to say that there isn’t a lot of rubbish out there, which I choose not to dignify. I warn people of what to look for and how to recognise the worst of it, but I don’t allow to my public approach to be defined by anger and bitterness. I firmly believe in hating the game, not the player.

Even that being said, last week I received an email that was so appalling in every way it simply had to be called out. It went like this.

Subject: This is important.

This email’s a bit different from normal, Heather. I’ve got a serious task ahead of me and I need your help.

There’s a new law coming in that will protect us from big business selling off our personal information or contacting us when we don’t want them to. [1] It’s called the General Data Protection Regulation. It might sound boring, but it’s a good law that’ll keep our personal info safe online.

But it doesn’t just apply to corporations. It applies to 38 Degrees too. And I’ve been tasked with making sure 38 Degrees doesn’t break the law.

I’ve got it all planned out – I’ve got spreadsheets, I’ve got to-do lists, I’ve colour-coded everything. I know what needs to happen. But I also know that for an organisation like ours, without big legal departments, it’s going to be costly. We need top legal advice, state-of-the-art new tech, and staff on call to help get it all ready in time.

As 38 Degrees-ers, together we’ve run and won campaigns to protect our personal data, so we know how important it is to get this right. [2] Heather, can you chip in whatever you can afford to help fund legal advice, new tech, and the staff to make this happen?

(Buttons: chip in £1, chip in £2, chip in £3, chip in another amount)

38 Degrees is a small, lean organisation. We don’t have big funders or sponsors, a legal department or a big team of tech people like Google or Facebook to help with this. We’re funded by people like you, making small donations. We’re a small team, and there’s a lot of responsibility on my shoulders.

So I’m going to need expert help and advice to get it right. I’m speaking to legal experts and top tech developers. But the real power of 38 Degrees doesn’t come from experts – it comes from you and thousands of other people working together as a team. I can’t do this on my own, so please will you help me?

Please will you chip in to fund the legal experts and the technology to help keep 38 Degrees legal?

(Buttons: chip in £1, chip in £2, chip in £3, chip in another amount)

If you can’t chip in right now, will you sign up to keep getting emails from 38 Degrees about campaigns in the future? If you agree to 38 Degrees sending you emails about important campaigns click ‘yes’ below: Your personal information will be kept private and held securely. By submitting information you are agreeing to the use of data and cookies in accordance with our privacy policy. [3] You can unsubscribe at any time in the future.

Where do we even start.

Do we start with the organisation itself – digital solutionists whose raison d’etre is that the fundamental processes of law, governance, and policymaking can be subverted by mass emails and petitions.

Do we start with the cult of the crowd – the notion that budgeting and planning aren’t necessary when you can beg £1 off enough people.

Do we start with this organisation’s view of data protection and privacy law as being about big business (they use that pitch a lot: what they call “big business”, I call the people who resource properly and show up) and, by inference, its applicability to groups which are not big business are an administrative oversight.

Do we start with their view of making sure their operations do not “break the law” – a subtle Americanism which is grounded in conflating the civil statutes of privacy and data protection with the criminal law of courtrooms and judges.

Do we start with a presumably grown woman wanting a pat on the head for “I’ve got spreadsheets, I’ve got to-do lists, I’ve colour-coded everything” in a professional context.

Do we start with the self-infantilisation of working “without a big legal department”, repeated as not having a big team of tech people “like Google or Facebook”, when only 10% of the GDPR compliance process, at best, requires a lawyer.

Do we start with the request for donations to fund “top legal advice” and “state-of-the-art new tech” – again, none of which are required for healthy GDPR compliance.

Do we start with the closer, “Please will you chip in to fund the legal experts and the technology to help keep 38 Degrees legal?”, an open admission that the baseline legal compliance it requires to function as a business is something which they have not budgeted or planned for.

Do we start with them genuinely not understanding that organisations that work with law and policy should not send out fundraising emails revealing a profound misunderstanding about law and policy.

Do we start with the implication that they weren’t following existing data protection and privacy law and that’s why they’re scrambling to catch up, one quid at a time.

Do we start with their admission that they believe they shouldn’t have to run their business like you run yours.

Or do we simply save ourselves the aggravation and put this whip-round on a plinth as the pinnacle of slactivism and digital solutionism.

Yes, let’s do that.

Let’s hold it up as the organisational suicide note it is: an admission that digital solutionists who claim to be able to make things happen by magic and by clicks are the last people you should trust to take meaningful action on laws and policy.

And let’s leave them to it, and get back to work.