Introduction

Sharing data makes sense for the arts and cultural sector

When we talk about “data sharing” here, we mean sharing information about audiences between cultural organisations as gathered through sales transactions, communications, or market research surveys for arts marketing and audience development. As we grow more adept at managing our relationships with the public, this kind of data has become more important.

Sharing audience relationships

The need for us to share data arises because cultural organisations delivering experiences to the public often work in partnership: venues with touring companies, festivals with multiple partners, city-wide collaborations, etc. One partner may collect and be legally responsible for the data, but others may need to access it. Both organisations creating and presenting work to audiences have a relationship to those people regardless of whether or not they are the “Data Controller” in the strict legal sense. Many organisations have pointed out that when companies and venues are working together they should consider the audience relationship as a shared one.

This guidance is founded on the idea that sharing data is good for the health of the sector and, more importantly, for the public. Few people disagree about this but there are a surprising number of barriers, both real and perceived, to our sharing data in a responsible and mutually agreeable way.

Arts Council England funding

Arts Council England recently introduced data sharing as a condition of funding for their national portfolio of funded organisations. As a result, this guidance seeks to reflect a wide range of needs and concerns in proposing a common practice that is at once fair, responsible and practicable. It is necessary for our sector to develop “good practice” that is based on achievable consensus.

Liaison with the Information Commissioner's Office

From May 2018 the GDPR imposes stricter requirements on organisations processing personal information to ensure that the rights of individuals are respected, and to be accountable for, and able to demonstrate their compliance with, the regulations. This has required some changes to be made to the guidance given here, which will affect the day to day practices of arts organisations that process their audiences’ personal information. In providing and updating this guidance we have consulted with and received advice from the ICO on the guidance presented here over its compliance with the relevant legislation governing the collection, management, use and sharing of personal information. These guidelines present a range of practical solutions to meet these legal obligations whilst enabling collaborative approaches to data use. However, the range of solutions we present here are not exhaustive, and we invite the sector to contribute to the continued development of practical approaches to data sharing by using this online resource to comment upon and add to the list of solutions.

Ongoing process

At the time of the publication of this guidance, the GDPR is adopted into UK law to be applied from May 2018. The Information Commissioners Office is also in the process of preparing UK specific guidance around a number of areas in relation to GDPR, such as “consent” and “profiling and automated decision making”.

It is possible that as more guidance becomes available, further additions to the guidance given here will become necessary. Furthermore, the European Commission is drafting changes to EU ePrivacy data protection regulations (to replace PECR), which seek to further enhance and protect the rights of individuals. These are due to be passed into law from late 2018/early 2019 and may require a further revision of some elements of guidance given here.