Skip to content

These 6 Nonprofits Are Leading on Data Privacy

Weeks ago, Lucy Bernholz alluded to an onslaught of privacy updates from providers working toward GDPR compliance. Digital Impact is following what popular web platforms are doing (and not doing) to ensure data privacy. We also think it’s helpful to see how the social sector is leading the charge. Here are six nonprofits we’ve noticed in recent weeks.

Ranking Digital Rights (RDR)

When revising its privacy policy, Ranking Digital Rights (RDR) included an update on its new mailing service provider (MailChimp as of April 9) and information about its web analytics service, Matomo (previously Piwik). Through an international network, RDR sets privacy standards for companies operating in the ICT space, including a Corporate Accountability Index, which ranks companies on their digital policies using a list of 35 indicators.

Ford Foundation

Ford Foundation President Darren Walker asked EU-based readers to update their consent preferences, one of several steps the foundation has taken to ensure its GDPR compliance. The foundation’s updatd privacy policy explains its data collection practices, including how it combines, uses, and shares the information, and how it manages “cookies,” which are used to record an individual’s online preferences.

Electronic Frontier Foundation (EFF)


What do you look for in a privacy policy? Tell us here.

A champion of user privacy and free expression, the Electronic Frontier Foundation (EFF) draws on the knowledge of activists, attorneys, and technologists in an effort “to ensure that rights and freedoms are enhanced and protected as our use of technology grows.” EFF’s privacy policy explains how it gathers data from site visitors, members and donors, includes a section on third-party service providers, and instructs users on how to update or remove their information. Changes are summarized in timeline form and previous policies can be viewed with a single click.


GlobalGiving, a global crowdfunding community connecting nonprofits, donors, and companies, updated its privacy policy and cookie policy, and shared more on how it handles personal data in keeping with GDPR and the organization’s Privacy Shield certification. In a recent email, GlobalGiving invited users to compare the cookie requests they receive when visiting other sites to its own practices.

The Engine Room

The Engine Room’s privacy and responsible data policy includes a primer on responsible data practice and a detailed list of services the organization uses, along with in-depth descriptions of its communications and research practices. The Engine Room’s Zara Rahman describes GDPR as “a promising step in the direction of taking a rights-based approach to working with data.”

Internet Society

Internet Society, which promotes the development of the internet as “a resource to enrich people’s lives and a force for good in society,” applies a set of principles to its use of “personal” and “anonymous” data collected from readers and site visitors. Effective in April, its updated privacy statement covers emails, payment information, social media, cookies, cross-border transfers, and more.