These 6 Nonprofits Are Leading on Data Privacy

In Resources by Chris Delatorre1 Comment

Two months ago, our own Lucy Bernholz alluded to an onslaught of privacy updates from providers working toward GDPR compliance. Digital Impact is following what popular web platforms are doing (and not doing) to ensure data privacy here. We also think it’s helpful to see how the social sector is leading the charge. Here are six nonprofits we’ve noticed in recent weeks.

Ranking Digital Rights (RDR)

When revising its privacy policy, Ranking Digital Rights (RDR) included an update on its new mailing service provider (MailChimp as of April 9) and information about its web analytics service, Matomo (previously Piwik). Through an international network, RDR sets privacy standards for companies operating in the ICT space, including a Corporate Accountability Index, which ranks companies on their digital policies according to a list of 35 indicators.

Ford Foundation

Ford Foundation President Darren Walker asked EU-based readers to update their consent preferences, one of several steps the foundation has taken to ensure its GDPR compliance. The foundation’s updated privacy policy explains its data collection practices, including how it combines, uses, and shares the information, and how it manages “cookies,” which are used to record an individual’s online preferences.

Electronic Frontier Foundation (EFF)

A champion of user privacy and free expression, the Electronic Frontier Foundation (EFF) draws on the knowledge of activists, attorneys, and technologists in an effort “to ensure that rights and freedoms are enhanced and protected as our use of technology grows.” EFF’s privacy policy explains how it gathers data from site visitors, members and donors, includes a section on third-party service providers, and instructs users on how to update or remove their information. Changes are summarized in timeline form and previous policies can be viewed with a single click.


GlobalGiving, a global crowdfunding community connecting nonprofits, donors, and companies, updated its privacy policy and cookie policy, and shared more on how it handles personal data in keeping with GDPR and the organization’s Privacy Shield certification. In a recent email, GlobalGiving invited users to compare the cookie requests they receive when visiting other sites to its own practices.

The Engine Room

The Engine Room’s “privacy and responsible data” policy includes a primer on responsible data practice and a detailed list of services the organization uses, along with in-depth descriptions of its communications and research practices. The Engine Room’s Zara Rahman recently described GDPR as “a promising step in the direction of taking a rights-based approach to working with data.”

Internet Society

Internet Society, which promotes the development of the internet as “a resource to enrich people’s lives and a force for good in society,” applies a set of principles to its use of “personal” and “anonymous” data collected from readers and site visitors. Effective in April, its updated privacy statement covers emails, payment information, social media, cookies, cross-border transfers, and more.

Have you noticed a privacy policy that reads a step above the rest? Tell us in the comments. Learn more about GDPR and sign up to receive updates at

Chris Delatorre is the editor of Digital Impact. Learn more about Chris on his website and connect with him on Twitter @urbanmolecule.

Image by Chang Duong via Unsplash (CC BY 2.0)


  1. Hello There. I discovered your weblog using msn. That is a very well written article. I will be sure to bookmark it and come back to read more of your useful information. Thanks for the post. I will certainly comeback.

Leave a Comment