3 minute read
LEGAL IMPLICATIONS
Lack of clarity about the legality of collecting and using artist demographic data has been cited by many nonprofit organizations as a reason for not engaging in such a process. In general, in the United States, there are no legal barriers to such a project if the artist demographic data collection is executed in a way that protects the subjects’ privacy rights, as those are defined in various laws and regulations. The data privacy considerations will vary from country to country. The information provided here is largely focused on statutes and regulations for the United States. It is the organization’s responsibility to ensure all stakeholders have familiarity with applicable laws concerning data privacy. Even basic knowledge of these legal matters can help inform the project parameters and enhance institutional focus on equity, inclusivity, and privacy. Legal review and advice must be garnered at the onset of the project to prevent future,
Note
Civil rights are personal rights protected in the United States by the constitution and federal laws enacted by Congress such as Title VI of the Civil Rights Act of 1964, Title IX of the Education Amendments of 1972, Section 504 of the Rehabilitation Act of 1973, the Americans with Disabilities Act of 1990, and the Age Discrimination Act of 1975. While these civil rights statutes prohibit discrimination on the basis of protected statuses including age, race, disability, gender, gender expression, gender identity, genetic information, national origin, religion, sex, and sexual orientation, they do not prohibit the collection of data documenting the demographics of those protected statuses.
Resources
International Data Laws otherwise unfounded legal concerns. Regardless of the funding source for any project, arts organizations also have an obligation to work with and coordinate with the individuals responsible for securing, maintaining, and/or reporting on the usage of the financial support.
Farkas, Lilla. “Data collection in the field of ethnicity.” European Commission, 2017. York, Joanna. “France debates legality of collecting ethnicity data.” The Connexion, June 16, 2020.
“Ethnic Origin and Disability Data Collection in Europe.” Open Society Foundations, 2014.
“Guidance note on the collection and use of equality data based on racial or ethnic origin.” European Commission, September 2021.
Data Privacy Rights
The comprehensive privacy law of the European Union (EU), General Data Protection Regulation (GDPR), applies to all organizations that collect the data of EU residents, requiring them to ask for permission to share data and outlining the rights of individuals to access, delete, or control the use of that data. While the United States does not have a comparable federal data privacy scheme, GDPR will apply to arts organizations that collect data from EU residents. While there are several U.S. laws (e.g., Children’s Online Privacy Protection Rule [COPPA], Health Insurance Portability and Accountability Act [HIPAA], and Family Educational Rights and Privacy Act
[FERPA]) designed to protect specific types of data from specific classes of individuals, most of these fall outside the normal practice of museums and other arts organizations. Additionally, at the time of this writing, five states— California, Colorado, Connecticut, Utah, and Virginia—have enacted comprehensive data privacy laws, and several others, including New York, have privacy bills in various stages of committee review. Most museums and arts organizations will fall below the thresholds of revenue, the number of employees, and/or the number of individual records containing Personal Identifiable Information (PII) processed by the organization that would trigger the need for compliance with state privacy laws.
Nevertheless, to ensure the protection of participants’ rights and privacy, project leaders should review the proposed methodology for data collection, usage, storage, and privacy with their organization’s experts, including information technology, human resources, and/ or legal counsel, to ensure compliance with the organization’s policies and with applicable laws. Laws governing data privacy and the sharing of PII should also be evaluated prior to sharing demographic data externally. Note that the law is the minimum level of protection that the organization must enact, however going beyond the current legal statutes is advisable ethically—securing data is essential to maintaining trust and respect.
Resources
U.S. Data Laws
“Data Protection Laws and Regulations 2022.” International Comparative Legal Guides.
Frankfurt, Tal. “ What Does GDPR Mean for U.S.-Based Nonprofits?”
Forbes, May 25, 2018.
Resources
U.S. Data Laws continued
“Implementation Guidance on Data Collection Standards for Race, Ethnicity, Sex, Primary Language, and Disability Status.” U.S. Department of Health and Human Services, October 30, 2011.
Ver Ploeg, Michelle, and Edward Perrin, eds. “Private-Sector Collection of Data on Race, Ethnicity, Socioeconomic Position, and Acculturation and Language
Use. Cover of Eliminating Health Disparities” in Eliminating Health Disparities: Measurement and Data Needs. National Research Council
(US) Panel on DHHS Collection of Race and Ethnic Data, Washington, D.C.: National Academies Press, 2004.
“State Laws Related to Digital Privacy.” National Conference of State Legislatures.
“ U.S. Privacy Laws: The Complete Guide,” Varonis, September 2, 2022.
