Sharing Data Responsibly

Steve Francis | September 12, 2025

Note: In the following essay we reference the eight Better Deal for Data™ commitments originally proposed in our April 2024 white paper. In December 2025, we released the BD4D™ Commitments as a set of seven refined commitments.

Introduction

The Better Deal for Data (BD4D) is intended not only to promote good data stewardship, but also to enable and encourage ethical and beneficial data sharing. Nonprofits depend on data to deliver programs, secure funding, and demonstrate impact. Communities, in turn, depend on nonprofits to use their information responsibly, in ways that create benefits rather than risks. The Better Deal commits adopting organizations to only share data in ways that serve the interests of the people providing it, their communities, humanity, and the planet.

Implementing this intention raises an important question: how can nonprofits responsibly share data for the benefit of individuals, communities, and society while staying true to the BD4D Commitments?

To explore this question, this paper looks at four key considerations. First, we examine the difference between “Your Data” and ‘processed data’, and why many sharing needs can be met through aggregated or anonymized information. Second, we consider the role of agency under the Better Deal, and how the principle of “No Surprises” sets a practical floor for responsible implementation. Third, we highlight the importance of transparency regarding data sharing practices, and how the right form of communication depends on the context and community involved. Finally, we discuss the reality that many forms of legal or operational data sharing are routine, permissible under the BD4D Commitments, and even necessary to sustain nonprofit operations.

This working paper is one of a series we are publishing on major questions about implementing the Better Deal for Data. It is not intended to be the final word on how to share responsibly. Instead, these Major Questions essays are meant to surface the key issues, share our initial answers, and invite further conversation. We hope that through this dialogue, we can continue to refine and strengthen what it means to create a truly better deal for data.

Your Data vs. Processed Data

A first step toward understanding responsible data sharing under the Better Deal for Data is to recognize the difference between “Your Data” and processed data. Your Data refers to the raw information that directly describes people, and their activities. Misuse of this data could lead to economic, reputational, or personal harm. Processed data, by contrast, is information that has been aggregated, anonymized, or otherwise transformed so that it no longer points back to specific individuals. This distinction matters, because for many purposes, sharing processed data is sufficient to achieve an organization’s goals without putting individuals or communities at risk.

Consider a nonprofit reporting to funders or government agencies. It is rarely necessary to share details about specific individuals in order to demonstrate impact. A simple count of how many families were served, broken down by county or year, can provide the type of accountability and transparency that stakeholders require. Likewise, identifying trends across time, such as an increase in the adoption of sustainable practices in a particular region, can shape public discourse and policy while safeguarding personal privacy.

De-identified data occupies a middle ground. When handled carefully, it can generate valuable insights while minimizing risk. For instance, providing a dataset that lists the exact dates on which services were delivered in a given county can reveal usage patterns that are more informative than simple monthly averages, yet still carries little chance of revealing individual identities. On the other hand, datasets that include multiple characteristics—like zip code, household size, and profession—may make it all too easy to re-identify individuals, especially in smaller or more vulnerable communities. In such cases, the potential for re-identification and harm outweighs the benefits of sharing. Such data should not be made available openly, and should be shared only under strong protections against re-identification.

There are situations where processed data can and should be made open, particularly when doing so aligns with an organization’s mission. Publishing city-level statistics about program effectiveness, for example, both promotes transparency and benefits society without exposing sensitive details. Supporting mission goals may require sharing sensitive data responsibly with other aligned organizations, but only when those partners have also adopted the BD4D Commitments or signed agreements that bind them to the same commitments. What counts as “sensitive” is always contextual. For persecuted or marginalized groups, information that seems routine in other settings may carry real risks if shared.

By drawing these distinctions clearly, organizations can take advantage of the benefits of data sharing while staying true to the commitments of the Better Deal for Data. Sharing the right kind of processed information enables insight and collaboration, while protecting the trust and safety of the communities being served.

Agency and Its Limits

One of the most important promises of the Better Deal for Data is that it increases the agency of people and communities over their own information. The Commitments make it clear that “Your Data” remains under “your control”: you can ask to have it corrected, deleted, or transferred, and you can decide who else to share it with. This marks a deliberate shift of power away from data-collecting organizations and toward the individuals and communities most affected by data use.

However, agency under the Better Deal for Data has some practical boundaries. Most nonprofits cannot reasonably return to every participant for approval each time a new data sharing opportunity arises. By setting firm limits on the purposes the data is put to, the idea of the Better Deal is to create a trustworthy social bargain that allows for additional uses that are in service to the data subjects and their communities. This allows for greater reuse of the data for social good purposes.

Organizations adopting the BD4D Commitments must continually ask themselves whether they have considered both the benefits and risks of a particular use of data, and must have engaged their community enough to understand its expectations and concerns. Would those affected be surprised to learn about the data use or sharing? If the answer to any of these questions raises doubt, then changes or additional consultation may be indicated.

There are also times when the Better Deal’s baseline requirements are not enough. In certain circumstances, additional protections are legally or ethically required. Human subjects research, for example, demands informed consent processes approved by Institutional Review Boards (IRBs). Some jurisdictions mandate specific opt-in consent for particular uses of sensitive data. In these contexts, the Commitments do not replace existing requirements—they reinforce them. Their role is to ensure that consent is not hidden in the fine print of an unread Terms of Service but is instead grounded in genuine understanding and respect for the people whose data is at stake.

Transparency

Transparency is a cornerstone of the Better Deal for Data. A key part of avoiding unpleasant surprises is being open about how data is being used or may be shared with others. Transparency builds trust, aligns expectations, and ensures that sharing activities remain ethical.

The form that transparency takes will depend on your community, your mission, and the sensitivity of the data being handled. In some contexts, it may be appropriate to publish a public list of each organization you share data with. In other cases, such as open sharing of aggregated data, a general description of the ways such data is being used may be sufficient. There may also be times when a new partnership is likely to be noticed or could raise questions, in which case making a special effort to inform the community about the collaboration is the most responsible path.

Moments of change are often the most critical times to focus on transparency. When an organization begins sharing sensitive data for the first time, the community may have legitimate concerns about how that information could be used or misused. Similarly, if the organization starts collecting new categories of data, such as shifting from simple program participation records to more detailed information about geographic location or household composition, expectations may need to be revisited. Commencing work with a new community brings its own challenges, since norms and assumptions about privacy and trust can differ widely in different contexts.

In each of these cases, responsible organizations should pause to ask whether additional disclosures or consultations are needed. Sometimes a simple notice may suffice; at other times, a more active process of community engagement might be necessary. For particularly sensitive changes, convening a representative group of stakeholders to review the plans can help ensure that the organization is meeting its obligations under the Better Deal for Data, while simultaneously reinforcing community trust.

Legal and Operational Data Sharing

Not all data sharing is extraordinary. In fact, much of it is routine and falls squarely within the BD4D Commitments. Most organizations must comply with legal requirements that occasionally obligate them to disclose data. Courts, regulators, or law enforcement authorities may require information under a jurisdiction’s laws. These disclosures are not surprising under the Better Deal, provided they are handled responsibly and affected individuals or communities are notified as soon as practicable. In this way, transparency and trust are maintained even when the organization has no choice about sharing.

Equally important is the recognition that every BD4D adopter relies on other organizations in the course of their day-to-day operations. Cloud service providers host program data, financial institutions process donations, accountants and lawyers handle sensitive records. Each of these partners receives access to some form of data, and the BD4D acknowledges that this kind of sharing is not only acceptable but necessary. The critical point is that such service providers are bound by agreements requiring them to treat the data as confidential and not to use it for any purpose beyond the service being provided.

For many communities, these operational practices are simply background infrastructure: invisible, routine, and widely accepted. Yet in other contexts, people may be unfamiliar with how much of their data touches outside companies or advisors. In those situations, community engagement may need to go a step further, offering clear explanations of how these partnerships work and why they are consistent with the BD4D Commitments and an organization’s mission. By demystifying the normal flow of data through trusted vendors and professional services, organizations can strengthen confidence that everyday sharing is both safe and beneficial.

Conclusion: What’s Missing?

The Better Deal for Data is intended to build trust through responsible use and sharing of information. As this paper has outlined, responsible sharing requires clarity about what kind of data is being shared, evaluating the risks of sharing, and transparency that avoids surprises. Taken together, these practices help ensure that data is used in ways that genuinely benefit individuals and their communities while respecting their rights and expectations.

At the same time, we know this is only a starting point. The real test of responsible sharing lies in practice—in the day-to-day decisions organizations make about how to balance risks and benefits, and in how communities respond to those choices. At this point, we would like to get even more feedback from the community, especially:

• What additional issues come to mind about this subject?
• What did we get wrong?
• What examples do you have of nonprofit data use which should be inside or outside the Better Deal for Data, or are simply puzzles to consider?

Delivering benefits, honoring agency, and operating transparently are central to sharing responsibly. Keeping these in mind while working with data not only reduces risk but also strengthens the trustworthiness of social sector organizations sharing data to advance their missions.

We are looking forward to many new questions and ideas as we work together to craft a usable Better Deal for Data.