How can I get my gallery to disclose the names of my buyers?
This article answers a question that artists regularly ask our legal specialists. So is the Data Protection Act just an excuse and how can you convince your gallery to share with you the names of the buyers who have bought your work?
The Data Protection Act was passed in 1998 and the consequences here are competing interests between an artist and a buyer.
While there is a duty between agent and principal, ie, the gallery and the artist, there is an opposing duty between the gallery and its clients or buyers in regard to any “personal data” they collect. Personal data includes the name and address. The nature of that duty is complicated here.
The basic premise of the Data Protection Act is the “First Principle” which says that data must be processed fairly, and there are then 7 other principles expanding on what that means in practice.
The key players are the Data Controller (essentially the person who controls the data), the Data Processer (essentially anyone along the chain who does anything with the information, for example, someone who owns a server, or in this case an agent collecting data for a principal) and the Data Subject (the person to whom the data relates).
Here, the gallery client/ buyer is clearly the data subject and who’s interests the Data Protection Act sets out to protect.
The gallery’s role is less distinct as the gallery could be a data controller or a data processor. Where the buyer is already a client of the gallery, or on the gallery’s mailing list, it is likely that the gallery is the data collector, having collected the data for its own use in relation to a shifting stable of artists and that the purpose for which data has been provided is to receive gallery news. Unless the buyer has agreed that data can be shared with a third party, such as artists the gallery represents, the gallery is not at liberty to share that data.
However, where the buyer had been invited by the artist, or turned up randomly, the position is less than clear cut. Then, it could be argued, that the buyer’s data has been given to the gallery as their agent. In this scenario, the gallery would be a data processor and the questioner the data controller. However, as mentioned, there is not a free reign to use the data. A data controller is primarily responsible for ensuring compliance with the “Data Protection Principles” . Detailed information of the nature of these obligations is available on the Office of the Information Commissioner’s website.
One of the principles (Principle 5) states “Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes”. So, unless there was some clarity given by the artist at the outset; and the buyers were aware of and agreed that their details might be used in the future for ongoing communications with the artist beyond the sales transaction, then it is unlikely that the gallery could hand over the details.
These principles can also extend to corporate collections where the individual responsible for buying is identifiable.
If an artist wanted to override the provisions of the Data Protection Act to require the gallery to disclose the buyer’s identity, this would need to be by court order which would be a timely and costly route.
The real take away point for artists is to understand that given the requirements of data protection legislation, they are advised to discuss the issue with their gallery or dealer / agent and ensure that the gallery or dealer/agent is able to hand over buyers’ details and/or that the artist is able to include website details or other personal contact details with the work.