The British artist Rachel Ara has experienced firsthand the institutional angst surrounding the increased data protection regulations that came into effect in Europe and the UK at the end of March. As part of her residency at the Victoria & Albert Museum in London, the artist—whose medium is data—is exploring the institution’s IT systems and the staff’s own struggle to use them.

Her exploration took on new weight as the museum, like other UK arts organizations, scrambled to meet the new standards of the General Data Protection Regulation (also known as GDPR, or the reason your inbox was flooded this spring).

Ara also has a large-scale, neon and digital work on show in the London Open, a triennial exhibition at the Whitechapel Gallery, that throws into relief arts organizations’ heightened sensitivity about the personal data they gather and store about visitors. In fact, she had to allay the gallery’s own anxiety about whether it was even legal for her to present the work in the first place. 

Rachel Ara, detail, This Much I’m Worth. (The self-evaluating art work) (2017), courtesy of the artist.

Potential Donors 

Since March 25, new data protection regulations have required cultural institutions across the UK to update their policies in order to clarify what kind of the information they collect about potential donors. The V&A, according to its website, “researches individuals who are publicly known to be art and/or design enthusiasts and collectors, or who are known to have been involved with similar organizations.”  

Meanwhile, Tate explains on its website that it has “legitimate interest” in identifying works of art that would complement the national collection but are beyond its budget. So the museum gathers information from published sources “with the aim of encouraging the owners of such works to donate them during their lifetime or upon their death.”  

Under the new rules, organizations need to be more careful and clear about how and when they use an individual’s personal data, says Felicity Spencer-Smith, the external affairs officer at the Institute of Fundraising, an organization for development professionals in the UK. Organizations must make sure they are collecting data only for a set of permissible reasons, one of which is a “legitimate business interest.” But they must make sure that they are processing the data for that purpose only, and that it is stored with a level of security commensurate with the sensitivity of the data.

Nevertheless, “organizations shouldn’t think that they always need donors’ consent to process data,” Spencer-Smith says. “They are likely to be able to use legitimate interest for a range of fundraising, for example prospect research, also known as wealth screening, as long as it’s done fairly and transparently.” Some fear, however, that museums’ “finesse” will now be lost in high-level fundraising, where what you know about people can be as important as who you know. 

Looking for a Job in IT?

The advent of GDPR has created not only heightened anxiety and uncertainty, but also new roles in some of the UK’s largest arts organizations. The V&A has decided to outsource much of its data protection work to an external consultancy, a spokeswoman confirms, but the museum is, nevertheless, hiring a “data protection and information compliance executive.” 

The starting salary for the full-time role is around £40,000 ($52,000) per year. That is higher than many curatorial roles at the museum: The starting salary for a senior curator at the V&A’s forthcoming east London branch, a two-year fixed contract position, was £36,546 ($48,000). It is also currently hiring an assistant researcher for a planned Buddhism exhibition on a one-year contract with a maximum salary of £24,000 ($32,000).

“That’s what happens in IT,” Ara tells artnet News. “Jobs like IT where you need a lot less of a brain have always paid higher, and that’s because it’s a gendered industry.” By contast, Ara says she was surprised to find so many female researchers in the museum’s curatorial department, until she realized “it’s because it’s paid so badly.”

Rachel Ara, This Much I’m Worth. (The self-evaluating art work) (2017), courtesy of the artist.

This Sculpture Is Watching You 

Ara’s sculpture at the Whitechapel Gallery, This Much I’m Worth. (The self-evaluating art work) (2017), caused a slight headache for the museum’s own data protection officers. The work tracks a variety of data points—social media posts, auction results, stock-market indexes, and even the amount of time visitors stand in front of it—to track its price in real time. The figure is calculated nightly offline by a complex set of algorithms; the neon numerals change as the cost fluctuates.

Ara is interested in—and makes visible—how the price for her work is informed by the gender, race, and sexuality of its creator. Her broader intention is to highlight industries where women are often excluded (like IT) or paid unfairly (like art museums).

Because two digitally networked cameras monitor visitors to help determine the price for the piece (which rises the longer people stand in front of it) Ara has had to allay the gallery’s concern that the footage might violate GDPR. She assured them that any footage captured would not be reused without the visitors’ consent. But the discomfort her work creates is intentional. “Banksy is breaking all sorts of law and he’s celebrated,” Ara points out. “Men get away with pushing the boundaries of the law more than women.”

Rachel Ara, American Beauty (a Trump L’oeil). Now installed at the Barbican Centre, strangely familiar orange hairpiece dances around the  Brutalist complex. Image courtesy of the artist.

Ara says that the work is not monitoring anyone in particular “or recording sound, which would be a bit intrusive.” But, she says, the mystery surrounding the algorithms is part of the concept. “Really, the piece is not that technical, but people will shy off and believe the consultants, who are the people I generally mistrust, having worked with them for about 30 years.” (Before she became a full-time artist, Ara worked as a computer programmer and IT consultant.) Noting that data protection consultants have been offering their services to artists, she asks: “How many consultants are coming out of GDPR and making money?”

Ara assured the Whitechapel that it is unnecessary to require each visitor to sign a consent form. “We worked closely with the artist on questions of visitor privacy and the Whitechapel Gallery takes GDPR seriously,” a gallery spokeswoman says. A sign telling visitors that they are being monitored by Ara’s work is due to go up. 

“London Open” is on view through August 26 at the Whitechapel Gallery. Rachel Ara’s installation, American Beauty (a Trump L’oeil), is on view through October 14 at the Barbican Centre in London.