GDPR Compliance

I have experienced several times that various companies purchased databases of e-mail addresses and other information about persons who may be potential customers of their commodities. Those companies used that information to send them their mail campaigns. Sometimes they receive information about clients that are retired, young, athletes or sorted according to various criteria. Many people asked themselves how they do now that I am retired recently or that I my kids just enrolled in secondary school. Many people felt embarrassed and confused after they realized that their privacy is not protected and that their private information is distributed to third parties without their consent.

Search engines often allowed anyone to easily find information about people that are registered in any on line system.

Sometimes journal editors while entering archives of previous issues of their journals, articles and information about authors in web applications such as OJS are faced with repetitious work of entering information about some authors.  Some of them asked developers to develop plugin which will enable that will enable them to have drop down list of users so they can easily select user and insert it in list of authors of some scientific article. They did not have any intention of making public that list or to use that feature anywhere except in administration panel of their web applications. But, their benevolent intention can in some contexts produce unpleasant consequences for some authors.  Thus, it is needed that privacy is protected by design not just by possible honest intentions of people who use data about other people.

Numerous complaints in previous years motivated legislators in the EU to pass by very strict rule that will protect data about people. The EU adopted General Data Protection Regulation.

“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”  It will have very strong impact on entities within EU and those which store and use information of the citizens of the countries that are the EU members. The EU General Data Protection Regulation (GDPR)  was approved by the EU Parliament on April 14, 2016 and enforcement day is May 25, 2018.  Organizations in non-compliance can face heavy fines.  It is important to read part on extra-territorial applicability which reads:

“Arguably the biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location. Previously, territorial applicability of the directive was ambiguous and referred to data process ‘in context of an establishment’. This topic has arisen in a number of high profile court cases. GPDR makes its applicability very clear – it will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not. The GDPR will also apply to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: offering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behaviour that takes place within the EU. Non-Eu businesses processing the data of EU citizens will also have to appoint a representative in the EU. ”

There is still time to be prepared and in order to do so properly please read the text of adopted text of The EU General Data Protection Regulation (GDPR).

 

Licensing – Open Access

In my work with editorial boards of scholarly journals I found often that they support idea of open access in general. But, it is not clear always that licensing itself from the legal point of view may be quite complex.  Heads of scientific libraries and editorial boards sometimes discuss for long time issues related to licensing issues.  Sometimes that takes too much time since their lawyers sometimes say:  “That license gives you framework for implementation of open access ideas, but in our legislation it will be hard to make defense at the court. ” Well, it might be quite useful to have close cooperation with lawyers, NGOs and other people involved in the development of legislative efforts and translate Creative Commons license and do necessary steps so it can be accepted and accepted in legislation in your country.

In some countries people register their work in national copyright agencies, but absence of registration does not imply absence of protection and copyright.

One of successful and viable licensing practices is to choose appropriate Creative Commons licenses for article, data set, images or other article components.  Scientists who would publish source code of software used and created in research may use free software licenses. Please note that license does not relate to the content on images, video in terms of privacy and other potential legal issues.  For example, video showing a woman doing breast self-exam can be from the point of video authoring protected by Creative Commons. But if video shows face of the woman showed in video recording her privacy is violated if she had not given clear consent for that previously.

Editorial boards and librarians should often visit the website of EIFL.  They made very useful Handbook on Copyright and Related Issues for Libraries.  Those who would like to learn more on use of Creative Commons and what users can do with Creative Commons licenses please visit page with information on webinar related to that topic.  Knowledge acquired from those resources can help you to be more efficient, productive and safe in your publishing efforts. Your administrator can insert appropriate licensing information in published content.

The Open Journal Systems can insert licensing information in the article metadata  automatically and save your effort and time.