The Future of Data Privacy

ProQuest director of security and privacy information Dan Ayala briefed attendees on two European Union (EU) privacy laws.

The ProQuest breakfast on Saturday morning featured the information-content company’s director of security and privacy information, Dan Ayala, who briefed attendees on two European Union (EU) privacy laws that will take effect on May 25: the General Data Protection Regulation (GDPR) and the ePrivacy Directive. Any American firm doing business in Europe will be affected by this legislation, Ayala said, and they are already “forcing US companies to look at data privacy in completely different ways.”

Some corporations, Ayala said, are laboriously setting up two different privacy systems, one for Europe and another for the US. However, the major players are unifying their rules to comply with the GDPR, “which is an indicator that European trends are starting to become global trends. Facebook and Google just rolled out new privacy centers that are in effect throughout the world, not just Europe.”

Dan Ayala, ProQuest director of security and privacy information

The GDPR requires companies conducting business in the EU, including the many businesses providing services to US libraries, to ensure the following protections:

Increased territorial scope. Companies must comply if data is collected in the EU, even if it is processed elsewhere.
Explicit consent. Users must explicitly agree to privacy terms and conditions (including accepting cookies) before they can access a service or product.
Breach notification. Companies must let users know there has been a data breach within 72 hours of its discovery. (Compare the Equifax breach, which took the consumer-credit agency 70 days to notify the public about the massive amount of personal data that was compromised.)
Right to access. Users have the right to request any personal information that has been collected from them.
Right to be forgotten. Users may request that their data be erased.
Data portability. Users have the right to request personal information from other companies that have received it second- or third-hand.
Privacy by design. Companies should build their business processes with data privacy in mind from the beginning, not as an afterthought.
Data protection officers. Companies must have a readily identified person, detached from operations, who is responsible for data and privacy protection.

The ePrivacy Directive includes these provisions:

Users must be provided with clear and precise information on what data the cookies are collecting and must give their consent.
Personal data on users collected as part of normal business interactions (phone numbers, billing, IP addresses) should be stored for only a limited time.
Use of any data for marketing purposes must be agreed to by the user after accurate and full information is given by the provider.
The types of cookies used for site or product analytics (number of hits, delivered anonymously) do not require as close scrutiny as those used for marketing purposes.

Ayala said that as more information-related companies come into compliance with the new European regulations, libraries and their users will reap some benefits. “GDPR will change the data economy,” he said. “The old models will no longer be viable.” Companies will introduce more granular controls over how personal data is used, and librarians can train their users to be aware of the differences in transparency between various products and services. “Of course, US companies whose sole business is advertising,” Ayala said, “will not be giving up their control.”

Librarians should also feel free to contact the data security officer of any company that provides them with a service and express any concerns they have over data privacy. “More data transparency and openness will build a greater amount of trust among a company’s clients,” Ayala said. The data security officer is there to show that “user privacy is handled effectively and appropriately.”

Ayala admits that enacting any privacy laws in the US similar to those in the EU is extremely unlikely, given the political landscape and the problem of state versus federal jurisdiction. Thus data privacy will rely on voluntary compliance by American companies.

“Data will always be collected,” Ayala said, “but data collection does not necessarily mean there is a privacy violation. Companies must learn to serve the user and clearly state their principles on data use and sharing. If you collect it, use it wisely.”

Latest Library Links

5h

Libraries have a long history of helping to deliver on a wide variety of development goals, from literacy and school readiness to research productivity and urban cohesion. Their unique potential has been recognized not just by the governments or others that traditionally fund them, but also by a range of other funders, private and public alike. The International Federation of Library Associations and Institutions has created a dataset to help librarians easily discover examples of private philanthropic grants, as well as other funding sources, that other libraries have been able to leverage.”

International Federation of Library Associations and Institutions, Apr. 22
1d

Jackie Jennings writes: “It feels like the debate over whether #BookTok is bad has been raging since the moment the term was first coined. I’m starting off with a strong stance: BookTok is indeed bad. However, the problem with BookTok is not crappy books or bogus influencers. The problem with BookTok is TikTok itself. BookTok isn’t actually a community driven by fans, writers, influencers, or even publishers: it’s part of a social media corporation, controlled by the most mysterious, fickle god of all, the algorithm.” Not surprisingly, librarian recommendations can overcome some of BookTok’s limitations.

Jezebel, Apr. 18; Book Riot, Apr. 22
1d

ALA announced the launch of its state Intellectual Freedom Helpline grant program April 22. Over the next two years, 10 pilot program sites will operate a confidential reporting system that will help connect those experiencing censorship attempts with professional support, in-state peers, or referral to ALA’s Office for Intellectual Freedom, as appropriate. State or school library associations or agencies wishing to either establish an Intellectual Freedom Helpline in their state or expand existing efforts may apply for $10,000 grants through July 14.

ALA Office for Intellectual Freedom, Apr. 22
1d

In celebration of the release of his latest nonfiction title, The Secret Lives of Booksellers & Librarians, bestselling author James Patterson is honoring select American Bookseller Association and American Library Association members with bonuses. He announced plans April 11 to give $200 each to 250 library workers across the country. The deadline for ALA members may nominate members to receive bonuses through April 30. Winners will be announced at ALA’s 2024 Annual Conference in San Diego.
2d

Catherine Hollerbach writes: “In early 2020, when the world shut down for COVID, many people got interested in houseplants. Anne Arundel County (Md.) Public Library’s Crofton Library embraced this trend and then some!” While preparing to reopen after the COVID shutdown, the library installed plants at the information desk to discourage patrons from sticking their heads through gaps in newly installed acrylic shields. They were well received and cared for, and the library gradually added more plants and built educational tools, programming, and partnerships around the plants.

Public Libraries Online, Apr. 18
2d

Rodney Freeman writes: “I am proud to be a librarian—and rare. Less than 7% of librarians in the US are Black. Libraries symbolize the literacy that was denied to so many of our ancestors. For our enslaved forebears, something as fundamental as learning to read was illegal and dangerous, but they did it anyway. Separate but ‘equal’ schools and ‘colored’ libraries filled with cast-offs from white libraries were key features of the Jim Crow era. Today we are seeing the same impulse to distort access to information into a tool to suppress and control, and to make some people ‘other.’”

Newsweek, Apr. 16
2d

Lori Birrell writes: “Staff want to feel valued, and they want their work to have an impact. A reorganization process can help leaders to surface such areas of impact and give staff a feeling of empowerment and value. Practitioners considering any sized reorganization are strongly encouraged to consider what models and resources will best support them as they plan and lead this work. Regardless of the model or resources, any reorganization process should be more than just moving boxes and reporting lines around on an organizational chart.”

Library Leadership and Management, Apr. 15