Monthly Archives: May 2021

GDPR, three years on: five lessons on data privacy and libraries

When the General Data Protection Regulation (GDPR) came into force in 2018, it ushered in major changes in the policy dialogue and practice around data privacy – both inside the EU and globally. Three years on, libraries continue to work to uphold their ethical commitments to privacy in the evolving policy landscape.

The GDPR’s third anniversary gives occasion to reflect on the progress made so far, where discussions on data privacy, confidentiality and security stand today, and the implications of this for libraries. This blog presents five lessons:

1) Change is afoot, in Europe and beyond: The oft-cited trend of an emerging new generation of privacy laws continues; with legislation introduced, amended or currently under review in different parts of the world – from Canada to Brazil, Singapore to Australia.

In addition, with the ‘Privacy Shield’ framework for data exchange between the EU and the USA overturned, policy discussions around the privacy and security of cross-border data flows also remain high on the agenda. As such, mutual adequacy decisions and other arrangements further shape the global and local policy environments around data privacy.

Within Europe, Stakeholders are paying close attention to the outcomes of the implementation and ongoing enforcement of these policies. On the one hand, the past months saw a sustained growth in the number of breach notifications submitted and fines issued within the GDPR framework.

On the other hand, as a recent GDPR implementation progress report by Access Now notes, many complaints from private individuals are yet to be addressed; and data protection authorities and EU bodies flag some crucial challenges in enforcement – e.g. in the cross-national collaboration mechanism, national differences in implementation, and others.

The report highlights that GDPR is ‘still in its infancy’; but it is a flagship regulation that continues to have a significant impact on the global data privacy policy field. As such, for libraries around the world, it is worthwhile to keep up with these key developments as they continue to navigate their work with user (and employee) data.

2) It is not only governments that are changing their approaches: another emerging trend is private tech companies increasingly stepping into the roles of data protection stakeholders, and changing how online data flows unfold – e.g. with Apple’s software update and Google’s planned steps to reduce third-party tracking.

However, the reactions to these seem to be mixed – some celebrate the anticipated privacy gains, others express concerns over big tech having far-reaching capacity to act as data privacy regulators, and in particular whether private companies can ever be as accountable as public regulators. This does also raise questions about whether those companies already able to draw on the lessons of previous data collection will enjoy unfair advantages compared to competitors. Others noted that the benefits from privacy measures introduced by private companies may not be distributed equally – for example, with those who are able to afford more expensive devices ultimately enjoying higher privacy standards.

3) The relevance of GDPR and other privacy protections is greater than ever, including in libraries: it was under the framework of GDPR that the leap to digital during the pandemic took place. There are examples of how it helped inform the choice of medium for online programming (e.g. ruling out some channels, like WhatsApp). There are also examples of GDPR having an impact on whether some initiatives – like organised outreach to potentially vulnerable library users – were on the table.

But of course, as privacy remains an important consideration in many public discussions during the pandemic (e.g. contact tracing, vaccine passports), for countless librarians there is a heightened sense of responsibility and vigilance around data privacy.

As such, the year saw professional discussions, guides and toolkits put together to help libraries navigate privacy challenges during the pandemic – from contact tracing and temperature checks to supporting educators in protecting student privacy online.

When planning these adjustments and responses, going back to the basics – understanding the key building blocks of privacy today – can be helpful. For example, GDPR has helped shape the understanding of what personal data encompasses today – e.g. not just the obvious categories like names and addresses but also, for instance, graphic and photographic data, and so much more. It commits to principles like data minimisation – a concept which wasn’t new to libraries, of course, but nonetheless helpful in thinking about any organisation’s data management processes, and reducing risks and harms. All these elements and concepts can be helpful for libraries in structuring their thoughts on what privacy means today – even for those not falling under GDPR’s jurisdiction.

4) But it’s not always easy to enforce privacy: some of these measures are, of course, a matter of internal processes and are comparatively easier for libraries to implement (e.g. choosing a medium for online programming; maintaining strict policies and procedures in situations when contact tracing is required).

However, the past months also saw reflections on how it is significantly more difficult for libraries to keep up privacy standards, initially developed in an analogue world, in digital processes which involve powerful third parties.

These were exemplified in the library concerns around the surveillance capacities of academic library vendors (e.g. the ways vendors may use library patron data far beyond anticipated purposes, or even proposals for more intrusive data collection in academic libraries to enforce copyright).

Some of the proposed paths to solving these challenges include, of course, better understanding these phenomena, and supporting libraries’ work to renegotiate or recalibrate relationships and agreements with outside vendors.

5) Privacy and performance should not be seen as mutually exclusive: too often, it is easy to see privacy as a zero-sum game. However, this is not inevitable.

This was echoed during the discussions about public health interventions reliant on large-scale data collections: trading away privacy for other benefits is not always a helpful framing. Instead, built-in privacy which preserves and ensures trust in such public health interventions can help them find broader acceptance, while a lack of trust can undermine their success.

As a Data Privacy Toolkit by the Pacific Library Partnership puts it in the library context,

“Positive-sum verses “all or nothing” outcomes: taking a “we can have privacy or we can have this other thing” approach to privacy discussions leaves little to no room for discussions that address the privacy needs and concerns of everyone involved.”

 

The discussion about data privacy, of course, remains both technical and complex, and can at times feel overwhelming. But between ongoing efforts to identify practical measures libraries can take, their advocacy efforts, and an overarching commitment to privacy as a key part of their professional ethics, the work to ensure libraries deliver on this commitment continues!

World Information Society Day 2021: Adaptation, Innovation and Transformation

17 May marked the annual World Telecommunication and Information Society Day. This year’s theme, “Accelerating digital transformation in challenging times”, encourages libraries to reflect on their own digital journeys over the past year, and on the next steps in reaching global connectivity goals and ambitions.

For over a decade, libraries’ roles in the information society have been fairly well-established. The WSIS Tunis Agenda and the Geneva Plan of Action, as early as 2003-2005, sought to engage and support libraries as public access points, facilitators of digital skills learning, and champions of (cultural) content generation.

To this day, these elements reflect some of the key goals libraries pursue in their work to support meaningful digital inclusion. However, as the theme of this year’s WTIS Day highlights, the pandemic has accelerated the global digital transformation, and the past months have posed both a considerable challenge and an impetus for innovation as libraries shifted to digital.

Library innovation in challenging times

This included, of course, digitalising some of the core offers, such as expanding digital collections, introducing or broadening online reference services) and putting other traditional activities online (e.g. book clubs and storytime events).

But this year also saw libraries come up with creative ways to put forward diverse and expanded offers, such as virtual cooking and gymnastics events in libraries in Italy, or the ICT-enabled remote bibliotherapy and psychological support in libraries in Lithuania and Romania. There were various interesting ideas for digitally recreating various elements of library user experiences – for example, a “virtual study space” held by an academic library in Turkey through Zoom.

The sustained emphasis on using technologies as ‘a force for good’ also helps us think about the broader social impacts of such digital initiatives. For example, one approach to maximising libraries’ positive impact emphasised broadening their reach. There were many examples of libraries introducing or easing the process of digital membership applications and e-cards to make sure that more people can benefit from their services with the shift to digital. There have also been examples of libraries working to offer access to valuable materials without any restrictions on membership – like the Central Library in Tallinn setting up a digital access platform for ebooks available to all citizens.

Another way to understand the societal impacts is by focusing on how libraries worked to meet communities’ needs – for example, the many ways academic, school and public libraries supported the educational shift to digital. In Kenya, for instance, a community library set up a temporary multimedia studio which teachers used to conduct and livestream daily online classes.

Lessons learned and moving forward

The library actions listed above set out ways in which libraries are working to address the broader digital connectivity gap and inequalities that the pandemic has so sharply highlighted.

While examples such as these are inspiring and show the flexibility and adaptability of the global library field, all this of course depends on local circumstances and capacities. There were cases where the pandemic highlighted the need for library connectivity, better access to technologies, digital skills-building opportunities for librarians, or more supportive policy frameworks.

The need is great, and WTIS Day 2021 sets the goal not just of continuing, but rather of accelerating digital transformation. For libraries to play their part in more rapid progress towards meaningful digital inclusion, they will need to be properly recognised in national policies for meaningful digital inclusion. A good starting point is therefore the ITU’s own Connect 2030 Agenda – so what does it contain and what role can libraries play in helping realise it?

Libraries and the Connect 2030 Goals

The Agenda was developed by the International Telecommunications Union and its members to define the targets and transformations in the digital sphere needed to achieve the Sustainable Development Goals. It comprises 5 key goals – to power Growth, Inclusiveness, Sustainability, Innovation and Partnerships.

The first two goals contain indicators on digital inclusion and connectivity – both on the global scale and for developing countries and underserved user groups (i.e. women and people with disabilities) in particular.

Among these targets, there are areas where libraries already work to help their realisation – e.g. on the number of people using the internet, on the affordability of connectivity (which public access can help achieve), and digital skills.

The Agenda also sets out various targets focusing on digital policy frameworks, such as:

  • The “number of countries with a specific policy for ICT accessibility” (all countries by 2023);
  • “By 2023, all countries should have a National Emergency Telecommunication Plan as part of their national and local disaster risk reduction strategies”;
  • “By 2023, all countries should have policies/strategies fostering telecommunication/ICT-centric innovation”;
  • “By 2023, raise the percentage of countries with an e-waste legislation to 50%”

All these areas have already attracted interest and generated discussion within the library field. From the US, for example, we have insights on the role of libraries in crisis and natural disaster response – including their role in offering access to the internet, electricity, and in helping spread critical information during the crisis. Similarly, there are country-level case studies which outline the role libraries can play in supporting ICT innovation. For example, the ITU’s recent report on Moldova points out the contribution of the Novateca Libraries to helping build the soft (e.g. skills) and hard infrastructure which encourages innovation in the country.

As such, there are different ways libraries can contribute to these ambitions – and as more countries move to develop and adopt policies on accessibility, ICT innovation, e-waste and emergency telecommunication by 2023, it is well worth it for libraries to keep informed and engage with these policy dialogues in order to be recognised as partners in achieving success.