Tag Archives: data protection

What Data Privacy Means for Libraries in 2020

January 28th marks the Data Privacy and Protection Day. First introduced by the Council of Europe in 2006, it aims to raise public awareness and understanding of what happens to people’s personal data and the rights they have to privacy and data protection; and to highlight good practices in this area. Privacy has traditionally been a fundamental value for libraries – and this day offers an opportunity to reflect on how the latest technological and social developments shape the roles and duties of librarians in championing privacy in the digital age.

Privacy has long been established as a fundamental operating principle for libraries – enshrined, for example, in IFLA’s statement on Privacy in the Library Environment and Code of Ethics for Librarians and other Information Workers, and the many Codes, Principles, Frameworks and Statements by libraries and library associations around the world. As library services and practices evolve in the digital age, this commitment has taken on new aspects and dimensions; and the past year has seen many data privacy-focused discussions both within and outside the library sector.

What happened in the privacy field over the last year?

Data privacy questions and challenges remained high on the agenda and in the public consciousness throughout the last year. While 2018 already saw the landmark EU General Data Protection Regulation come into force, its knock-on effects continue to reverberate throughout the world, prompting a ‘widespread reform of data privacy regimes around the world’, and changing how we think of data collection rights and practices.

Throughout 2019, there were more widely-publicised data leaks and breaches – the Digital Watch Observatory estimates a 100% increase in the number of records exposed from last year; more formal investigations launched into big tech companies data collection practices, and more reports and studies into how big tech and popular applications handle user data.

Privacy concerns have featured heavily in 2019’s extensive discussions about online advertisement models, particularly in the questions of profiling and the public outrage over targeted political advertisements and their implications for democratic processes. Data privacy questions were also a key dimension in the past year’s discussions about the ethics and human rights implications of advanced and emerging technologies (especially applying Artificial Intelligence for facial recognition purposes), digital ID programmes, ’smart’ cities, homes and devices.

As data privacy remains high on the agenda coming into 2020, we have yet to see the full impacts of these discussions and developments. Views on the progress made in defending users’ data privacy rights are mixed, with some assessments noting a few improvements made by large companies despite critical gaps remaining. Others, for example, note the discrepancy between the changes in rhetoric on privacy among some big tech companies and their continued market dominance, discussing its implications for the attempts to regulate data privacy more strictly.

Libraries and data privacy, heading into 2020

Against the backdrop of these trends, libraries are also grappling with the implications of technological developments for patron privacy. This relationship is often understood to include at least two broad dimensions:

  • patrons’ privacy considerations in light of libraries’ own services and practices,
  • the role of libraries as educators, helping patrons develop the skills to understand privacy concerns and trade-offs and make informed choices in their daily lives.

For example, as more libraries begin to adopt and make use of tools based on Artificial Intelligence, it is important to carefully consider their impacts on patron privacy. Here, different tools and use cases can carry different implications – the risks may not be the same, for example, for literature search tools and chatbot applications. Other potential library uses of digital tools which can warrant careful examination include library use analytics and commercial online marketing services.

The latter example highlights a crucial related issue: library patrons’ privacy is increasingly determined not by library policies and practices alone, but also by the policies of third-party vendors and services. A 2019 issue of Research Library Issues, for example, incudes a discussion on libraries’ use of licensed third-party sources. It points out the importance of adding privacy clauses as licenses are established or renewed, assessing the potential of a significant class of online learning materials for massive data collection, as well as minding the privacy questions posed by authentication technologies.

Going forward

In light of such considerations, it is important for libraries to make carefully weighted choices and informed decisions. Overall, libraries’ continued commitment to the values of privacy can easily be seen in the many, many initiatives they dedicate to helping protect their users’ data privacy inside and outside of the library.

Libraries include data privacy and security into their digital skills training programmes or offer stand-alone courses on data privacy, participate in education initiatives, raise awareness, develop learning resources for patrons or fellow librarians, organise and follow trainings to be effective protectors and advocates of data privacy.

Such educational measures and are particularly crucial today, when so many people feel like they have little control over their data privacy. A 2019 study by PEW Research shows, for example, that more than 80% of Americans feel that they have little or no control over the data collected about them.

Libraries and librarians also remain vocal advocates for privacy. From an individual school librarian advocating for careful consideration of student privacy when adopting edtech technologies in her institution, to a group of university libraries drafting and signing a new Statement on Patron Privacy and Database Access, to many American and Canadian librarians vocally opposing changes to a popular learning resource to safeguard their patrons privacy, they continue to speak up for the privacy of their users within and outside the library walls.

A few steps libraries can take to protect user privacy today include:

Following the discussions. Follow the current discussions on data privacy – for example, by exploring sections dedicated to privacy and data protection on such platforms as the Digital Watch Observatory and the Mozilla Internet Health Report; and stay informed about relevant regulatory and legislative initiatives in your area.

Exploring the topic. Explore available primers and educational resources from both within and outside the library sector to learn more about the subject. There is a wide range of webinars, primers and publications available – such as the IFLA webinar on the GDPR, the Data Privacy Project learning modules, the Data Detox Kit, and more.

Protect user privacy. Make use of available guidelines and toolkits to protect and promote user privacy within the library – for example, the Guide to Privacy prepared by CILIP, Newcastle Libraries and the Carnegie UK Trust.

Raising awareness. Mark Data Privacy and Protection Day by raising awareness!

Into the New Decade: Key Internet Governance Trends for Libraries

The year 2019 marked the 30th anniversary of the World Wide Web. Entering a new decade presents an opportunity to reflect on what major Internet Governance trends were relevant for libraries over the course of the last year, and how me might see these trends take shape in the coming future.

Reckoning with the ‘techlash’

Already in 2018, ‘techlash’ – “a strong and widespread negative reaction to the growing power and influence of large technology companies, particularly those based in Silicon Valley” – made it to the Oxford Dictionaries’ Word of the Year shortlist. 2019 saw the phenomenon grow, with tech giants facing more scrutiny and pressure to address a wide array of challenges, from privacy to misinformation, as well as an  increase in privacy and data protection investigations that tech giants face.

Facebook was handed an unprecedented fine by the US Federal Trade Commission for privacy violations linked to the Cambridge Analytica scandal; privacy complaints in relation to Google’s online advertising practices were filed to data protection regulators in several countries in the EU; EU antitrust regulators launched an investigation into Google’s data collection and use; the Data Protection Commissioner in Ireland opened a third investigation into Apple over privacy concerns – these are just a few examples of the increasing pressure the tech industry is facing.

How exactly the increasing pressure will shape the work of online platforms remains to be seen. For example, responding to growing concerns over political advertisements (particularly in the contexts of misinformation and microtargeting), Twitter issued a near-full ban, Google limited the scope of targeting to general data, while Facebook has so far excepted most political advertisements from fact-checking.

Such concerns – in particular online platforms’ handling of user data and privacy – have relevance for the library sector. To give a prominent example, 2019 saw American and Canadian strongly and vocally oppose LinkedIn’s changes to a popular online education platform Lynda.com because of privacy and confidentiality concerns. The introduction of planned changes has since been paused.

Overall, the views on the ‘techlash’ narrative may vary: whether it can meaningfully stir the internet towards openness and inclusivity, and whether the regulatory initiatives it prompted can have negative effects if not carefully assessed beforehand. In any case, 2019 saw the phenomenon gaining more momentum – and the upcoming policy responses can have a significant impact on the shape the internet will take in the future.

A fragmenting internet?

In her speech at the 2019 IGF, Federal Chancellor Dr. Angela Merkel pointed out the efforts of some state actors to “seal their nets off from the global internet”. An increasingly fragmented internet can have various negative consequences, she warned, from surveillance to infrastructure vulnerability to censorship.

The concerns over ‘splinternet’ are not new – but 2019 saw a number of prominent government initiatives to exercise control over the internet within state borders (and at times beyond). On the one hand, there are the much-cited examples of China’s Great Firewall and Russia’s reportedly successful test of a country-wide alternative internet in December 2019.

A parallel issue is internet shutdowns – a growing phenomenon, jumping from 75 instances in 2016, 106 in 2017, to 196 in 2018. The trend continued in 2019; while the final tally is yet to be offered (the Shutdown Tracker Optimization Project counts 128 between January and July), we already know that the year saw a record for longest shutdown in a democracy, as well as other shutdowns across South Asia, the MENA region, Sub-Saharan Africa and beyond.

Fragmentation can go much deeper than these readily apparent cases, though. A landmark 2019 Internet and Jurisdiction report points out that the internet can become “less borderless” due to both technical and regulatory developments. The latter includes fractured and diverse state-based norm setting in such areas as extremist content and hate speech online, privacy, defamation, misinformation, and other matters related to online expression – as well as those related to security and economy. The jurisdictional tensions can give rise to increasing legal uncertainty, which

“increases the cost of doing business and creates challenges for governments seeking to protect their citizens and ensure respect for their laws. It may also prevent internet users from accessing as broad a range of content, as they otherwise could, and raises civil society concerns that abuses are not properly addressed, or that attempted solutions will harm users.”

The questions surrounding both internet shutdowns and fragmentation are relevant for libraries. In the short term, shutdowns and slowdowns prevent libraries from going their job fully; and fragmentation can impact libraries working to make digital materials available across borders, potentially obliging them to cope with laws and other rules from a wide variety of jurisdictions.

In the long run, both trends can mark major steps backwards from wider access to knowledge and information. Future regulatory efforts in these areas can therefore have a significant impact on their work – and it remains to be seen how these trends evolve in 2020.

Governance of new technologies, applications and services – as well as data

Throughout 2019, the Geneva Internet Platform’s Barometer of Trends repeatedly marked an increase in relevance of new technology issues – such as those pertaining to AI and Internet of Things – within internet governance discourse. In the last few years, new applications have prompted engaged and contested political conversations due to their potential societal, political, economic and cultural impacts.

To name one example: 2019 saw increased public concerns over the risks associated with facial recognition technologies, particularly in the areas of privacy and non-discrimination. Several cities in the US banned the technology, while elsewhere, different countries’ regulatory stances are diverse.

As regulators and the society at large continue to grapple with the questions of new technologies’ ethical and societal implications in 2020, libraries can follow (and take part in) the discussions. This ensures that libraries interested in adapting and making use of new technologies and services can make informed choices that align with core library values and patrons’ interests.

In addition, some predictions foresee that privacy and data regulation policy debates will intensify. While the EU General Data Protection Regulation will have already been in effect for two years in 2020, the California Consumer Privacy Act only came into effect on January 1, 2020, and other regulations are still under deliberation – e.g. India’s consultations on the Personal Data Protection Bill and other U.S. states considering their own privacy regulations. In light of the questions that the era of Big Data poses for libraries, particularly around privacy, it may well be worthwhile for the library sector to keep track of how this policy field develops further in the coming year.

These are some of the key Internet Governance trends from 2019 that may see further developments in 2020 – and can have implications for the library sector. The internet remains crucial to libraries – both in their daily work and in relation to their broader values of access to information and intellectual freedom. That is why in the coming year IFLA will continue to engage with Internet Governance forums – and encourages libraries to get involved in internet governance platforms and discussions as well!

What’s On Online? Current Issues for Libraries in Internet Governance and Policy

The core mission of libraries is to provide people with access to information. With flows of information increasingly taking place online, our institutions have a major interest in the way the Internet works.

In December of this year, the world will celebrate 50/50 – the point at which the share of the world’s population with Internet accesses passes 50%. This will be a success to celebrate, but also a reminder of how many people remain unconnected.

Moreover, serious concerns remain about the way in which the actions of governments and private actors can affect this access, and whether people themselves are equipped to make best use of the possibilities.

In short, if people do not have access, or if this access is subject to restrictions, then the mission of libraries cannot be achieved. This blog lists a few of the issues currently on the agenda.

 

Delivering Access – New Tools?

As highlighted in the introduction, the celebrations around giving half of the world’s population access to the Internet will be clouded by the fact that the other half remain offline. While the unconnected are concentrated in developing countries, there are still minorities in richer countries who are cut off.

New technologies and techniques are emerging for getting people online. Major Internet companies have their own projects for giving access, through satellites, balloons and other tools. While Facebook, for example, has apparently given up on its plans to use drones, it is now investing in satellites.

One technology is TV White Space (TVWS), promoted by its supporters as a particularly smart means of bringing Internet to remote areas. It works by using frequencies which currently are not being used for television, and dedicating them to WiFi. A number of projects using this approach are at work in the United States and Colombia.

There are also efforts by cities and wider communities to set up new networks. Sometimes these are run by local governments who recognise the value of faster connectivity (‘municipal broadband’). Sometimes, it’s residents themselves who come together to establish ‘community networks’.

In both cases, they bypass traditional Internet Service Providers (ISPs), often accused of doing too little to invest in higher speeds.

However, such projects need favourable regulation to work. With radio spectrum usually ‘owned’ by government, there are ongoing questions about who can access this for TVWS projects. There are also stories of restrictions on use of telegraph poles being used to prevent municipal fibre projects.

In addition, there have been some signs of renewed interest in Universal Service and Access Funds (USAFs). These collect funds from taxes on telecommunications providers in order to support connections to poorly served areas and populations.

However, they are frequently under-used, and can be subject to the same risks of corruption and bureaucracy as other parts of government. A recent report from the Alliance for Affordable Internet (A4AI) underlines how, if properly deployed, they could make the difference for women in Africa for example.

Libraries are both beneficiaries of better connectivity, and potentially drivers of new projects. To do this, they will need the right regulations and financial support to be able to give their users – and their communities – effective access to information.

 

Delivering Content – New Threats?

Yet not all connections are equal. Even when the cables are laid, or the masts turned on, what a user can see online will depend on the rules and practices in place.

The role of government is a key concern. Governments continue to engage in complete or partial shutdowns, as well as in focused censorship.

AccessNow’s monitoring of shutdowns shows that these are depressingly frequent, with everything from national security to school exams offering an excuse. The collateral damage caused by these moves – to businesses, to medicine, to citizens’ daily communications, is significant.

Censorship continues to be a problem. At the end of April, the anniversary of Turkey’s ban of Wikipedia was marked. Freedom House’s 2017 Freedom on the Internet report showed record levels of online censorship and blocking. Steps in Tunisia, for example, to oblige bloggers to ‘register’ are also worrying.

Meanwhile, concerns about ‘fake news’ have served as an excuse for some governments to take dramatic action against both writers and websites. Cambodia, Azerbaijan and Vietnam provide some recent examples. In parallel, as Freedom House (mentioned above) underlines, governments are also more than ready to share disinformation themselves using the same tools.

Yet it would be a mistake to focus only on government. As technology advances, and with it the possiblity to use data to make new connections and offer new services, the risk to personal information grows.

The Cambridge Analytica scandal, as well as other cases of dubious practice by major Internet firms, have shown what can be done with personal data. Data ethics has become a new area for discussion, closely linked to the explosion in the volumes of information collected online (including by the Internet of things).

The entry into force of the General Data Protection Regulation in the European Union offers a response, but much will depend on how effectively people take up the new possibilities it creates. Similar rules appear to be spreading to California and Brazil, and data protection is an increasingly high-profile issue in trade discusisons.

Furthermore, net neutrality remains on the agenda. In the United States, the resistance to moves by the government to allow companies to discriminate continues at federal level. Individual states are passing their own laws to guarantee equal access to all content as far as possible.

Elsewhere, the news is better, with India underlining its support for net neutrality, and steps in some countries at least to do away with zero-rating offerings (i.e. allowing users to access some services without this counting towards their data caps).

An additional issue arises where private companies are pressured to take steps that governments themselves cannot.

As highlighted by the UN Special Rapporteur on Human Rights, platforms are not independent. They can be pressured, for example, to block certain types of content (‘fake news’, explicit content, extreme content), or apply rulings such as the European Union’s right to be forgotten principle.

In doing so, they take on similar powers to governments or courts, but with less oversight or control. Moreover, when governments pass laws that only create incentives to block content, there is no guarantee that legal content will be defended. Laws such as FOSTA and SESTA in the United States and anti fake-news laws in Germany and France risk doing just this.

For libraries, this is an issue of growing importance. The content to which libraires give access is increasingly online, rather than on-the-shelf. And libraries are committed to broader access to information as a driver of development.

While there is a case for acting against specific content that genuinely poses a threat, indiscriminate restrictions imposed by governments or companies, including the chilling effect that surveillance and data-collection can create, are bad news for libraries.

 

Delivering Skills – New Focus?  

A final area of focus is on individuals themselves. Even where there is connectivity, and the connection is not subject to unjusitified restricitons, citizens themselves need the skills and confidence to get online.

As Pew Internet Centre research showed recently, a falling share of people see the Internet as only having brought benefits for society. Other surveys suggest growing levels of distrust and concern about about the risks encountered on the Internet.

There is a risk, when faced with such worries, that governments will feel empowered to take more restrictive stances (i.e. banning non-mainstream content). As a result, the need to give citizens themselves the confidence to deal with what they find online themselves is growing.

Digital skills training, however, remains minimal in many cases. This can be down to a lack of equipment, a lack of capacity among teaching staff, or simply a failure to update teaching. Moreover, digital skills cannot only be a task for formal education.

Meaningful digital skills training, as highlighted in IFLA’s statement on digital literacy, needs to be about more than just coding (important, but for now unlikely to be relevant to everyone in their future lives), and focus on a broader range of competences.

This should include, notably, an updated version of media and information literacy, adapted to a digital age. It may well also require a renewed focus on some of the ‘soft skills’ which are also important in the offline world.

A number of countries are adopting more holistic curricula, and the OECD is already incorporating concepts such as ‘problem solving in a digital environment’ into its own work. But we are likely to see more moves among governments to develop more comprehensive packages of skills and training in coming years.

Libraries are natural partners for delivering such skills, at least when they are suffficiently equipped and staffed. As welcoming places open to all of the community, regardless of age, they can complement the work of formal education.

With a focus, also, on providing the information (and information literacy) to meet real life needs, they can play a real role in shaping digital skills training for all.

 

The Internet’s potential to accelerate development is high, but not inevitable. As this blog indicates, there is a regular stream of questions, of doubts. How to make full use of all possibiities to get more people connected? How to avoid overreacting to ‘fake news’ and concern about certain content? How to give people the confidence they need to use the Internet effectively?

All are questions with a real importance for libraries, and to which libraries can help provide solutions.