A practical guide to privacy in libraries

Privacy is a core value of librarianship and yet as a concept, it is difficult to define and in practice, a challenge to uphold. This groundbreaking new book considers how privacy issues can arise in a library context and what library and information professionals can do to protect the privacy of their users. A Practical Guide to Privacy in Libraries features a wide range of practical examples of such issues, providing insights and practical steps which readers can follow. In-depth case studies and scenarios support the examples laid out in the book, while examples of data breaches which have occurred in a library setting, and the lessons we can learn from them, are also included. The book also covers the main legislation governing data protection – GDPR – which will be particularly relevant to European librarians, and international librarians offering services to EU citizens. The book provides a range of tools through which libraries can communicate how they handle the personal data of their users whilst ensuring that they are following best practice with their privacy policy statements, their privacy audits and data protection impact assessments. Privacy is not the same thing as data protection, and the book outlines the differences between these two concepts. Nevertheless, the book has been written with the requirements of data protection law very much in mind. Written in a highly practical manner, this book is essential reading for library and information professionals who need to understand and support privacy in the library setting and a useful reference for students and researchers in the field who need to understand this topic in practice.

Disclaimer List of figures and tables Table of statutes, etc. Table of cases Abbreviations Glossary of terms Preface 1 General law and background 1.1 Legal system 1.1.1 Common law system 1.1.2 Civil law system 1.2 Court system 1.2.1 England and Wales 1.2.2 Scotland 1.2.3 Northern Ireland 1.2.4 Judicial reviews 1.2.5 Tribunals 1.3 Sources of law 1.3.1 Progress of UK legislation 1.3.2 Law reports 1.3.3 Public international law 1.3.4 Websites 1.4 Legal concepts/terminology 1.4.1 Criminal law 1.4.2 Civil law 1.4.3 Tort (England, Wales, Northern Ireland)/Delict (Scotland) 1.4.4 Contract law 1.4.5 Property 1.5 Conclusions References 2 Library law 2.1 Localism Act 2011 2.2 Public Services (Social Value) Act 2012 2.3 Sustainable Communities Act 2007 and Sustainable Communities Act 2007 (Amendment) Act 2010 2.4 Public Libraries and Museums Act 1964 2.5 Local byelaws 2.6 Literary and Scientific Institutions Act 1854 2.7 Library Offences Act 1898 2.8 Prison library service 2.9 School library service 2.10 Equality Act 2010 (section 149: Public sector equality duty) References 28 3 Copyright 3.1 General principles 3.1.1 Copyright ownership 3.1.2 Term of protection 3.1.2.1 Unpublished works and the 2039 rule 3.2 Economic and moral rights 3.2.1 Risk management 3.3 Legislative framework 3.3.1 Berne Convention for the Protection of Literary and Artistic Works 3.3.2 Universal Copyright Convention 3.3.3 Trade-Related Aspects of Intellectual Property Rights 3.3.4 World Intellectual Property Organization Copyright Treaty 3.3.5 European directives on copyright matters 3.3.5.1 On the legal protection of computer programs 3.3.5.2 On rental and lending right 3.3.5.3 Harmonising the term of copyright protection 3.3.5.4 On the legal protection of databases 3.3.5.5 On the harmonisation of certain aspects of copyright and related rights 3.3.5.6 On the resale right for the benefit of the author of an original work of art 3.3.5.7 On the enforcement of intellectual property rights 3.3.5.8 Directive on the term of protection of copyright and certain related rights amending the previous 2006 Directive (‘Term Directive’) 3.3.5.9 Directive on certain permitted uses of orphan works 3.3.5.10 Directive on collective management of copyright and related rights and multi-territorial licensing of rights in musical works for online use in the internal market 3.3.5.11 Directive on certain permitted uses of certain works and other subject matter protected by copyright and related rights for the benefit of persons who are blind, visually impaired or otherwise print-disabled 3.3.6 European Regulations on copyright matters 3.3.6.1 Regulation on the cross-border exchange between the Union and third countries of accessible format copies of certain works and other subject matter protected by copyright and related rights for the benefit of persons who are blind, visually impaired or otherwise print-disabled 3.3.6.2 Regulation on cross-border portability of online content services in the internal market The Intellectual Property (Copyright and Related Rights) (Amendment) (EU Exit) Regulations 2019 3.3.7 UK legislation 3.3.8 Supplementary case law 3.4 Acts permitted in relation to copyright works 3.4.1 Fair dealing 3.4.1.1 What is substantial? 3.4.2 Non-commercial research 3.4.3 Private study 3.4.4 Illustration for instruction 3.4.5 Quotation 3.4.6 Criticism and review 3.4.7 News reporting 3.4.8 Caricature, parody and pastiche 3.4.9 Text and data mining for non-commercial research 3.4.10 The library provisions in the CDPA 3.4.10.1 Copying by librarians on behalf of their users 3.4.10.2 Libraries and educational establishments making works available through dedicated terminals 3.5 Licensing 3.5.1 Copyright Licensing Agency 3.5.2 NLA Media Access 3.5.3 Design Artists Copyright Society 3.5.4 Ordnance Survey 3.5.5 The National Archives 3.5.6 Creative Commons 3.6 Digital copyright 3.6.1 Internet 3.6.2 Right of communication to the public 3.6.3 Hyperlinking and deep linking 3.6.4 Database regulations 3.6.5 Archiving and preservation of digital content 3.6.6 Licensing of electronic resources 3.6.7 Digital rights management systems 3.6.8 Digital signatures and copyright declaration forms 3.7 Copyright clearance 3.7.1 Databases of rights owners 3.7.2 Orphan works 3.7.2.1 Orphan works licences 3.8 Open access 3.8.1 Further information 3.9 Ethical and professional issues and conflicts 3.10 Further information References 4 Legal deposit 4.1 Introduction 4.2 General principles 4.2.1 Print material 4.2.2 Non-print material 4.3 Enforcement 4.4 Copyright and use of legal deposit material 4.5 Online defamation 4.6 The future 4.7 Further information References 5 Breach of confidence 5.1 General principles 5.2 Obligation of confidence and the Freedom of Information Act 5.3 Remedies 5.4 Trade secrets 5.5 Case law on breach of confidence 6 Contracts and licensing agreements 6.1 General principle 6.2 Negotiating licences 6.2.1 Factors that can make or break a deal 6.3 Consortia and standard licences 6.4 Technology solutions 6.5 Use of passwords for licensed products 6.5.1 Usage data 6.6 Further information References 7 Data protection 7.1 Introduction 7.2 General principles 7.2.1 The GDPR and the DPA 2018 are constantly evolving 7.2.2 Related legislation 7.3 The six data protection principles 7.3.1 First principle 7.3.2 Second principle 7.3.3 Third principle 7.3.4 Fourth principle 7.3.5 Fifth principle 7.3.6 Sixth principle 7.4 Accountability 7.4.1 Documentation requirements 7.4.2 Codes of conduct 7.4.3 Certification 7.5 Processing of personal data 7.5.1 Legal bases for processing 7.5.2 Processing of special categories (sensitive personal data) 7.5.3 Consent 7.5.4 Transfers of personal data to a third country or an international organisation 7.6 Exemptions 7.7 Privacy notices 7.8 Register of fee payers 7.9 Rights of the data subject 7.9.1 Compensation 7.9.2 Credit reference agencies 7.10 Data breaches 7.10.1 Causes of data breaches 7.11 Data protection impact assessments 7.12 Fines and prosecutions 7.12.1 Prosecutions 7.13 Data protection issues for libraries 7.13.1 E-books – privacy concerns 7.13.2 Electoral roll information in libraries 7.13.3 Radio Frequency Identification 7.13.4 Outsourcing 7.14 Data protection standards 7.15 How to protect your information 7.16 Identity theft 7.17 Further information References 8 Privacy 8.1 General principles 8.2 Obligation of confidence versus breach of privacy 8.3 Codes of practice 8.4 Injunctions 8.5 Privacy and libraries 8.6 Case law 8.7 Further information References 9 Freedom of information 9.1 General principles of freedom of information 9.2 The Freedom of Information Act 2000 (FOIA) 9.2.1 Local authorities 9.3 Publication schemes 9.4 Datasets 9.5 Copyright implications of the FOIA 9.6 Freedom of information and library and information professionals 9.7 Freedom of information rights and request procedures 9.8 Exemptions and appeals 9.9 Enforcement 9.10 The Environmental Information Regulations 2004 (EIR) 9.10.1 What is environmental information? 9.11 Freedom of information in Scotland 9.12 Freedom of information and data protection 9.12.1 Fees and charges 9.12.2 The time limit for responding to requests 9.12.3 The exemptions 9.13 European Union documents 9.14 Further information and keeping up to date 9.14.1 Organisations 9.14.2 Journals 9.14.3 News feeds References 10 Human rights 10.1 General principles 10.1.1 Human Rights Act 1998 10.1.2 Fundamental Rights Agency 10.2 Guiding principles for library and information professionals 10.3 Human rights and data protection 10.4 Human rights and copyright 10.5 Human rights and freedom of expression 10.6 Further information References 11 Re-use of public sector information 11.1 Background 11.2 General principles 11.3 Public task 11.3.1 The ‘public task’ of public sector libraries 11.4 UK government licensing framework 11.4.1 UK Open Government Licence 11.4.2 The non-commercial government licence 11.4.3 The charged licence 11.5 Right to data 11.6 Charging 11.6.1 Public/private partnerships and exclusivity deals 11.7 Complaints procedure 11.8 New Open Data and PSI Directive 11.9 Further information 11.9.1 Organisations 11.9.2 Publications References 12 Defamation 12.1 Introduction 12.2 General principles 12.3 Slander 12.4 Libel 12.5 Defences to libel 12.5.1 Truth 12.5.2 Honest opinion (previously known as fair comment) 12.5.3 Publication on a matter of public interest (Defamation Act 2013 section 4) 12.5.4 Operators of websites who didn’t post the statement on the website (Defamation Act 2013 section 5) 12.5.5 Peer-reviewed statements in scientific or academic journals (Defamation Act 2013 section 6) 12.5.6 Privilege (Defamation Act 2013 section 7) 12.5.7 The offer to make amends 12.6 Remedies 12.6.1 Civil action for damages 12.6.2 Costs 12.6.3 An injunction/interdict to prevent repetition 12.7 Defamation and the internet 12.7.1 The liability of internet service providers for other people’s material 12.7.2 The application of the limitation period to online archives and the introduction of the single publication rule 12.7.3 Exposure of internet publishers to liability in other jurisdictions 12.7.4 The risk of prosecution for contempt of court 12.7.5 Social networking sites 12.7.6 E-mail libel 12.8 Checklist References Notes 13 Professional liability 13.1 General principles 13.2 Contract 13.3 Tort (delict in Scotland) 13.4 Liability and electronic information 13.5 Liability for copyright infringement 13.6 Risk management 13.7 Indemnity and insurance References 14 Cybersecurity and cybercrime 14.1 Background 14.2 Cybersecurity and cyber essentials 14.3 Council of Europe Convention on Cybercrime 14.4 The Computer Misuse Act 1990 14.5 The Network and Information Systems Regulations 14.6 Hacking 14.7 Viruses, worms and Trojans 14.8 Intellectual property infringement 14.8.1 Plagiarism 14.8.2 Software piracy 14.8.3 Making illegal downloads of music files 14.8.4 Other examples of copyright abuse 14.9 Pornography 14.10 Fraud 14.10.1 Phishing 14.10.2 Pharming 14.11 Denial of service attacks 14.12 Acceptable use policies 14.13 Communications Act 2003 References 15 Disability discrimination 15.1 General principles 15.2 Copyright and the disability exceptions 15.3 The Right to Read 15.4 Website accessibility 15.5 Further information 16 Other legal issues relevant to librarians 16.1 Introduction 16.2 Police, surveillance and libraries 16.3 Cloud computing 16.3.1 Escrow agreements 16.3.2 Data protection issues 16.3.3 Ownership of the data 16.4 Stocking extremist/controversial literature 16.5 Censorship 16.6 Theft or mutilation of rare books 16.6.1 Examples of theft by library users 16.6.2 Examples of theft by library staff 16.7 Lending of audio books and e-books by public libraries 16.8 Further information References Appendices Appendix 1 Brexit and the orphan works exception Appendix 2 CILIP's ethical framework Index