Letter from the Executive Director
Last week, it seemed as if the entire U.S. corporate world woke up to the fact that some people, notably Europeans, care about their privacy and that companies should do something about it. What exactly corporations are doing, insofar as one can tell, seems to be modest. Now ubiquitous pop-up banners appear on websites to inform the visitor that the site is using cookies and tracking clicks, regardless of any user desire not to be tracked. Many companies have revised their privacy policies and are sending out confirmation notices to ensure that recipients opt-in to remain on mailing lists. Some companies have set up new privacy-setting pages or have made gestures in the direction of one’s ability to delete, correct or move one’s data. As someone who cares deeply about privacy, I’m pleased about any movement toward greater privacy protections and am thankful for the E.U.’s GDPR rollout.
A few years ago, NISO led a project, with support from the Mellon Foundation, to develop a set of principles related to privacy of library patron data in third-party systems. The resulting NISO Privacy Principles were meant to be a starting point for the community to drive forward conversations about privacy with the software-supplier and publisher communities. The conversations did push several companies toward greater privacy engagement and controls, which, if followed, would make GDPR adoption less onerous. That project also led to subsequent conversations and an ongoing Interest Group within the Research Data Alliance on privacy concerns related to the sharing of research data sets. That project is close to finalizing its recommendations in advance of the next RDA plenary this fall.
Concerns about privacy came up again during the in-person meeting NISO hosted last week on authentication and access control systems in libraries. This meeting was terrific (thanks to all who participated!), with some deep conversations taking place about these critical systems. Of note was a robust conversation among the participants regarding the NISO-STM project on Resource Access in the 21st Century (RA21): the underlying technology that the RA21 project is built upon is the SAML attribute exchange and the supporting identity federation community. This system is not privacy protecting by default, because of the variety of use cases that the system supports (e.g., course-system login). By nature, if a student is accessing one of these systems, the identity system must pass along an individual’s personal information to provide access to the appropriate student-specific information (courses, grades, homework, professor messages, etc.). Since most academic institutions already have this structure in place, it made sense for RA21 to build upon it. However, that does not mean that the RA21 system will require (or even request) such personally-identifiable information. The RA21 project is trying to achieve a very simple goal: to store a patron’s preferred institutional identity provider, such that the login process through SAML services is simpler and less confusing. It is not designed to store personally identifiable information such as user logins, nor is its goal to track individual patrons without their consent. A privacy and security review of the two pilot technologies being considered reported that there was minimal risk to either approach when it came to exposing user data via the RA21 system, basically because the proposed solutions do not store these data. Furthermore, the project’s leadership has agreed to use the GDPR as its guide, but also to incorporate the NISO Privacy Principles in its final framework as well. The specifics still need to be worked out in the drafting of the recommendations. In addition, during her talk at the NISO meeting, Ann West, Associate VP for Trust and Identity at the InCommon Federation, discussed the identity federation badging process which could be used as part of the RA21 recommendation to further limit the practice of attribute sharing by federations when allowing access to library resources.
Since privacy protections are an ongoing process, there is work for NISO to do as well. NISO’s Board of Directors is now in the process of setting forward a new privacy policy to be released in the coming weeks. In it, we will clarify details regarding processing of information, but, thankfully for us, our systems were already built with privacy in mind. For example, we do not gather nor track individual user data, except when logged in as a user of NISO’s working group and ballot management tool. We also do not share or trade data with third parties who are not providing NISO core services, such as accounting software. Each of us who provides services needs to recognize that the privacy of our users and our patrons must be protected to maintain their trust and loyalty. Some of us were doing so before GDPR came into effect. I’m hoping more will do so now too.
With kindest regards,
Todd Carpenter
Executive Director
NISO
NISO Reports
Media Stories
The General Data Protection Regulation: What Does It Mean for Libraries Worldwide?
Krista L. Cox, Director of Public Policy Initiatives, Association of Research Libraries and Anne T. Gilliland, Scholarly Communications Officer, University Libraries, University of North Carolina at Chapel Hill
This seven-page brief on the substance of the European Union’s binding legislation explains the General Data Protection Regulation (GDPR) and its long-term implications for libraries in the U.S. as well as in Europe. The End Notes may be of particular value in bringing the reader up to speed on the topic.
One key quote is: The GDPR applies even when EU citizens are living or visiting outside of Europe. The law’s goals include full accountability, consistency, and transparency from the organizations that collect and use personal data, and complete understanding and meaningful consent from the subjects whose data is being used...In the wake of such incidents as the Cambridge Analytica revelations, libraries, as privacy champions, should welcome the GDPR’s requirements.
The Washington Post Puts A Price on Data Privacy in its response to GDPR response -- and tests requirements
Lucia Moses, Digiday, May 30
Across the spectrum of publishers, how best to effectively and efficiently accommodate the requirements of GDPR presents challenges. The Washington Post has taken the novel approach of establishing a premium subscription option ($90 annual) for those in the European Commission; the option allows access “in exchange for no ads -- and the privilege of not having their data tracked”. The question becomes whether the option is acceptable to the marketplace or even legal in the context of the legislation.
Setting the Table: Responsible Use of Student Data in Higher Education
Martin Kurzweil and Mitchell Stevens, May/June 2018, EDUCAUSE Review
Digital information systems infuse the modern institutional gathering and handling of student data as such data shapes the educational experience of students. What is necessary at this point is a discussion of how best to craft institutional policies regarding the ethical use of student data. This article notes four principles of responsible use. Those four principles include shared understanding, transparency, informed improvement, and open futures.
An Ethical Framework for Library Publishing: Version 0.5 (Draft for Comment)
Jason Boczar, Charlotte Roh, Melanie Schlosser, Nina Collins, Rebel Cummings-Sauls
This document (not intended to become or remain static in the short-term) was born of concerns by those working in the context of publishing under the auspices of an academic library that their publishing practices demonstrate library ethical values. The document addresses five topics (publishing practice, accessibility, diversity, privacy and analytics, academic and intellectual freedom), with each section including an introduction, a sense of scope, a review of existing resources, recommendations and in some instances an indication of additional resources that should be developed.
FAIR Principles for Library, Archive and Museum Collections: A proposal for standards for re-usable collections
Lukas Koster, Saskia Woutersen-Windhouwer (both of the University of Amsterdam Library), May 4, 2018, Code4Lib Journal
This article proposes a set of relatively minor modifications to the FAIR Principles for scholarly output to enable the use of those Principles by the LAM (Library, Archive, Museum) community. Note that the acronym, FAIR, stands for findable, accessible, interoperable, and reusable. The authors here focus on application of those Principles at the collection level as would be necessary for those working in the LAM community.
Introducing a New Standard for the Citation of Research Data
Jennifer McLennan, May 8, 2018, Force11 Web Blog
Working with the European Molecular Biology Laboratory, European Bioinformatics Institute (EMBL-EBI) and the California Digital Library (CDL), The Identifiers Expert Group of the Force11 Data Citation Implementation Pilot (DCIP) have established interoperability of compact identifiers and developed a global approach for the formal citation of research data in the life sciences.
The paper in which their solution is outlined, Uniform resolution of compact identifiers for biomedical data. Sci. Data. 5:180029 doi: 10.1038/sdata.2018.29 (2018) is available here.
New and Proposed Specs and Standards
W3C Issues Improved Accessibility Guidance for Websites and Applications
“WCAG 2.1 provides recommendations for making web content more accessible to a wider range of people with disabilities, including auditory, cognitive, neurological, physical, speech, visual disabilities. The guidelines address accessibility of web content on desktops, laptops, tablets, and mobile devices. Following these guidelines also makes your web content more usable to all users in a variety of situations.” Publication as a W3C Recommendation finalizes the development process and indicates that the W3C considers the updated guidelines ready for implementation on web content. The Working Group has taken care to maintain backwards compatibility of WCAG 2.1 with WCAG 2.0. All the criteria from WCAG 2.0 are included in WCAG 2.1, so web sites that conform to WCAG 2.1 will also conform to WCAG 2.0. In addition, the W3C has recently redesigned the web pages for the Web Accessibility Initiative, available at https://www.w3.org/WAI/.
ISO/IEC 23000-18:2018 Information technology -- Multimedia application formats (MPEG-A) -- Part 18: Media linking application format
“This document specifies a data structure called "bridget". A bridget is a link between a "source" content and a "destination" content. The bridget contains information on the source content and on the destination content, on the link between the two and on how the information contained in the bridget is to be presented to users consuming the source content in order to enable them to make considerate decisions about whether to consume the destination content.” (Technical Committee: ISO/IEC JTC 1/SC 29)
JATS4Reuse Clinical Trials Version 1.0 Published
"This recommendation aims to provide clear guidance on tagging Clinical Trial information using JATS XML for machine readability and reuse. This recommendation only applies to clinical trials the paper is reporting on. Any other clinical trial references that are present should remain as URL links in the text and should not be converted to references/citations or a <related-object>."
About Newsline
Publication date
ISSN 1559-2774
- APA creates open science and methodology chair to deepen commitment to data sha…
- ARL Membership Convenes in Atlanta for Spring 2018 Meeting
- ATLA Partners with Lockwood Press and Licenses Two Full-Text Journals
- Advancing Data Publishing: California Digital Library and Dryad Announce Partne…
- The University of Cincinnati Joins HathiTrust
- Digital Science selects LibLynx to provide identity management across portfolio
- EBSCO Health launches shared decision making product - Option GridTM decision a…
- New Trust Center Demonstrates Ex Libris Commitment to Transparency, Security an…
- Highwire and PubGrade Partner to Increase Publisher Revenues
- NARA Innovation Hub Celebrates 300,000th Page Uploaded to Catalog
- NLM partners with Adam Matthew Digital to complete Medical Services and Warfare…
- OCLC and Talis in deal to support interoperability between Talis Aspire Reading…
- Remarq now available across journals published by American Mathematical Society
- Springer-Nature Announces Appointment of Dr Magdalena Skipper as New Editor-in…
- Aref Matin Named Wiley’s Chief Technology Officer