Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Frameworks & Current
Issues in Library Privacy
NISO Privacy - June 19, 2015 



Laura Quilter, MLS, JD

UMass Amherst
aka



Where we’ve been, 

where we are,

where we might go
broad approaches to date
privacy against governmental intrusion: 4th Amendment. 1st
Amendment connections to anonymous spe...
Fair Information Practice Principles
HEW, 1973 - attempting to establish a framework for
the use of information in the mod...
FIPP implementations
EU Data Protection Directive among the fullest
implementations.
US FCRA, Fair Credit Reporting Act — ...
FIPP implementations
Library privacy statutes: Waivers from FOIA; sometimes
protection from government intrusion; sometime...
Are these issues manageable
through existing approaches?
Library Privacy Laws - revisions to cover ebooks; “readers”, 3rd ...
new approaches
FIPPs: Enforcement has been least-applied aspect;
expansion of regulatory enforcement or tort approaches
(n...
new approaches
Contextual privacy [Helen Nissenbaum] - Suggests
regulatory approach of notice & consent over migration
of ...
questions for Privacy Working Group
why do we care about privacy? autonomy? “intellectual privacy”? seclusion? modesty?
re...
Upcoming SlideShare
Loading in …5
×

Laura Quilter NISO Privacy Meeting #4 - June 19, 2015

869 views

Published on

June 19, 2015
NISO Consensus Framework to Support
Patron Privacy in Digital Library and Information Systems
http://www.niso.org/topics/tl/patron_privacy/

Published in: Education
  • Be the first to comment

  • Be the first to like this

Laura Quilter NISO Privacy Meeting #4 - June 19, 2015

  1. 1. Frameworks & Current Issues in Library Privacy NISO Privacy - June 19, 2015 
 
 Laura Quilter, MLS, JD
 UMass Amherst
  2. 2. aka
 
 Where we’ve been, 
 where we are,
 where we might go
  3. 3. broad approaches to date privacy against governmental intrusion: 4th Amendment. 1st Amendment connections to anonymous speech. (late 18th c.) privacy torts (late 19th/early mid 20th c.) Fair Information Practice Principles [FIPPs] (late 20th c.) sectoral implementation in US : FCRA, FERPA, HIPAA, library privacy statutes, data breach notification statutes, etc. more comprehensive implementation in EU: EU Data Protection Directive, etc.
  4. 4. Fair Information Practice Principles HEW, 1973 - attempting to establish a framework for the use of information in the modern age; followed by OECD, EU, and other organizations fundamental premise underlying much modern privacy regulation, but not usually implemented holistically components: notice, choice/consent, access, integrity, security, enforcement
  5. 5. FIPP implementations EU Data Protection Directive among the fullest implementations. US FCRA, Fair Credit Reporting Act — typical in US for providing consumers some modest implementations of access and integrity, but very little notice, choice, or enforcement. Gramm Leach Bliley (financial data) HIPAA (health data) Data Breach Statutes provide an implementation of security.
  6. 6. FIPP implementations Library privacy statutes: Waivers from FOIA; sometimes protection from government intrusion; sometimes fuller implementations of FIPPs Reader privacy statutes: AZ - expanded to ebooks CA - booksellers & electronic booksellers records protected; notice to users; reporting; exceptions MO - ebooks added; 3rd party vendor records added
  7. 7. Are these issues manageable through existing approaches? Library Privacy Laws - revisions to cover ebooks; “readers”, 3rd party holders of records; vendors Nationally: USA PATRIOT Act & Freedom Act reforms (limits on bulk collection of data); legal challenges to mass warrantless surveillance. ECPA reform and the 3rd party business records doctrine. Federal attacks on strong cryptography, demanding weak crypto, backdoors/keys. Ubiquitous surveillance and record collection (e.g., RFID; video footage; logging). Data mining. Internationally: Varying approaches in UK & Europe already only increasing. In Europe, the new “Right to be Forgotten”, and efforts by EU and most recently Canada to enforce law extraterritorially.
  8. 8. new approaches FIPPs: Enforcement has been least-applied aspect; expansion of regulatory enforcement or tort approaches (negligence, duties owed to subjects of information gathering).
 Q: How to implement as a general duty? 
 Q: How to handle distributed data (joint & several liability?) Autonomy: Autonomy as a justification for privacy has been a basis for US reproductive rights law since late 20th century, but rarely applied to informational privacy; 1st Amendment protections for anonymous speech make a potential nexus. 
 Q: Value of privacy as “seclusion” lost?
  9. 9. new approaches Contextual privacy [Helen Nissenbaum] - Suggests regulatory approach of notice & consent over migration of data; strong controls around re-purposing. 
 Q: Erosion of privacy as a norm.
 Q: Creation of new information (via data mining & algorithmic control) may lead to lack of awareness, so how to regulate? Give up “privacy” and instead regulate misuse / harms.
 Q: Value of privacy as “seclusion” utterly lost
 Q: How to define misuse / harm? Is “price discrimination” a harm to the consumer?
  10. 10. questions for Privacy Working Group why do we care about privacy? autonomy? “intellectual privacy”? seclusion? modesty? relation to other values, such as consumer rights, control of time? what interests are we trading off? privacy, accessibility, cost, options, user-friendliness, security, freedom of speech, others? who is in charge of “networked” data? what are the responsibilities for putting in a little data into a larger pool? e.g., RFID; data mined & combined with other data; leading to targeted advertising & price discrimination are commercial uses qualitatively different from noncommercial uses of other people’s data? ought libraries be granted more scope because they are trusted, or less scope? for the librarians: public & nonprofit institutions’ engagements with private commercial entities is subject to scrutiny; if data is commercial, what can be fairly shared with commercial entities? do the differing roles of academic libraries (supporting the most privileged users) and public libraries (supporting the least privileged) suggest different duties and perspectives? what are effective enforcement mechanisms? Because without enforcement, principles are nearly meaningless.

×