Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

Trabajo para VIAF sobre el reglamento europeo de protección de datos y su posible influencia en los datos de autoridad.

Published in: Leadership & Management
  • Be the first to comment

  • Be the first to like this


  1. 1. General Data Protection Regulation (GDPR) and library authority data Ricardo Santos National Library of Spain Prepared for: VIAF Council meeting 24th August 2018, Kuala Lumpur
  2. 2. GDPR Facts Supersedes the Data Protection Directive 95/46/EC Adopted in April 2016, enforced in 25 May 2018. It has 98 articles and 173 whereas clauses. It’s a regulation, so it’s directly binding and applicable in Member States. Extra-territorial applicability: it applies to all companies processing the personal data of individual residing in the Union, regardless of the company’s location or where the data is processed . United Kingdom passed the Data Protection Act 2018, with equivalent regulations and protections 2
  3. 3. Goals Strengthen citizens' fundamental rights in the digital age. Give control to citizens over their personal data Harmonize and simplify the rules throughout the European states 3
  4. 4. “ Personal data is any information that relates to an identified or identifiable individual. (art. 4) This Regulation does not apply to the personal data of deceased persons. (whereas clause 27) 4
  5. 5. “ Processing means any operation on personal data, such as collection, recording, organization, structuring, storage, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available… (art. 4) 5
  6. 6. GDPR for organizations - Legal basis for processing (art. 6) (Can we process data?): - Consent (explicit, clear and unambiguous) - Legal obligation (legal deposit?) - Public interest - Organisation’s legitimate interest 6 - Processing of data must be (art. 5): - According to, and only the data necessary, the stated specific purposes. - Stored no longer than necessary. - Accurate and up-to-date.
  7. 7. GDPR for public administration - Personal data usually processed on the basis of a legal obligation or public interest. - A Data Protection Officer is mandatory. - Individuals may contact a public administration to exercise their rights under the GDPR. - Individuals have a right to object to the processing of personal data by the public administration on grounds of public interest. 7
  8. 8. GDPR for citizens (Chapter III) Citizens have the right to: - demand information about the processing - access the data - asking for corrections of inaccurate data - data erasure (formerly known as right to be forgotten) - object to the processing of data - receive personal data in a machine-readable format and send it to another controller. - request that decisions based on automated processing are made by natural persons. 8
  9. 9. Exceptions & Limits Consent can be skipped if there is legal obligation or public interest for collecting data Data erasure or others are limited by: Freedom of expression safeguards. Archival exemptions (provided the institution has the legal obligation to preserve). Scientific or historical research. Those limits are not automatic. Member states should introduce them or not. 9
  10. 10. BIG QUESTIONS REMAINS Considerations of authority data: • Is it “personal data”? Could there be other “sensitive data”? • What’s the legal framework for an authority file? • Can the “public interest” or “legal obligation” be invoked to skip consent? • Can we deny “right to be forgotten” on those grounds? • Can we freely distribute authority data (to VIAF, for instance)? 10
  11. 11. Claimings accepted  Data correction. Hide pseudonymous relationships Hide dates BNE experiences Claimings rejected  Deletion of resources Deletion of authority record 11
  12. 12. VIAF is an aggregator of sources. - Who has the responsability for data? VIAF is a “third party”: - Should reflect data policy of member institutions? Case 1: an institution acknowledge an individual data rights. Should this extend to VIAF or other libraries? - Should VIAF policy influence data policy of member institutions? Case 2: VIAF grants an individual data rights. Should this extend to libraries? Some issues with VIAF 12
  13. 13. GDPR: legal text European Union official webpage IFLA leaflet on GDRP More info 13
  14. 14. 14 Thanks! Ricardo Santos National Library of Spain Images : Biblioteca Digital Hispánica Template and fonds: SlidesCarnival