VIAF GDPR
•Download as PPTX, PDF•
1 like•1,903 views
Trabajo para VIAF sobre el reglamento europeo de protección de datos y su posible influencia en los datos de autoridad.
Recommended
Recommended
More Related Content
What's hot
What's hot (18)
Similar to VIAF GDPR
Similar to VIAF GDPR (20)
More from Biblioteca Nacional de España
More from Biblioteca Nacional de España (20)
Recently uploaded
Recently uploaded (9)
VIAF GDPR
- 1. General Data Protection Regulation (GDPR) and library authority data Ricardo Santos National Library of Spain Prepared for: VIAF Council meeting 24th August 2018, Kuala Lumpur
- 2. GDPR Facts Supersedes the Data Protection Directive 95/46/EC Adopted in April 2016, enforced in 25 May 2018. It has 98 articles and 173 whereas clauses. It’s a regulation, so it’s directly binding and applicable in Member States. Extra-territorial applicability: it applies to all companies processing the personal data of individual residing in the Union, regardless of the company’s location or where the data is processed . United Kingdom passed the Data Protection Act 2018, with equivalent regulations and protections 2
- 3. Goals Strengthen citizens' fundamental rights in the digital age. Give control to citizens over their personal data Harmonize and simplify the rules throughout the European states 3
- 4. “ Personal data is any information that relates to an identified or identifiable individual. (art. 4) This Regulation does not apply to the personal data of deceased persons. (whereas clause 27) 4
- 5. “ Processing means any operation on personal data, such as collection, recording, organization, structuring, storage, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available… (art. 4) 5
- 6. GDPR for organizations - Legal basis for processing (art. 6) (Can we process data?): - Consent (explicit, clear and unambiguous) - Legal obligation (legal deposit?) - Public interest - Organisation’s legitimate interest 6 - Processing of data must be (art. 5): - According to, and only the data necessary, the stated specific purposes. - Stored no longer than necessary. - Accurate and up-to-date.
- 7. GDPR for public administration - Personal data usually processed on the basis of a legal obligation or public interest. - A Data Protection Officer is mandatory. - Individuals may contact a public administration to exercise their rights under the GDPR. - Individuals have a right to object to the processing of personal data by the public administration on grounds of public interest. 7
- 8. GDPR for citizens (Chapter III) Citizens have the right to: - demand information about the processing - access the data - asking for corrections of inaccurate data - data erasure (formerly known as right to be forgotten) - object to the processing of data - receive personal data in a machine-readable format and send it to another controller. - request that decisions based on automated processing are made by natural persons. 8
- 9. Exceptions & Limits Consent can be skipped if there is legal obligation or public interest for collecting data Data erasure or others are limited by: Freedom of expression safeguards. Archival exemptions (provided the institution has the legal obligation to preserve). Scientific or historical research. Those limits are not automatic. Member states should introduce them or not. 9
- 10. BIG QUESTIONS REMAINS Considerations of authority data: • Is it “personal data”? Could there be other “sensitive data”? • What’s the legal framework for an authority file? • Can the “public interest” or “legal obligation” be invoked to skip consent? • Can we deny “right to be forgotten” on those grounds? • Can we freely distribute authority data (to VIAF, for instance)? 10
- 11. Claimings accepted Data correction. Hide pseudonymous relationships Hide dates BNE experiences Claimings rejected Deletion of resources Deletion of authority record 11
- 12. VIAF is an aggregator of sources. - Who has the responsability for data? VIAF is a “third party”: - Should reflect data policy of member institutions? Case 1: an institution acknowledge an individual data rights. Should this extend to VIAF or other libraries? - Should VIAF policy influence data policy of member institutions? Case 2: VIAF grants an individual data rights. Should this extend to libraries? Some issues with VIAF 12
- 13. GDPR: legal text European Union official webpage IFLA leaflet on GDRP More info 13
- 14. 14 Thanks! Ricardo Santos National Library of Spain ricardo.santos@bne.es Images : Biblioteca Digital Hispánica Template and fonds: SlidesCarnival
Editor's Notes
- 28 different regulations merged into one
- ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- DPO. Among other duties: act as a contact point for requests from individuals regarding the processing of their personal data and the exercise of their rights
- It isn’t clear if “scientific or historical research” applies to authority data, or if this data is stored for the “legal obligation”
- 1 – According to the law definition for “personal data”, it is, because it allows to identify a living person (a name string; a date of birth, an URI). “sensitive data” is less probably to be included. 2- Should the same rules apply to an authority file than a customer database, or even a library users’ file?