The very popular Long Arm of the Law session, moderated as usual by Ann Okerson, Senior Advisor, Center for Research Libraries (CRL), returned to the Charleston Conference for the 6th time. Panelists were Gary Price, Editor, infoDOCKET; Bill Hannay, Partner, Schiff Hardin, LLC; and Lisa Macklin, Director, Scholarly Communications Office, Emory University.
This year’s subject was privacy, which protects the rights and freedoms of individuals to live as they wish and gives people the ability to control the dissemination of their personal information. Privacy is a topic that affects us all. This word cloud shows some of the concepts relating to privacy.
Gary Price began with a discussion of internet and library privacy and noted that the privacy that people have come to expect from libraries over many decades is not where it should be in the digital age. Work on privacy is being done by NISO, ALA, and the Library Freedom Project. Publishers and database producers are also getting involved. Privacy is very wide-ranging; it includes local library data, disclosures, data sharing, opt-in services of vendors, third parties, personnel, response plans, awareness, training, data storage, and staying vigilant. It is more than encryption or encrypted data transmission.
Libraries can use some of the data they collect, but it is important to let users know what is going on. What is your relationship with vendors? What are their privacy policies? Is the technology configured correctly? We need to understand these things and work with our providers.
Improving privacy does not mean we must stop doing what we do, but in today’s world, it is necessary to be proactive, not reactive. We can lose a lot of respect from the general public with only a single privacy breach. What is being shared with 3rd parties? Everybody has a different comfort level with privacy. Privacy and data surveillance have become major topics around the world.
Gary then did a live demonstration of WireShark, a network analyzer, which displayed the network users in the conference room, followed by another demonstration of Cookie Cadger, a wi-fi analyzer that uses Wire Shark data to obtain the Mac IDs of users. These demonstrations showed that our data are not as private as we may think.
Here are some things we can do today:
Tools that can erect roadblocks and make it more challenging for others to get our private data are available.
Bill Hannay discussed the Right to Be Forgotten (RTBF) and especially recent developments in Europe (which is ahead of the US in some areas of privacy). Europe vigorously protects privacy rights of individuals, which includes any information relating to an individual. Many European privacy laws date back at least 20 years. We need a robust set of rules to make sure users are protected.
In a well known case (the Costeja case in Spain), Google was forced by the European Court of Justice, after appeals, to take down its data on Costeja and to do it for anybody subject to data privacy laws. Google is obliged to remove from search results links to any web page relating to an individual if such information is “irrelevant” to the purposes for which it was collected. As a result, Google has a request form for this and has received over 330,000 requests, 42% of which were honored. URLs were also removed from Facebook and YouTube. RTBF laws have also been passed in other European countries and are now starting to impact the US and searches done on google.com.
We need help from our vendors. We understand that they want to know how their products are being used, but they do not need to know who is searching what. We need to educate users, help them make informed choices, and teach them about privacy and technology. Facebook has become more proactive in its approach to privacy. Libraries should also be proactive, understand the implications of technology, question privacy implications of new tools and services, and keep current. We all must become advocates for privacy rights because we have a role to play.