The EU Data Protection Regulation – A Digital Library for the many or the few?06 December 2016
The EU Commission website gives some background information on the reform of Data protection in the European Union.
On 8 April 2016 the Council adopted the Regulation and the Directive. And on 14 April 2016 the Regulation and the Directive were adopted by the European Parliament.
On 4 May 2016, the official texts of the Regulation and the Directive have been published in the EU Official Journal in all the official languages. While the Regulation will enter into force on 24 May 2016, it shall apply from 25 May 2018. The Directive enters into force on 5 May 2016 and EU Member States have to transpose it into their national law by 6 May 2018.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA
Read below an article by Jerker Rydén, lawyer of the National Library of Sweden
Copyright is indeed very relevant for how libraries can operate. But integrity law, e.g. Data Protection may very well be a far more important issue.
The EU Directive on data protection has to be transposed into national legislation by May 6th, 2018. The EU Regulation on data protection will be applied with direct effect in every Member State from May 25th 2018.
Both will regulate how personal data may be processed.
This article will not cover the library as an administrative body. The reason for this is that a library as an administrative body is a fairly small part of the government as a whole, be it local, central etc. Those aspects of the Regulation have to be addressed by the government regardless whether it is a library or not.
The difficult issue at hand is how to approach personal data, which is embedded in e.g. digitized newspapers i.e. data, which, is not structured on the basis of a person, but rather just another piece of data amidst other data in a digital file.
The processing of this kind of personal data is not addressed as far as libraries are concerned in the Regulation. The Directive on the other hand provides some leeway.
Article 9 of the Regulation prohibits the processing of special categories of personal data revealing racial or ethnic origin, political opinions etc. The prohibition though is not absolute and shall not apply if “processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.” (Article 9 g).
Libraries administrate collections, which include the special categories of personal data referred to in article 9. It is furthermore impossible to extract such data and block access to the data with 100-percent certainty. And even if it would be possible it is not desirable. Source material should not be corrupted. For that reason the only possible way to provide libraries with the legal underpinning to the processing of special categories of personal data referred to in Article 9 of the regulation is for MS to introduce supplementary national legislation which “shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.” (Article 9 g).
Considering the timeframe referred to above, there is an urgent need for libraries to get engaged on national level and lobby for Member State law to be enacted in due time for the Regulation to be applied, May 25th 2018. Such legal underpinning for the processing of data is therefore crucial for libraries to uphold their digital services from May 25th 2018 and beyond.
At the same time it should be noted that the right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality. Accordingly the Regulation respects all fundamental rights and observes the freedoms and principles recognised in the Charter as enshrined in the Treaties, such as in freedom of expression and information and the freedom to conduct a business. This means that STM publishers and other publishers will be exempted from many of the articles in the Regulation to the extent that publishers will still be able to provide access to digital content and libraries as well on the basis of contractual arrangements with publishers.
Read the detailed analysis of the Regulation
National Library of Sweden
< back to overview