<IANAL>
With regard to aligning university libraries with GDPR, it might be wise to
be consistent with the rest of the university in how they are handling GDPR
compliance. If your organization has no GDPR compliance plan as of now,
it's still not too late in starting a conversation with the organization's
compliance or legal officer (which I suspect have been bombarded with GDPR
information for quite some time now, and might still be trying to make
sense of it all). There will be a lot of companies that will not be
compliant by 5/25/2018, so you won't be alone. [1] [2] [3]
</IANAL>
Going back to Erin's original post about using GDPR as an opportunity to
increase privacy awareness with library users, I'm not aware of any active
programming tied to GDPR. :c( There are a multitude of sites and
programming - library and non-library created - that do cover online
privacy, though, and those can be pulled in to create patron programming
and sites, if folks need ideas or a place to start. [4]
Thanks,
Becky
[1] An older article outlying all the moving parts of GDPR and compliance
on the US side -
https://wp.nyu.edu/compliance_enforcement/2017/12/11/the-general-data-protection-regulation-a-primer-for-u-s-based-organizations-that-handle-eu-personal-data/
[2] An example of an university response to GDPR -
https://compliance.miami.edu/focus_areas/gdpr/index.html
[3] Some library-related GDPR posts from the Choose Privacy Week site -
https://chooseprivacyweek.org/?s=gdpr
[4] A place to start with finding resources and programs -
https://chooseprivacyweek.org/resources/
On Tue, May 22, 2018 at 3:38 PM David J. Fiander <[log in to unmask]> wrote:
> On point two, however, if you're a large school, and you are using web
> analytics to gather information about usage patterns, then you ARE
> "monitoring the behaviour of persons in the EU." According to Google
> Analytics, we had 120 visitors to my library's website in the past week.
>
> Realistically, we're not going to get in much trouble about this soon,
> but we do need to address it.
>
> - David
>
> On 2018-05-22 05:20 PM, Jodi Schneider wrote:
> > For most US groups, as far as I can tell, this is about cookies and
> > disclosure of what information is collected (e.g. on a privacy policy
> > linked throughout a website).
> >
> > IANL, but a compliance-related email I received recently mentions the
> > limits to GDPR’s jurisdictional provisions:
> > "The GDPR only pertains to units 1) offering goods or services to persons
> > in the EU or 2) monitoring the behavior of persons in the EU (including
> > through cookies on the unit’s websites). If you don’t do either of those
> > things, the GDPR does not apply to your U.S.-based unit."
> >
> > On Tue, May 22, 2018 at 2:54 PM, Craig Boman <[log in to unmask]>
> wrote:
> >
> >> Since we aren't getting much direction from our respective university
> >> technology departments, is there anything LITA or Code4lib could be
> doing
> >> to facilitate some more discussions on the impact of GDPR for US
> university
> >> libraries?
> >>
> >> Best,
> >> Craig
> >>
> >> Craig Boman, MLIS (Ph.D. student)
> >> Discovery Services Librarian and
> >> Assistant Librarian
> >> Miami University Libraries
> >>
> >> 314 King Library
> >> [log in to unmask]
> >> ORCID ID: 0000-0001-7511-4078
> >>
> >> "There is no education as that which comes from participation in the
> >> constant stream of events." - Jane Addams (1902, p. 93) Craig Bowman
> Craig
> >> Bauman
> >>
> >>
> >> On Tue, May 22, 2018 at 2:48 PM, Sattler, Kelly <[log in to unmask]>
> >> wrote:
> >>
> >>> Hi Erin,
> >>>
> >>> I’ve been thinking about it but have no concrete plans. We have a
> >>> privacy statement linked to in our footer that I need to reread and
> make
> >>> sure is clear and accurate. Sadly, I’ve heard nothing from my
> university
> >>> yet about what they’re doing.
> >>>
> >>> I too am interested in what other libraries are doing.
> >>>
> >>> Kelly
> >>>
> >>> Kelly Sattler
> >>> Head of Web Services
> >>> MSU Libraries
> >>> 366 W. Circle Drive (#13)
> >>> East Lansing, MI 48824
> >>> 517-884-0869
> >>> [log in to unmask]
> >>> twitter: ksattler
> >>>
> >>> From: <[log in to unmask]> on behalf of Erin White <
> >>> [log in to unmask]>
> >>> Reply-To: "[log in to unmask]" <[log in to unmask]>
> >>> Date: Tuesday, May 22, 2018 at 2:38 PM
> >>> To: "[log in to unmask]" <[log in to unmask]>, Code for Libraries
> <
> >>> [log in to unmask]>
> >>> Subject: [lita-l] GDPR and your library website
> >>>
> >>> Hi folks,
> >>>
> >>> Is anyone making changes to your library website, sub-sites, or other
> >>> digital platforms in order to comply with GDPR regulations?
> >>>
> >>>
> >>> Bonus: if so, are you also working to increase users' awareness of how
> >>> their data is collected and used across the library, not just on the
> web?
> >>>
> >>>
> >>> We're mulling a few options here. Our university-level IT group plans
> to
> >>> launch a web click-through page before users from the EU can proceed to
> >>> institutional websites, but our library servers don't fall under their
> >>> control for this change.
> >>>
> >>> I think this could be an opportunity for us to increase privacy
> awareness
> >>> for all our users, rather than just EU visitors, and I've seen a few
> >>> non-library websites present this info to everyone in a way that isn't
> >>> obtrusive or alarming. But, I haven't gotten a sense of whether this is
> >>> something other library folks are considering as well.
> >>>
> >>> Thanks for anything you've got to share.
> >>>
> >>> --
> >>> Erin White
> >>> Head, Digital Engagement, VCU Libraries<https://www.library.vcu.edu>
> >>> (804) 827-3552 | [log in to unmask]<mailto:[log in to unmask]>
> >>> pronoun.is/she<http://pronoun.is/she>
> >>>
> >>> To maximize your use of LITA-L or to unsubscribe, see
> >>> http://www.ala.org/lita/involve/email
> >>>
> >>> To maximize your use of LITA-L or to unsubscribe, see
> >>> http://www.ala.org/lita/involve/email
> >>>
> >>
>
|