Коваль Т. - Особливості механізму захисту персональних даних користувачів бібліотек у законодавстві ЄС та системі стандартів IFLA, Лопата О. (2019)

  ARCHIVE (All issues) /     Content (2019, Issue 56)Ukrainian English

Koval Tetiana, Lopata Olena

Singularities of the mechanism to protection of patron data library visitors in the legislation of EU and system of standards IFLA

Abstract: The article highlights current issues of processing and protection of personal data in modern conditions, as well as analyses the problematic aspects of privacy in the practical activities of libraries. Modern issues of personal data, EU and IFLA data security safeguarding mechanism provided by law. The legislative nature of the term «personal data» according to European way of formation and determination of its law context are analyzed in the article. The history, chronology of development and mutual approval, as well as about the questions of application of Law of Ukraine «About the personal data protection» was reported. The main cause of this article is to study the legal norms of the European Union and the IFLA and ALA system of protection of personal data in modern conditions and compilation of legal requirements to establish an integrated system of protection of personal data in the library area. The case-method of this intelligence / work / chosen method of comparative analysis. The article analyzes the state of the Ukrainian legislation as related to restriction of the access to personal information, its compliance with the principles of international law in the European integration of Ukraine and examines the state of European law in this field. It is noted that, this broad topic definitely concerns librarians, as it is such a key part of the underpinnings of the profession. Non-regulated or weakly regulated by norms ISO aspects of the rules of data accounting and library statistics – ISO 2789:2013 standard «Information and documentation – International library statistics» and data security in the digital age – ISO / IEC 27001:2013 standard «Information Security Management Standards». Issues of quality of information, protection of personal data, and professional ethics in the library environment were discussed at the World Library and Information Congress (WLIC) in Lyon (August 16–22, 2014). The problem of regulatory regulation of relations in the library industry, including information security and personal data protection, was studied by the American Association of Law Libraries (hereinafter: AALL). In the Reports of Chapters, Special Interest Sections, Committees, Special Committees, Task Forces, and Council, Representatives, and Washington Affairs Office 2003-2004, the issue of information security in the library area/ is addressed in several key chapters. Throughout 2015 and 2016, The Intellectual Freedom Committee, part of the American Library Association (ALA), published a set of Library Privacy Guidelines that cover topics including K–12 student privacy, ebook lending and digital content privacy, library management system privacy, and public access computer privacy. As more systems that had historically been physically located in the library have moved toward service providers, a cross constituency activity was launched by NISO to create a set of principles for libraries, service providers, and publishers. The resulting framework includes key areas of focus such as transparency, the need for certain anonymous functionality, and explicit opt-in for data collection. In 2016, the Resource Access for the 21st Century (RA21) was launched to connect libraries, service providers, and publishers with the goal of helping ensure ease of access to scholarly content while protecting it from unauthorized access and distribution. The role of the V. I. Vernaskyi National Library of Ukraine in the implementation of European standards of data protection – organizational and technical, in the practice of library work was emphasized. In order for users to get the benefits they seek, librarians must make riskbased decisions on the value of the trade-off between security and/or privacy and the value of the service they seek to get from the library. The key is to give patrons, users, and the community the information and options to make smart, well-informed security and privacy decisions. Librarians can use their influence and skillsets to get their communities on a path to make patrons, whether inside or outside the library, wiser about their role in security and privacy and empowering them to insist on accountability from everyone around them regarding both areas of concern.

Keywords: data security, human right and freedom, information processing, personal data, data transfer, ISO standards.


Author(s) citation:

Cite:
Koval Tetiana (2019). Singularities of the mechanism to protection of patron data library visitors in the legislation of EU and system of standards IFLA. Academic Papers of The Vernadsky National Library of Ukraine, (56) 135-157. (In Ukrainan). doi: https://doi.org/10.15407/np.56.135

References:

  1. Verkhovna Rada Ukrainy (1996, June 28). Konstytutsiia Ukrainy: Zakon Ukrainy N 254k/96-VR [The Constitution of Ukraine: Law of Ukraine No.254 k/96 – BP]. Vidomosti Verkhovnoi Rady Ukrainy – Information of the Verkhovna Rada of Ukraine, 30, Art 32. [In Ukrainian].
  2. Verkhovna Rada Ukrainy (1992, October 2). Pro informatsiiu: Zakon Ukrainy N 2657-XII [About the information: Law of Ukraine]. Vidomosti Verkhovnoi Rady Ukrainy – Information of the Verkhovna Rada of Ukraine, 48, Art. 650. [In Ukrainian].
  3. Verkhovna Rada Ukrainy (2011, January 13). Pro dostup do publichnoi informatsii: Zakon Ukrainy N 2939-VI [About access to public information: Law of Ukraine]. Vidomosti Verkhovnoi Rady Ukrainy – Information of the Verkhovna Rada of Ukraine, 32, Art. 314. [In Ukrainian].
  4. Verkhovna Rada Ukrainy (2010, June 13). Pro zakhyst personalnykh danykh: Zakon Ukrainy N 2939-VI [On the protection of personal data: Law of Ukraine]. Vidomosti Verkhovnoi Rady Ukrainy – Information of the Verkhovna Rada of Ukraine, 34, Art. 481. [In Ukrainian].
  5. Verkhovna Rada Ukrainy (2017, May 24). Pro ratyfikatsiiu Administratyvnykh domovlenostei shchodo okhorony informatsii z obmezhenym dostupom mizh uriadom Ukrainy ta Orhanizatsiieiu Pivnichnoatlantychnoho dohovoru: Zakon Ukrainy N 2068-VIII [On the Ratification of the Administrative Arrangements for the Protection of Restricted Information Between the Government of Ukraine and the North Atlantic Treaty Organization: Law of Ukraine]. Vidomosti Verkhovnoi Rady Ukrainy – Information of the Verkhovna Rada of Ukraine, 26, Art. 299. [In Ukrainian].
  6. (1948). Zahalna deklaratsiia prav liudyny [General Declaration of Human Rights]. Retrieved from http://zakon3.rada.gov.ua/laws/show/995_015. [In Ukrainian].
  7. (1950). Konventsiia pro zakhyst prav liudyny ta osnovopolozhnykh svobod [European Convention on Human Rights]. Retrieved from http://zakon2. rada.gov.ua/laws/show/995_004. [In Ukrainian].
  8. Rada Yevropy (1981). Konventsiia Rady Yevropy vid 28 sichnia 1981 roku N 108 «Pro zakhyst osib u Zviazku z avtomatyzovanoiu obrobkoiu personalnykh danykh» [Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. Amendment to Convention ETS N 108 allowing the European Communities to accede]. Informatsiia i pravo, 2013, 3, 143-149. [In Ukrainian].
  9. Yevropeiskyi Parlament (1995). Dyrektyva 95/46/IeS Yevropeiskoho parlamentu i Rady Yevropeiskoho Soiuzu vid 24 zhovtnia 1995 roku «Pro zakhyst osib u zviazku z obrobkoiu personalnykh danykh i vilnym obihom tsykh danykh» [Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data]. Informatsiia i pravo, 2013, 3, 152-171. [In Ukrainian].
  10. Rada Yevropy (2001). Dodatkovyi protokol do Konventsii Rady Yevropy N 108 vid 8 lystopada 2001 roku «Pro zakhyst osib u zviazku z avtomatyzovanoiu obrobkoiu personalnykh danykh shchodo orhaniv nahliadu ta transkordonnykh potokiv danykh» [Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal data regarding supervisory authorities and transborder data flows]. Informatsiia i pravo, 2013, 3, 150-151. [In Ukrainian].
  11. (2016). DSTU ISO 2789:2016 (ISO 2789:2013, IDT). Informatsiia ta dokumentatsiia. Mizhnarodna bibliotechna statystyka [Information and documentation - International library statistics]. Kyiv, Ukraine: DP "UkrNDNTS". [In Ukrainian].
  12. Bryzhko, V. M. (2013). Zakhyst personalnykh danykh: realii ta praktyka suchasnosti [Personal data protection: realities and contemporary practice]. Informatsiia i pravo, 3, 31-48. [In Ukrainian].
  13. (2014). Vsemirnyi bibliotechnyi i informatsionnyi kogress IFLA 2014 goda [World Library and Information Congress IFLA of 2014 year]. Bibliotekovedenie, 5, 82-85. [In Russian].
  14. Korzh, I. F. (2016). Dualizm pravovoho mekhanizmu vykorystannia informatsii pro osobu v umovakh yevrointehratsii [Dualism of the legal mechanism for the use of information about a person in the conditions of European integration]. Informatsiia i pravo, 1, 20-27. [In Ukrainian].
  15. Melnyk, K. S. (2013). Teoretyko-pravovyi zmist termina "personalni dani". [Theoretical and legal content of the term «personal data»]. Informatsiia i pra vo, 3, 49-63. [In Ukrainian].
  16. Protsenko, V. A. (2012). Osoblyvosti mekhanizmiv zakhystu personalnykh danykh v zakonodavstvi YeS [Peculiarities of mechanisms for protection of personal data in the EU legislation EU]. Pravova informatyka, 2, 45-50. [In Ukrainian].
  17. Heivik, T. (2014). Soverhsenctvovanie metodov. Statisticheskie standarty v bibliotekakh vsego mira [Perfection of methods. Statistical standards in libraries around the world]. Bibliotekovedenie, 3, 90-96. [In Russian].
  18. (2001). 2001/497/EC: Commission Decision of 15 June 2001 on standard contractual clauses for the transfer of personal data to third countries, under Directive 95/46/EC. Retrieved from http://www.eur-lex. europa.eu/ LexUriServ/ LexUriServ.do? uri=CELEX:32001D0497:EN:NOT. [In English].
  19. (2014). Action for Development through Libraries Program. Retrieved from https://www.ifla.org/past-wlic/2014/ifla80/node/357.html. [In English].
  20. (2016). Action for Development through Libraries Program. Retrieved from http://www.ugcnetguide.com/2016/10/alp-action-for-developmentthrough.html. [In English].
  21. (2008). ALA Code of Ethics. Retrieved from https://www.ala.org/ advocacy/proethics/codeofethics/codeethics. [In English].
  22. American Association of Law Libraries (2004). Reports of Chapters, Special Interest Sections, Committees, Special Committees, Task Forces, and Council, Representatives, and Washington Affairs Office 2003–2004. In Law Library Journal, 96(3), 795-869. [In English].
  23. Ayala Daniel. Security and Privacy for Libraries in 2017. [In English].
  24. European Parliament (2002). Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). Retrieved from https://www. eur-lex. europa.eu/ LexUriServ/ LexUriServ.do? uri=CELEX:32002L0058:EN:NOT. [In English].
  25. (2014). Geneva Plan of Action. Retrieved from http://www.itu.int./ wsis/docs/geneva/official/poa.html. [In English].
  26. (2015). The Hague Declaration on Knowledge Discovery in the Digital Age. Retrieved from http://lilibereurope.eu/about-liber/. [In English].
  27. (2015). The Hague Declaration on Knowledge Discovery in the Digital Age. Retrieved from https: //thehaguedeclaration.com/the-hague-declarationon-knowledge-discovery-in-the-digital-age/. [In English].
  28. (2012). IFLA Code of Ethics for Librarians and other Information Workers. Retrieved from http: // www.ifla.org/news/ifla-code-if-ethics-forlibrarian-and-other-information-workers-full-version. [In English].
  29. (2002). IFLA Internet Manifesto. Retrieved from https://www.ifla.org/ node/9228. [In English].
  30. (2014). IFLA Internet Manifesto. Retrieved from https://www.ifla.org/ publications/node/224. [In English].
  31. (2013). IFLA Library. Retrieved from http://library.ifla.org. [In English].
  32. (2013). IFLA Trend Report. Retrieved from https://trends.ifla.org/2013timeline. [In English].
  33. (2013). IFLA World Library and Information Congress. Retrieved from https://www.ifla.org/annual-conference. [In English].
  34. (2016). NISO Patron Privacy Framework. Retrieved from https://www.niso.org/topics/tl/patron_privacy. [In English].
  35. (2012). Protection of personal data. Retrieved from https://www.europa. eu/legislation_summaries/information_society/data_protection/114012_ en.htm. [In English].
  36. (1999). The Working Party on the Protection of Individuals with regard to Processing of Personal Data (1999, September 7). Recommendation 4/99 on the inclusion of the fundamental right to data protection in the European catalogue of fundamental rights. Brussels. Retrieved from https://www.ec.europa.eu/ justice/policies/privacy/doc/wpdocs/1999/wp26en.pdf. [In English].
  37. European Parliament (2000). Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals wish regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data. Retrieved from http://www.eur-lex.europa.eu/LexUriServ/LexUriServ. do?uri=CELEX:32001R0045:EN:NOT. [In English].
  38. (2013, 2014). Right to Privacy in the Digital Age. Retrieved from https://www.ohchr.org/en/issues/digitalage/pages/digitalageindex.aspx. [In English].
  39. (2015). Statement on Privacy in the Library Environment. Retrieved from https: //www.ifla.org/node/9803. [In English].
  40. (2014). WSIS+10 High-Level Event. Retrieved from http: //www. itu.int/wsis/implementation/2014/forum/inc/doc/outcome/362828V2E.pdf. [In English].