CILIP Privacy Project - Consultation Discussion Paper

CILIP Privacy project - Consultation discussion paper

CILIP Privacy project

Consultation discussion paper

June 2017

______

About this document: This consultation discussion paper sets out some of the key issues to be addressed in the privacy project and will be used to initiate discussions with individuals and sector bodies. Outcomes from these discussions will help to inform a revised “User privacy in libraries guidelines” (and a possible separate guidance note focused on K&IM services), and CILIP’s Ethics Review. Consultation questions for each section can be found at the end of the document (see Appendix 1).

Contents

 What we want from this consultation

 Our approach

 Section 1: Introduction

 Section 2: What is privacy?

 Section 3: Privacy, ethics and the information professional

 Section 4: Digital disruption and the personalisation of services

 Section 5: Data about an individual collected by institutions

 Section 6: Surveillance

 Section 7: The Role of the information professional in supporting the citizen

 Section 8: Children and vulnerable adults

 Conclusion

 Appendix 1: Consultation questions CILIP Privacy project - Consultation discussion paper

What we want from this consultation

 A snapshot of the current state of the profession in relation to privacy [and freedom of access to information in so far as it imparts on privacy] including evidence from practitioners across the sectors - public and commercial.

 Informed input into CILIP’s Ethics Review

 A robust evidence base to inform published guidance for information professionals. By information professionals we mean librarians, information managers, knowledge managers and data professionals in the UK.

 Other outputs as may seem appropriate as the project progresses such as policy statements or an Information Rights Charter (for the user) or Pledge for institutions

Our approach

Our approach is to presume a hierarchy which puts the citizen, who owns their personal data, at the top. Two other agents in this hierarchy are the state and the institution or business.

The role of information professionals is to take the steps necessary to ensure that the relationships, rights and responsibilities in promoting privacy between these three loci - citizen, state and institution- are transparent and accountable and that the individual citizen (in whatever role or place within our privacy model) is not only informed but empowered with the tools to enact their own rights and responsibilities. The information professional will be informed and guided in this task by a firm understanding and commitment to professional ethics.

The role of the information professional is also one which will support the state in designing systems and processes which enable the citizen to enact their rights and responsibilities and also institutions in designing a business model which ensures the privacy rights and responsibilities of the individual citizen are protected.

Policy/ August 2017 CILIP Privacy project - Consultation discussion paper

Fig. 1 The role of the information professional

Section 1: Introduction

Information professionals have long had an ethical commitment in principle and practice to privacy and also to freedom of access to information. The two are closely linked. The confidentiality of personal data is an exception (limitation) to the release of information under the Freedom of Information Act (2000). Yet IFLA, amongst many others, also correctly assert that the privacy of users is also fundamental to their freedom of access to information – where there is surveillance or other interference with privacy rights then the information seeking behaviours of individuals will be adversely influenced and the right to access information compromised.

20th century analogue world

Perhaps what is most surprising is how recent the current debate concerning privacy is, and how it correlates closely to the emergence of the digital world. Back in the solely analogue world (and this takes in most of the twentieth century) respect for the confidentiality of client/user information was an important feature of the Library Association Code of Professional Conduct first issued in 1983 but this was issued at a time when most libraries controlled the information provided by users clients and when, even in the commercial world, libraries were still a feature of corporate information provision. 3

This familiar and stable picture has been severely disrupted by modern information technologies. In the 21st century the analogue world has been increasingly displaced by the digital world, although there were signs of this development in the last century – the World Wide Web, for instance, is widely cited as having been created in 1989. Similarly as technology and the complexity and volume of available information increased so information regulation started to be promulgated nationally and internationally. In the area of privacy the first UK Data Protection Act was passed in 1984 and a new Act was passed in 1998. However as the challenges provided by big data, linked data, the emergence of the Cloud and the vulnerability of information systems to cyber attack dominate the headlines, so the EU’s tougher General Data Protection Regulations will be incorporated into UK law in May 2018 despite Brexit.

21st century landscape

Increased challenges to the privacy of users and clients is now commonplace across all information sectors. Even in public and educational libraries personal data provided by users may now be held by third party contractors (eg e-book aggregators) or internet service providers. In most instances the user may not be fully aware that their personal data is being collected in the first place or who can access it or who holds it.

Outside the traditional library sectors, knowledge and information managers will often, perhaps in most cases, operate outside a library environment and be embedded in the corporate structure of the organisation. Part of their responsibilities are likely to include information governance1 and advising their employers (or clients) on their legal and ethical responsibilities for both the security of personal data and its appropriate use. Similarly information professionals working in Government and the security services have an important role in helping to deliver the transparent and accountable government that David Cameron did so much to champion. It is important to understand that those information professionals working in the security services have an especial duty to ensure that personal data is managed and processed within the law and to a high ethical standard.

Privacy project 2017

This project has two foci. The information professional and the guidance they require to uphold the principle of privacy in their professional work. The user (or client) and how their right to privacy can be supported and promoted by information professionals in all sectors. This will include the user in their many persona as citizen, learner, consumer, patient, client and employee.

There is plenty of room for healthy debate about the issues that are raised in this consultation document, not least regarding state and corporate surveillance. This project provides the opportunity for that debate to take place.

1 Information governance is “the process by which an organisation ensures that it has in place and operates policies, standards, and strategies (with the necessary supporting roles and skills) that ensure its ethical use of information and adherence to relevant legislation”. 4

It is our hope that the project will enable a better understanding of what privacy means and how it can best be promoted by information professionals across all sectors. It should be a real strength that we have CILIP members working in so many parts of the knowledge economy – library services, as information managers in commercial and third sector organisations and as part of the state. If all information professionals embraced and worked within a common set of ethical principles then that in itself should be a significant contribution to ensuring all members of society enjoy their proper rights of personal and family privacy.

Section 2: What is privacy?

The UK incorporated the European Convention on Human Rights (ECHR) into the Human Rights Act (1998). This includes the Right to respect for Private and Family Life (article 8) and Freedom of Expression (Article 10) (including the right “...to receive and impart information and ideas without interference by public authority and regardless of frontiers”).

It is important to appreciate that both the above are “qualified rights” in the European Convention of Human Rights (and also the Universal Charter of Human Rights). Unlike the absolute prohibition, for instance, of torture – wrong in any circumstance – qualified rights have to be balanced not least one against another. Therefore the privacy of the individual (as expressed in the Data Protection Principles) is a limitation on freedom of access to information. As IFLA also rightly argues it can also be a necessary precondition of full enjoyment of the right to access information as any imposition of surveillance, the invasion of the right to privacy, is most likely to influence the search behaviour of individuals.

UK Legislation

Legislation of the UK sets out the exceptions to personal privacy in the Data Protection Act (1998) – now about to be extensively revised in light of the EU’s General Data Protection Regulations (GDPR) - and to freedom of information in the Freedom of Information Act (2000) and the similar Freedom of Information Scotland Act (2002). In both cases there are exceptions relating to national security and the detection of criminal activity. It is important to recognise that terrorism is itself an attack on a number of human rights not least the “right to life” [Article 2 of the ECHR] and we all wish to live in safety and security. It is common ground that counter-terrorism is an essential state activity and that this may require the limitation of some human rights. The question is as to where that balance lies.

In this project we will be using CILIP’s Ethical Principles and Code of Professional Conduct to define privacy in the information, library and knowledge sector. This requires information professionals to show: “Respect for confidentiality and privacy in dealing with information users” and cautions all practitioners to “protect the confidentiality of all matters relating to information users, including their enquiries, any services to be provided, and any aspects of the users’ personal circumstances or business”.

Key issues:

 CILIP’s guidelines on user privacy published 20092, noted an increasing tension between freedom of access to information and the right of an individual to privacy concerning personal data. Eight years on this issue remains an important one for our profession

See consultation questions 1 – 2.

Section 3: Privacy, ethics and the information professional

Privacy has been identified as being “...one of the most commonly featured values in the codes of ethics of library associations around the world” (Pedley) and is relevant to all sectors and types of organisations within the information profession.

Ethics and values are at the core of CILIP’s PKSB and privacy is mentioned specifically in CILIP’s Ethical Principles and Code of Professional Practice for library and information professionals.

Ethical principles

Number 8: Respect for confidentiality and privacy in dealing with information users.

Code of Professional practice

Section B: Responsibilities to information and its users Number 4: Protect the confidentiality of all matters relating to information users, including their enquiries, any services to be provided, and any aspects of the users' personal circumstances or business.,

Section D: Responsibilities to society Number 4: Strive to achieve an appropriate balance within the law between demands from information users, the need to respect confidentiality, the terms of their employment, the public good and the responsibilities outlined in this Code.

Evidence suggests that without the right to privacy the right to freedom of access to information and freedom of expression is unlikely to be fully exercised. Information professionals have long held an ethical commitment in principle and practice to freedom of access to information and freedom of expression and privacy.

Key issues:

 The digital world has changed the nature of how we access information and resources including government services and this has impacted upon an individual’s privacy

2 Chartered Institute of Library and Information Professionals, (2009) revised 2011. User privacy in libraries: guidelines for the reflective practitioner. CILIP. 6

 It has been claimed that information professionals have been excluded from the design and implementation of new technologies, systems and processes which collect and store personal information. This means that the levels of privacy we can offer users has changed without a corresponding shift in how we as a profession manage this change

See consultation question 3.

Section 4: Digital disruption and the personalisation of services

Digital disruption is the transformation of existing business models caused by new technologies. In this new model individuals are having to surrender a large amount of personal data in order to participate.

One important aspect of digital disruption is the increasing personalisation of services where an individual gives up some privacy in return for more relevant and tailored content being pushed out to them. The trend in personalisation is evident in both commercial transactions between an individual and commercial institutions and in interactions between the individual citizen and the state.

Key issues:

 As institutions, information, knowledge and library services themselves collect personal information. In many cases services are provided by third parties through licensing agreements. Such agreements will determine the information collected from and about users

 Information professionals do not necessarily have a say or might not be aware of what information is being collected, why it is collected, where it will be stored or how it will be used

 The individual citizen must navigate and negotiate the trade off between personalisation and privacy – Is the choice also becoming one between being a participative citizen and a non- participative citizen?

 The right-to-be-forgotten where search engines have been required to remove links to specific personal data on the internet can add to the level of privacy and control that individuals potentially have but this can also provide a challenge for freedom of access to information

Section 5: Data about an individual collected by institutions

Regardless of the type of data collected an important issue for every institution is how to manage the data they collect.

User data 7

Personal data means data which relate to a living individual who can be identified – (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller

Sensitive personal data means personal data consisting of information such as t the ethnic origin of the data subject, their sexuality, religious beliefs, political opinions or health

Integrity of data - Good practice and legal requirements dictate that any personal information kept by institutions should have been collected for a legitimate purpose, be accurate, have currency and be secure. The personal data and information collected and kept by institutions must be proportionate to the purposes to which it has been collected. For institutions (including the state within our model) this is to enable both commercial transactions and access to resources and services.

Shared data – Many organisations wish to share information with other organisations for a variety of reasons including better services to customers; the “once only” principle of collecting personal data to be used by a number (of usually public sector) functions or organisations; supporting research and the greater good of society; and the prevention of crime. In many cases this is to be applauded but, as recent examples in the healthcare sector have shown (see coverage of the data.care programme), it can also raise big concerns about public trust, accountability issues and the individual’s control of their own personal data in a complex information environment

Big data – Increasingly used to describe any data, big data is characterised by the three V’s: Volume (data too big for any one system), Velocity (the measure of how fast data is coming in) and Variety (the range of data types and sources). Big data will often include vast amounts of personal data.

Surveillance – This is dealt with in a separate section of this consultation document

Key issues:

 The opportunities and benefits of mining big data are huge. Whilst individual citizens own their personal data, institutions have the power to exploit the opportunities big data presents. For the state, big data represents a resource for both economic and social gain

 Big data relating to an individual is anonymised. However the technical ability to compare different data sets means individuals can still sometimes be identified.

 Unless there is trust in the systems and processes which collect this information, individual citizens will be reluctant to participate fully in new emerging models. This will diminish the potential gains from big data

See consultation questions 6 - 8.

Section 6: Surveillance

How the state as a “special institution” balances the imperative for transparency and upholding the privacy of individuals with the responsibilities of national security is of especial relevance to our discussions here.

The police and other security agencies have powers to request or demand access to personal data under a number of different statutes. The police have to invoke specific powers under one of the Acts before an organisation is obliged to hand over any user data. The most recent legislation to have an impact upon the user privacy landscape is the Investigatory Powers Act (2016). This Act now requires all communications providers to keep detailed metadata records of all customers for a minimum of twelve months. The number and types of authorities able to request access to this information has been increased from previous legislation.

The Terrorism Act (2006) and the Government’s Prevent Strategy are all relevant to our discussions on user privacy.

Key issues:

 The ability of information professionals to protect a user’s privacy will ultimately always be tempered by certain powers invoked by the state requiring communications providers to collect and retain data

 A professional may start from a position of first principles and an institution will manage data in a way which ensures compliance with privacy laws but there will always be the possibility of a future scenario where this position is contested. Concerns around national security could trump concerns about the negative impact monitoring and surveillance has on an individual’s privacy.

Section 7: The role of the information professional in supporting the citizen

This section will have special relevance to public libraries and publicly funded services and possible relevance to some other services as well.

User education is a large part of what we do in our role as information professionals. Over the past few years digital disruption and the pace of change in new technologies means that supporting individuals is not just about helping them to understand what personal information they are sharing in order to access particular services but in teaching individuals (and this is particularly the case in public libraries in the USA) about how they can limit the amount of information they either unwittingly leave behind them or have to surrender.

Personal Data may also be collected in ways that, for the user at least, are possibly hidden. We deal with the issue of state or other surveillance in a separate section. However when

Policy/ August 2017 CILIP Privacy project - Consultation discussion paper the Internet is accessed a breadcrumb trail of information is created including websites/ pages visited as well as surrendering personal data in order to access online services. It is important to understand that internet filtering, utilised by all public library services and others as well, not only limits (often legitimate) access to content, but also identifies who is looking for material not provided.

Key issues:

 How third parties use and keep this data has particular relevance for citizens accessing resources and information through public libraries.

 Trends in communication technologies and the growth of information generally has impacted on a citizen’s privacy and their ability to enact their rights and responsibilities

 The information profession has, as one of its guiding principles, the wish to achieve an informed democracy, an accountable and transparent state and institutions which behave in an ethical way. In the new information landscape there is a vacuum of accountability and a need to champion the interests of individual citizens.

 There could be a conflict between the professional ethics of an individual professional and those of the institution in which that professional works.

Section 8: Children and vulnerable adults

Children have the same rights as adults under the European Convention of Human Rights but more pertinent here is The UN Convention on the Rights of the Child which the UK ratified in 1991. Article 16 states that no child shall be subjected to arbitrary or unlawful interference with his or her privacy.

Key issues:

 Safeguarding is often the term used in policies aimed at protecting children and often internet filtering is offered up as a tool to achieve this. Whilst being against internet filtering CILIP recognises that some filtering of children’s terminals is regarded as a necessary part of safeguarding. This raises the issue of monitoring and its privacy implications.

 The age at which a child is regarded as having the maturity to understand their rights and responsibilities and to be able to manage their own privacy is an emotive subject. Article 5 of the UN Convention on the Rights of the Child encourages parents to deal with rights issues “in a manner consistent with the emerging capacities of the child”.

Prisoners

Information professionals working in prisons work with prisoners of all ages and abilities to help them to improve their skills thus enabling them to become fully participative citizens on release where they will need the tools to enact their rights and responsibilities.

Key issues:

 Prisoners have extremely limited access to the internet whilst in prison and as such the role of the professional in user education is more limited than in other spheres of the information sector

 Security regimes within a prison will mean there are higher levels of monitoring and surveillance. Within this environment issues around a prisoner’s privacy will have an added dimension. Enabling an individual to “enact their rights and responsibilities” will be more challenging in this space.

Conclusion

Privacy is a growing issue. CILIP wants to identify the role of the information professional in addressing the numerous challenges in upholding the value of privacy across all the contexts in which we work, whether directly serving the public, working in support of the aims and objectives of organisations of all types or helping the state protect its citizens and provide the regulatory framework within which the information economy can thrive. As members of CILIP our ultimate arbiter must be the “public good” and within that the empowerment of the citizen to engage and participate effectively within an information society. All parts of the information profession, including those that do not directly serve the public, have an important role to play in achieving the goal we have set ourselves “to put information and library skills and professional values at the heart of a democratic, equal and prosperous society”.

How can CILIP best help you do this in regard to embracing the importance of the principle of privacy in your work as an information professional, including its relation to the principle of freedom of access to information?

See consultation question 19.

We look forward to receiving your responses to this consultation. Please contact Jacqueline May [email protected] if you have any queries about this consultation or the Privacy project in general.

Appendix 1:

Consultation questions

Question Section 2: What is privacy?

1. How do you define privacy? 2. Why do you think it is important?

Section 3: Privacy, ethics and the information professional

3. Are the existing Ethical Principles and Code of Professional Practice an adequate summation of a professional approach to privacy? How could it be improved?

Section 4: Digital disruption and the personalisation of services

4. As service providers how can institutions best manage the personalisation of services/ customers/ clients to make choices about privacy levels?

5. What role (if any) should information professionals play in advising institutions on best practice?

Section 5: Data about an individual collected by institutions

6. Who manages the data in your institution? 7. What role, if any, do the information professionals have? 8. What role do you think an information professional should have?

Section 6: Surveillance

9. Have you ever experienced a request for information of this nature in your organisation?

10. If yes, was your opinion as an information professional sought on how to handle the request?

11. What are your thoughts on the Investigatory Powers Act (2016) and how it impacts upon an individual’s privacy?

Section 7: The Role of the information professional in supporting the citizen

12. How should information professionals help clients and users to manage their own privacy in a digital environment?

13. Are there limits to what it would be appropriate for information

professionals to advise eg. Use of TOR as a search engine?

14. Should information professionals in institutions providing services be responsible for ensuring that end users are enabled to manage their privacy rights effectively?

Section 8: Children and vulnerable adults

15. What extra protection (if any) should we be offering children? 16. Are there other vulnerable groups who need similar consideration?

Prisoners

17. How do prison librarians protect the privacy of prisoner library users within a prison environment?

18. Does the special situation of prisoners require a different set of guidance around privacy issues?

Conclusion

This inquiry plans to produce the following:

 Published guidance for information professionals

 Other outputs may seen appropriate as the project progresses such as policy statements or an Information Rights Charter (for the user) or Pledge for institutions

19. What would you find useful in your own work?

Policy/ August 2017