From: Peggy E Hoon <[log in to unmask]>
 Date: Thu, 9 Aug 2018 18:43:38 +0000

Our Springer-Nature license was negotiated before the GDPR went into effect so we do not have those terms in our license.  As far as I know, the GDPR really only protects EU citizens, but companies are trying to figure out a one-size-fits all solution since their business is world-wide.  Having said that and understanding that S-N is trying to figure out how they can comply with the GDPR, I still would refuse this clause because the burden is theirs, not ours.  As I understand it, there are severe penalties for not complying but I don’t think they would be penalized for not complying with it with respect to U.S. citizens.  

As I said, the burden is theirs, not ours.  We have 35,000 Authorized Users and I am not going to agree to get consents from all of them.  What if we fail to get “all necessary approvals and consents” - what is that anyway?  Do we then become liable instead of the company?  What if our users refuse or don’t respond.  It is unacceptable to shift this work to your customer.  I don’t agree to ensure that my users follow the terms and conditions of the license (how can I promise that prospectively?), we don’t monitor or police, so we certainly aren’t going to take on this burden.

I would take it to your legal counsel.  The license is with the institution, not the library so the failure and/or obligation would be on the institution.  I doubt they will allow you to legally obligate them in this way.

Best,
Peggy

LSU

Peggy E. Hoon, J.D.
Director of Copyright Policy and Education
LSU Libraries
Louisiana State University 
295 Middleton Library, Baton Rouge, LA  70803 
office 225-578-2218 | fax 225-578-6825 
lsu.edu


From: "Donley, Leah" <[log in to unmask]>
Date: Tue, 7 Aug 2018 12:37:09 +0000

The latest SpringerNature T&C has a section on personally identifiable information (copied below).  Has anyone successfully changed it or do you have standard language that you use instead?  I haven’t come across language like this in any of our other agreements and so far am not having luck negotiating changes.  My main issue is with the first sentence.  It seems unreasonable that we would be responsible for obtaining approvals and consent for a publisher to receive/process pii from our users, not to mention it’s something that I don’t want to get involved with for a variety of reasons.  I would appreciate any suggestions that you may have!

 

 

In the event that Licensor’s performance of its obligations under this License Agreement requires that Licensor receive or otherwise process any personal data of Authorized Users, then Licensee shall obtain, if applicable, all necessary approvals and consent from Authorized Users for transfers of personal data to Licensor.  Personally indentifiable information collected or retained by the licensor is confidential and shall not be released without the prior written and explicit consent of the patron and the licensee

 

 

Thank you,

Leah Donley

 

 

Leah Donley
Research Library
Brookhaven National Laboratory
Tel: 631-344-7469
Email: [log in to unmask]