2018 Aug 9
Several online resources are using the EU’s DPD to force users to consent to their personal info being collected by the resource in order to use the resource, e.g. Wolters Kluwers’ UpToDate, Lexicomp, and Lippincott Nursing modules:
“This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Continue or find out more.”
One problem is that their privacy policies say giving permission to the use of cookies allows the following:
[These excerpts are from
“Wolters Kluwer Health, Inc. Privacy Policy” at the Lippincott Williams & Wilkins site
https://journals.lww.com/_
We may also use third party vendors to identify users and deliver interest-based content and advertisements. Our partners may collect information directly from your device, such as your IP address, device ID and information about your browser or operating system, may combine our Personal Information and Other Information about you with information from other sources, and may place or recognize a unique cookie on your browser.
. . .
Flash Cookies. To personalize your visit, our websites and applications may use
local shared objects, known as "Flash cookies", to store your preferences or display content based on your use of our websites. Flash cookies collect and store different information than browser cookies. Your browser’s cookie management tools may not remove
Flash cookies. To learn how to manage privacy and storage settings for Flash cookies click here:
http://www.macromedia.com/
. . .
“Do Not Track” Signals. Some Web browsers incorporate a “Do Not Track” feature that signals to Web sites that you do not want to have your online activity tracked. However, these Web browsers communicate “Do Not Track” signals differently, making it unworkable to consistently honor such requests. As a result, our Web Services are not designed to respond to “Do Not Track” signals.
. . .
By providing your Personal Information you give express consent to transfer your Personal Information to our affiliates globally and to third party entities that provide services to us.
[ but later says but WK is not responsible for the privacy policies of those affiliates.]
. . . We reserve the right to change this Privacy Policy at any time by posting a new or revised statement.
Per UpToDate’s version at
https://www.uptodate.com/
“ The process for notifying you of any changes to our Privacy Policy is
(Note the UpToDate policy does not allow you to copy and paste any portion of the document, nor is there the option of downloading a pdf. The only way to get a copy appears to be to print it , or use Snipit to copy portions.)
But they don’t have to post a notice on the resource that the policy has changed, nor identify what has changed. You‘ll have to eyeball both to determine what the changes are.
I’ve emailed [log in to unmask] but haven’t gotten an answer , except an email flashed saying “undeliverable” and then disappeared!
Catherine
Catherine Moore
|
Library Manager | Signature Healthcare Brockton Hospital | Health Sciences Library
680 Centre Street, Brockton MA 02302-3308| Tel 508-941-7208 |
catherinemoore@signature-
“Trusting that one source has all you’ll ever need, is believing that a small group of men in the universe are know-it-alls.”
From: John Cox <[log in to unmask]>
Date: Wed, 8 Aug 2018 10:39:47 +0100
This has come about because of the new Data Protection Directive that has been enacted by the European Union and came into force in May this year. SpringerNature, like any other publisher based within the European Union, AND any publisher (regardless of location within or outside the EU) that supplies its publications to any institution within the EU and keeps any personal data on European citizens, is obliged by law to comply with the provisions of the Directive. It is really targeting the large internet behemoths like Facebook, Google etc that amass data on individuals and exploit it commercially in all sort of ways. The Directive may be a sledgehammer to crack a nut, but it is the law.
Essentially, this means obtaining consent from any individual whose data may be required to be kept by the publisher in order to provide the publication or access to the digital version online. Publishers are not trying it on. They are simply trying to comply with the law. The library is probably best positioned to obtain any consents that may be necessary.
I would ask any publisher that has introduced such a clause into its licences for explicit guidance on how this is to be done in the institution’s context.
John Cox
Rookwood, Bradden
Towcester NN12 8ED
United Kingdom
Tel: +44 (0) 1327 861184
Email: [log in to unmask]
From: "Donley, Leah" <[log in to unmask]>
Date: Tue, 7 Aug 2018 12:37:09 +0000
The latest SpringerNature T&C has a section on personally identifiable information (copied below). Has anyone successfully changed it or do you have standard language that you use instead? I haven’t come across language like this in any of our other agreements and so far am not having luck negotiating changes. My main issue is with the first sentence. It seems unreasonable that we would be responsible for obtaining approvals and consent for a publisher to receive/process pii from our users, not to mention it’s something that I don’t want to get involved with for a variety of reasons. I would appreciate any suggestions that you may have!
In the event that Licensor’s performance of its obligations under this License Agreement requires that Licensor receive or otherwise process any personal data of Authorized Users, then Licensee shall obtain, if applicable, all necessary approvals and consent from Authorized Users for transfers of personal data to Licensor. Personally indentifiable information collected or retained by the licensor is confidential and shall not be released without the prior written and explicit consent of the patron and the licensee
Thank you,
Leah Donley
Leah Donley
Research Library
Brookhaven National Laboratory
Tel: 631-344-7469
Email: [log in to unmask]