A5: Your Top Ten Legal Issues To Be Thinking About Now

In parallel session A5: Your Top Ten Legal Issues To Be Thinking About Now the facilitator Jason Miles-Campbell applauded us for turning up to his session on a hot, Tuesday afternoon and started off by giving us a brief over view of the JISC Legal role.

We then used the voting pads to decide on which legal issue we wanted to hear about first. The order was as follows:

1. Cookies

European Union e-privacy directive has been amended to state that explicit consent must be given before cookies can be used. No detail in implementation has been given and nothing to be enforced for 12 months (May of 2012). This means 12 months for Web manager to work out how to do this i.e. so that users actually see that they are accepting cookies.

The possible options are to change your site to be compliant (you can only get out of it if cookie is necessary for strict function of Web site). You could have an entry page that says that people have agree to cookies or you could take some steps in preparation but wait to implement and see what happens. Alternately could not do anything, lobby the government and hope that it is sorted out by next year. Note that Google Analytics code counts as a cookie. JISC Legal plan to come up with some guidance in this area.

Some institutions are already dealing with this by relying on a privacy statement. To sum up this is a problem that wasn’t there that someone has tried to solve!

2. Legalities of the Cloud

A number of legal issues the come up, primarily data protection and that data cannot move outside the European Union unless certain criteria have been met. Safe harbour is the US way of getting round this – Google and Microsoft have signed up to it, Amazon have suggested that they will have an EU base. Google said they would use a base in Ireland, but their agreement is still not ready. What students have in their email is not related to data protection, but staff email is and is held on behalf of the university.

JISC Legal already have briefing papers on this area.

3. Your Institution’s Risk Appetite

Jason explained that this is a grey area and we have to live with it. However it is worth knowing that being how much risk you take depends on what your aims are and being very risk adverse hampers your mission. Your institution risk appetite needs to be explicit and supported (when things go wrong), possibly in the form of a risk policy. The EDINA social media guidelines are suggested as a useful resource.

Jason gave the analogy of medicine where surgeons are allowed to do pioneering surgical procedures in order to ‘move on’ in medicine, risk is mitigated, but there are still risks.

4. The Digital Economy Act

We’ve all heard of the DEA – legislation that specifies that copyright infringement by a user can result in a termination of the infringers’ Internet connection. The suggestion is that if there are 3 copyright infringements then the JANET connection will be cut off – this is totally unworkable. There needs to be some balance here with regard to copyright and monitoring infringement. Web managers don’t necessarily need to take action but you do need to educate your users and encourage appropriate respect for copyright.

5. Mobile Learning

No law has changed but the technology is constantly moving on. Lots of new technologies such as geolocation, tracking data, augmented reality have recently hit the mainstream – quite often technologies move on without considering all the issues. Often there are papers and policies in this area, for example there is a new paper coming out on data encryption. Our role (could be) to ensure that the pursuit of technology doesn’t overtake consideration of relevant issues

6. Proper Data sharing

As a sector we are pretty good in this area. You can already sign up to the privacy promise pledge made by the information commissioner, but there has been suggestions that we could share more, for example by annonymisation. However there are cases when data sharing can affect lives so we need to bear this in mind.

There were a couple of areas that we didn’t have time for:

• Protection of Freedoms Bill
• Using Licences Well
• The Equality Act 2010
• Your Champions and Support

This slide is also available on Slideshare.

It turns out that the Information Commissioner is based in Wilmslow, Jason’s suggestion was that you base yourself as far away from there as possible!!