The Rules of AccessThe reason that access permissions are so important is that there can be legal ramifications if you provide access to something when you don’t have permission to, even if you are not making money in the process. The main legal concerns to be aware of are ownership rights and personal data sharing. This level covers both in more detail. |
Copyright
The key ownership rights to consider are covered by Copyright, which is an intellectual property right automatically granted to the creator of any original work that can be seen, heard, or performed. Copyright applies to many types of works, including books, music, photographs and images, paintings, poems and sound recordings. It protects original works from being copied, distributed, or performed without the copyright owner's permission.
Copyright law in the UK states that works created on or after January 1, 1978, have a copyright term of the life of the author plus seventy years after the author's death, but this is not always the case. If you are unsure, a copyright specialist should always be consulted.
If a donation to your collection is covered by copyright, it is possible for this to be waived or transferred to you, but this should be done in accordance with legal advice.
Schemes such as Creative Commons provide a mechanism for contributors to licence content that they contribute to an archive in a variety of ways.
General Data Protection Regulations (GDPR)
It is important that every individual knows where data about them exists and what it is being used for. GDPR is legislation governing this process that makes sure there are consequences when it does not happen. GDPR is based on 7 core principles which must be followed when processing personal data;
-
Lawfulness, fairness, and transparency: Be transparent about how personal data is collected and used
-
Purpose limitation: Only collect and keep data for the specific purposes it was originally intended for and consented to
-
Data minimization: Limit the amount of personal data collected to what is necessary
-
Accuracy: Ensure the information published is accurate
-
Storage limitation: Delete or anonymize personal data once it is no longer needed
-
Integrity and confidentiality: Keep data secure from internal or external threats
-
Accountability: Demonstrate that processing activities comply with the GDPR and keep records of those activities
The donor form you created in level 2 should contain information about how you will handle people’s data. Everyone should also have the option to opt out at any time or not donate to your service if they don’t want their data processed in the manner you have documented.
Take Down Policy
Always consider offering a “Contact us” or “Request correction/removal” option (often referred to as a “Take-down policy”) on your site This will allow anyone who may have issue to get in touch with you. This can be as simple as providing an email address that is regularly monitored, or an online feedback form. Whilst this does not confer any legal protection, it shows that you are responsive to the concerns of users, rights holders, and affected parties, and may help mitigate the consequences of any mistakes, unintended infringement, or causes of offence.