{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T11:33:24Z","timestamp":1777635204071,"version":"3.51.4"},"reference-count":36,"publisher":"Emerald","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,8,20]]},"abstract":"\n Purpose<\/jats:title>\n The purpose of this paper is to outline the risks and issues libraries face when using a next-generation library services platform (LSP) from the perspective of current data protection requirements. By examining the specific legal obligations in the context of LSP, approaches will be considered to achieve compliance and ways of ensuring patrons\u2019 data protection rights.<\/jats:p>\n <\/jats:sec>\n \n Design\/methodology\/approach<\/jats:title>\n The methods authors applied in this research observe standard legal research methodology, including analysis of legal practice and comparative legal analysis methods to identify key normative elements of library management system (LMS) or LSP compliance with applicable EU data protection requirements. A systematic overview of personal data processing activities usually performed by library services platforms is given with an overview of risks and possible applicable technical or organizational protection measures.<\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n To ensure the rights of library patrons, an LSP needs to meet a number of data protection requirements: provide tools and techniques to provide the patron with insight into his personal data, enable the patron to independently edit their own data in the online interface of the LSP, enable the control of unauthorized access, enable the anonymization of data about the patron and his activities for the purpose of creating statistical reports, enable the library to define mandatory and optional data collected about the patron, provide a function for deleting patron data and\/or patron records after a certain period of time. There are also obligations for libraries, like contractual obligations with vendors, privacy by design and by default and data protection impact assesment.<\/jats:p>\n <\/jats:sec>\n \n Practical implications<\/jats:title>\n Since libraries as data controllers are required to ensure that personal data collected through these platforms is processed in strict accordance with General Data Protection Regulation (GDPR) principles, the research results can be practically applied to adapt the library service platform or to evaluate options when procuring a new platform.<\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n The research contributes to understanding the implementation of specific technical and organizational measures for the protection of library patrons\u2019 personal data processed within library services platforms, including the exercise of data subjects\u2019 rights and privacy by design and by default.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/dlp-11-2024-0183","type":"journal-article","created":{"date-parts":[[2025,5,24]],"date-time":"2025-05-24T05:47:41Z","timestamp":1748065661000},"page":"403-418","source":"Crossref","is-referenced-by-count":2,"title":["Ensuring security of personal data in library services platforms of academic libraries in the EU"],"prefix":"10.1108","volume":"41","author":[{"given":"Anita","family":"Katulic","sequence":"first","affiliation":[{"name":"National and University Library in Zagreb , Zagreb,","place":["Croatia"]}]},{"given":"Tihomir","family":"Katulic","sequence":"additional","affiliation":[{"name":"University of Zagreb Faculty of Law, , Zagreb,","place":["Croatia"]}]}],"member":"140","published-online":{"date-parts":[[2025,5,27]]},"reference":[{"key":"2025081810563061300_ref001","unstructured":"Bettinger, E.C., Bursic, M. and Chandler, A. (2023), \u201cDisrupting the digital status quo: why and how to staff for privacy in academic libraries\u201d, whitepaper published as a component of the Licensing Privacy Project, Cornell University Library, available at:https:\/\/hdl.handle.net\/1813\/113264"},{"key":"2025081810563061300_ref002","unstructured":"Bradford, A.\n (2012), \u201cThe brussels effect\u201d, Northwestern University Law Review, Columbia Law and Economics Working Paper, No. 533, Vol. 107 No. 1, available at:https:\/\/ssrn.com\/abstract=2770634"},{"key":"2025081810563061300_ref003","doi-asserted-by":"publisher","DOI":"10.1093\/oso\/9780190088583.001.0001","volume-title":"How the European Union Rules the World Oxford","author":"Bradford","year":"2019"},{"issue":"10","key":"2025081810563061300_ref004","first-page":"2","article-title":"Smart libraries Q&A: differences between ILS and LSP","volume":"40","author":"Breeding","year":"2020","journal-title":"Smart Libraries Newsletter"},{"key":"2025081810563061300_ref005","author":"Charillon","year":"2018"},{"key":"2025081810563061300_ref006","unstructured":"Charter of Fundamental Rights of the European Union\n (2012), \u201c\/C 326\/02\u201d, available at:https:\/\/eur-lex.europa.eu\/eli\/treaty\/char_2012\/oj"},{"key":"2025081810563061300_ref007","article-title":"Research skills","author":"Curry-Sumner","year":"2010"},{"key":"2025081810563061300_ref008","unstructured":"Danielisov\u00e1, T., Den\u00e1r, M. and Kov\u00e1\u0159ov\u00e1, P. (2018), \u201cOchrana osobn\u00edch \u00fadaj\u016f \u2013 p\u0159\u00edru\u010dka pro knihovny\u201d, N\u00e1rodn\u00ed knihovna \u010cesk\u00e9 republiky; Knihovnick\u00fd institut, Praha, available at:https:\/\/ipk.nkp.cz\/docs\/gdpr\/prirucka-gdpr"},{"issue":"3","key":"2025081810563061300_ref009","doi-asserted-by":"publisher","first-page":"pp731","DOI":"10.1108\/JD-08-2019-0151","article-title":"Information encountering re-encountered: a conceptual re-examination of serendipity in the context of information acquisition","volume":"76","author":"Erdelez","year":"2020","journal-title":"Journal of Documentation"},{"key":"2025081810563061300_ref010","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1177\/01655515231160026","article-title":"Digital information security management policy in academic libraries: a systematic review (2010\u20132022)","author":"Farid","year":"2023","journal-title":"Journal of Information Science"},{"key":"2025081810563061300_ref011","volume-title":"The Fourth Revolution: How the Infosphere Reshaping Human Reality","author":"Floridi","year":"2014"},{"key":"2025081810563061300_ref012","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-319-05023-2","volume-title":"Emergence of Personal Data Protection as a Fundamental Right in the EU","author":"Gonzalez Fuster","year":"2014"},{"key":"2025081810563061300_ref013","unstructured":"IFLA\n (2012), \u201cIFLA\u2019s code of ethics for librarians and other information workers\u201d, available at:www.ifla.org\/wp-content\/uploads\/2019\/05\/assets\/faife\/publications\/IFLA%20Code%20of%20Ethics%20-%20Long_0.pdf"},{"key":"2025081810563061300_ref014","first-page":"3","volume-title":"Intellectual Freedom Manual","author":"Jones","year":"2015"},{"issue":"3","key":"2025081810563061300_ref015","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1080\/10572317.2023.2231715","article-title":"Moving libraries toward digital transformation","volume":"55","author":"Kempf","year":"2023","journal-title":"The International Information and Library Review"},{"key":"2025081810563061300_ref016","first-page":"483","article-title":"A typology of privacy","volume":"38","author":"Koops","year":"2016","journal-title":"University of Pennsylvania Journal of International Law"},{"issue":"3","key":"2025081810563061300_ref017","doi-asserted-by":"publisher","first-page":"374","DOI":"10.1108\/LHT-09-2018-272","article-title":"Library management and innovation in the big data era","volume":"36","author":"Liu","year":"2018","journal-title":"Library Hi Tech"},{"issue":"2","key":"2025081810563061300_ref018","doi-asserted-by":"publisher","DOI":"10.1016\/j.acalib.2022.102505","article-title":"Are library vendors doing enough to protect users? A content analysis of major ILS privacy policies","volume":"48","author":"McKinnon","year":"2022","journal-title":"The Journal of Academic Librarianship"},{"key":"2025081810563061300_ref019","doi-asserted-by":"crossref","DOI":"10.29085\/9781783303687","volume-title":"Information Law: Compliance for Librarians, Information Professionals and Knowledge Managers","author":"Oppenheim","year":"2020"},{"key":"2025081810563061300_ref020","doi-asserted-by":"crossref","DOI":"10.3139\/9783446431164","volume-title":"The Filter Bubble: what the Internet is Hiding from You","author":"Pariser","year":"2012"},{"key":"2025081810563061300_ref021","volume-title":"A Practical Guide to Privacy in Libraries","author":"Pedley","year":"2020"},{"key":"2025081810563061300_ref022","unstructured":"Quinn, B.\n (2021), \u201cData protection implementation guide: a legal, risk and technology framework for the GDPR\u201d, Wolters Kluwer, Kluwer Law International, Alphen aan den Rijn."},{"key":"2025081810563061300_ref023","first-page":"387","article-title":"Intellectual privacy","volume":"87","author":"Richards","year":"2008","journal-title":"Texas Law Review"},{"key":"2025081810563061300_ref024","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1177\/09610006241259495","article-title":"Effects of big data analytics on university libraries: a systematic literature review of impact factor articles","author":"Shahzad","year":"2024","journal-title":"Journal of Librarianship and Information Science"},{"issue":"2","key":"2025081810563061300_ref025","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1108\/DLP-10-2022-0079","article-title":"Developing a big data analytics platform using apache hadoop ecosystem for delivering big data services in libraries","volume":"40","author":"Singh","year":"2024","journal-title":"Digital Library Perspectives"},{"key":"2025081810563061300_ref026","unstructured":"Van Canneyt, T., Bertrand, A., Crouzet, S. and Vanderdonckt, L. (2021), \u201cData protection: CJEU case law review 1995-2020\u201d, Computerrecht 2021\/56, Afl. 1A - maart 2021, pp. 78-144, available at:www.dpcuria.eu\/case-law-review-1995-2020.pdf"},{"issue":"2","key":"2025081810563061300_ref027","first-page":"219","article-title":"A compliant and secure IT infrastructure for the national library of Greece in consideration of internet security and GDPR","volume":"9","author":"Vavousis","year":"2020","journal-title":"Qualitative and Quantitative Methods in Libraries"},{"issue":"3","key":"2025081810563061300_ref028","first-page":"54","article-title":"Moving forward: the next-gen catalog and the new discovery tools","volume":"30","author":"Weare","year":"2011","journal-title":"Library Media Connection"},{"issue":"6","key":"2025081810563061300_ref029","doi-asserted-by":"publisher","first-page":"1930","DOI":"10.1108\/LHT-07-2021-0239","article-title":"A comprehensive study to the protection of digital library readers\u2019 privacy under an untrusted network environment","volume":"40","author":"Wu","year":"2022","journal-title":"Library Hi Tech"},{"issue":"2","key":"2025081810563061300_ref030","doi-asserted-by":"publisher","first-page":"561","DOI":"10.1177\/0961000617742451","article-title":"Understanding big data in librarianship","volume":"51","author":"Zhan","year":"2019","journal-title":"Journal of Librarianship and Information Science"},{"key":"2025081810563061300_ref031","first-page":"71","volume-title":"Getting Started with Cloud Computing: A LITA Guide","author":"Breeding","year":"2011"},{"key":"2025081810563061300_ref032","unstructured":"GDPR Regulation (EU)\n (2016), \u201c\/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95\/46\/EC (general data protection regulation)\u201d, available at:https:\/\/eurlex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=CELEX:32016R0679&from=EN"},{"key":"2025081810563061300_ref033","unstructured":"Handbook on European Data Protection Law\n (2018), \u201cPublications office of the European Union, Luxembourg\u201d, available at:https:\/\/fra.europa.eu\/en\/publication\/2018\/handbook-european-data-protection-law-2018-edition"},{"key":"2025081810563061300_ref034","doi-asserted-by":"crossref","DOI":"10.1093\/oso\/9780198826491.001.0001","volume-title":"The EU General Data Protection Regulation (GDPR): A Commentary","author":"Kuner","year":"2020"},{"key":"2025081810563061300_ref035","doi-asserted-by":"crossref","unstructured":"Lynch, C.A.\n (2019), \u201cReader privacy: the new shape of the threat\u201d, Research Library Issues No. 297, pp. 7-14, available at:https:\/\/publications.arl.org\/16ivjbv\/","DOI":"10.29242\/rli.297.2"},{"key":"2025081810563061300_ref036","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-031-62328-8","volume-title":"The EU General Data Protection Regulation (GDPR): A Practical Guide","author":"Voigt","year":"2024","edition":"2nd ed"}],"container-title":["Digital Library Perspectives"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/DLP-11-2024-0183\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/dlp\/article-pdf\/41\/3\/403\/10076280\/dlp-11-2024-0183en.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/www.emerald.com\/dlp\/article-pdf\/41\/3\/403\/10076280\/dlp-11-2024-0183en.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,18]],"date-time":"2025-08-18T14:56:45Z","timestamp":1755529005000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.emerald.com\/dlp\/article\/41\/3\/403\/1248773\/Ensuring-security-of-personal-data-in-library"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,27]]},"references-count":36,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,8,20]]}},"URL":"https:\/\/doi.org\/10.1108\/dlp-11-2024-0183","relation":{},"ISSN":["2059-5816","2059-5824"],"issn-type":[{"value":"2059-5816","type":"print"},{"value":"2059-5824","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,5,27]]}}}