Data Privacy and Security
Please read and understand the data privacy and security policy
of the university:
The realm of scholarly publishing raises a number of considerations for
compliance with GDPR, particularly around the regulation’s core principle of
the right to be forgotten.
One function of scholarly publishing is to produce a historical record of the process involved in reviewing, editing, and publishing research and scholarship, with its own norms of confidentiality and privacy.
As such, this form of publishing falls within what the GDPR recognizes as a need “to reconcile the right to the protection of personal data pursuant to this Regulation with the right to freedom of expression and information, including processing for journalistic purposes and the purposes of academic, artistic or literary expression” (GDPR, Article 85).
More specifically, the GDPR specifies that “the right of erasure” (Article 17) holds in situations in which “the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.”
In scholarly publishing, data concerning the authors, editors, reviewers, and others involved in the editorial and publishing process remains necessary for the purposes of the journal or press, and, as such, forms part of a record that the GDPR allows “for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes the preservation of which is in the public interest” (Recital 65).
The data collected from registered and non-registered users of this publication system falls within the scope of the standard functioning of scientific publishing. It includes information that makes communication possible for the editorial process; it is used to inform readers about the authorship and editing of content; it enables collecting aggregated data on readership behaviours, as well as tracking geopolitical and social elements of scholarly communication. Those involved in the publishing process seek to be compliant with standards for data privacy, including the European Union’s General Data Protection Regulation (GDPR) provision for “data subject rights” that include
- (a) breach notification;
- (b) right of access;
- (c) the right to be forgotten;
- (d) data portability; and
- (e) privacy by design.