Annual Meeting Report

The Ethics of GDPR

By: Liz Haberkorn
Haberkorn L. The ethics of GDPR. Sci Ed. 2019;42:e9-e10.
December 30, 2019
Download Article
Ethics Legal Issues Open Science Publishing Standards & Guidelines

MODERATORS:
Jennifer Cox
Editorial Client Manager
J&J Editorial, LLC
Cary, North Carolina

Jennifer Mahar
Managing Editor
Origin Editorial
Pembroke, Massachusetts

SPEAKERS:
Pamela Miller
Special Projects
New England Journal of Medicine
Waltham, Massachusetts

David Riley
Editor-in-Chief
Integrative Medicine Institute

Heather Tierney
Manager, Publication Ethics
American Chemical Society
Washington, DC

REPORTER:
Liz Haberkorn
Managing Editor
American Pharmacists Association
Washington, DC

I was not sure what to expect as I entered the GDPR session. After all, I had to Google just what “GDPR” meant when I agreed to report on this session. Part of my interest in attending the “ethics clinic” was to educate myself on an unfamiliar topic. As it turned out, the session would begin with a short but thorough rundown on just what GDPR stood for, literally and figuratively: General Data Protection Regulation (GDPR) is a regulation in European Union law that pertains to data protection and privacy for all individuals within the European Union. It also pertains to the export of personal data outside the European Union.

But I’m American! What does this possibly have to do with me?

As it turns out, GDPR affects anyone who has a publication, works on a publication, or has a publication that has a contractual relationship with a publisher. This became apparent while the presenters led discussions on cases that involved GDPR ethics and compliancy. The ethics clinic was sponsored by the Editorial Policy Committee and the Committee on Publication Ethics (COPE). The two organizations come together to provide up-to-date information for ethical issues in publishing. In this ethics clinic, we explored the ethical side to GDPR, privacy practices, and how to handle these rules within the editorial office, as publishers and editors.

Each member of the panel presented a case to the audience, four cases in all, and the audience, all seated at round tables, were to discuss each case among themselves, weighing the pros and cons of the situation. They were to consider: Was this case ethical? Was it GDPR compliant? What would YOU do if you were the editor/publisher involved in this particular case? Perhaps you have had your own experiences with GDPR, which you were invited to share with the group. It was more of an open-ended discussion rather than a session, after all.

And maybe you had an experience but were unaware that you were actually experiencing a GDPR situation.

A brief review of the cases follows.

Case 1

The first case involved “right to be forgotten” legislation about the removal of a paper that had the potential to ruin reputations (i.e., libel). The journal was willing to retract the article in question, however, the original article would still be available per policy. The consensus of the audience was that the copyright clause the authors signed should be taken into consideration, and whether the authors agreed to the journal’s policy that stated these terms.

Case 2

The second case involved an author list of those who had “opted-in” or “opted-out” to being contacted for future surveys. Other than these two lists, a list of authors who neither opted-in nor opted-out was provided as well. After discussion, the audience seemed to agree that the best solution was to use both opted-in and neither-opted lists for contact, as long as those neither-opted authors were U.S. citizens.

Case 3

The third case involved “terms of use” issues regarding an online writing course that was launched before GDPR was put into effect, and what that course had to do in order to become GDPR compliant going forward. Points to consider consisted of length of storage data from everyone who took the course and resided in the EU; server location; type of data collected; opt-in/opt-out requirements; and legal review of the material.

Case 3B

This case stemmed from Case 3 and involved a person who had taken that same online writing course but had since moved out of the EU. So the question became: Who had jurisdiction over his information?

It is important to note that no one on the panel was a lawyer, and therefore could not provide a legal perspective or solution in any of these presented cases. Many a comment from the audience of primarily editors and publishers was a demand to speak to their lawyers.

The CSE Editorial Policy Committee greatly appreciates your ideas and suggestions and values your comments and input from the community in general. You are encouraged to reach out to the CSE Editorial Policy Committee members.