 |
The Rules of AccessThe reason that access permissions are so important is that there can be legal ramifications if you provide access to something when you don’t have permission to, even if you are not making money in the process. The main legal concerns to be aware of are ownership rights and personal data sharing. This level covers both in more detail. |
Copyright
The key ownership rights to consider are covered by Copyright, which is an intellectual property right automatically granted to the creator of any original work that can be seen, heard, or performed. Copyright applies to many types of works, including books, music, photographs and images, paintings, poems and sound recordings. It protects original works from being copied, distributed, or performed without the copyright owner's permission., unless you have permission from the copyright owner, or an exception to copyright applies.
Copyright law in the UK states that copyright expires after a set period of time - typically seventy years after the author’s death for literary, artistic, musical or dramatic works. However, durations differ depending on the work. You can find out more here,
If a donation to your collection is covered by copyright, it is possible for the copyright owner to license or transfer the rights to you. You should get specialist advice to draft the relevant deposit agreement
There are number of ways that contributors can license their works for reuse if they own the copyright. The most widely used set of ‘open licences’ are provided by Creative Commons. These enable reuse and sharing of copyright content via a range of freely available licences.
If you would like more information, the team at copyrightliteracy.org have produced a short film and training pack that can be accessed here.
General Data Protection Regulations (GDPR)
It is important that every individual knows where data about them exists and what it is being used for. GDPR is legislation governing this process that makes sure there are consequences when it does not happen. GDPR is based on 7 core principles which must be followed when processing personal data;
-
Lawfulness, fairness, and transparency: Be transparent about how personal data is collected and used
-
Purpose limitation: Only collect and keep data for the specific purposes it was originally intended for and consented to
-
Data minimization: Limit the amount of personal data collected to what is necessary
-
Accuracy: Ensure the information published is accurate
-
Storage limitation: Delete or anonymize personal data once it is no longer needed
-
Integrity and confidentiality: Keep data secure from internal or external threats
-
Accountability: Demonstrate that processing activities comply with the GDPR and keep records of those activities
The donor form you created in level 2 should contain information about how you will handle people’s data. Everyone should also have the option to opt out at any time or not donate to your service if they don’t want their data processed in the manner you have documented.
Take Down Policy
Always consider offering a “Contact us” or “Request correction/removal” option (often referred to as a “Take-down policy”) on your site This will allow anyone who may have issue to get in touch with you. This can be as simple as providing an email address that is regularly monitored, or an online feedback form. Whilst this does not confer any legal protection, it shows that you are responsive to the concerns of users, rights holders, and affected parties, and may help mitigate the consequences of any mistakes, unintended infringement, or causes of offence.
|
There is a wealth of information online about both GDPR and Copyright if you want to find out more. If all else fails always fall back to level one of this topic and never provide access to content you don’t own. It is better to be safe than sorry. |
 |