Name: Privacy and COUNTER Usage Data

Description: Privacy and COUNTER Usage Data

Thumbnail URL: https://cadmoremediastorage.blob.core.windows.net/f744bb9d-a7fe-44ff-8673-0a65d6f8a43d/videoscrubberimages/Scrubber_1.jpg?sv=2019-02-02&sr=c&sig=NrfC2wcpZfa3nVh%2BPW9jS13QTwmTyDd4JsvczDoZcME%3D&st=2025-10-31T07%3A52%3A33Z&se=2025-10-31T11%3A57%3A33Z&sp=r

Duration: T00H09M07S

Embed URL: https://stream.cadmore.media/player/f744bb9d-a7fe-44ff-8673-0a65d6f8a43d

Content URL: https://cadmoreoriginalmedia.blob.core.windows.net/f744bb9d-a7fe-44ff-8673-0a65d6f8a43d/COUNTER 22 - CLASS 1.mp4?sv=2019-02-02&sr=c&sig=hWEuI8Muazl%2F4MG4T0D0WtyGR01lQX6AFrN0SuZu%2FYE%3D&st=2025-10-31T07%3A52%3A33Z&se=2025-10-31T09%3A57%3A33Z&sp=r

Upload Date: 2022-02-04T00:00:00.0000000

Transcript: Language: EN.
Segment:0 .
Welcome to this COUNTER Foundation class on user privacy. This class explains how COUNTER requires content providers to protect user privacy at both the individual and the institutional level. The COUNTER Code of Practice has always required content providers that is publishers to comply with all relevant user privacy and data protection laws when they're collecting and processing the data needed to create COUNTER reports.
The European General Data Protection regulations, or GDPR, are considered to be among the most stringent privacy and security laws in the world, meaning that any content provider that complies with GDPR is highly likely to be compliant with other privacy regulations by default. Content providers within the EU and the UK are required to comply with GDPR or face large fines. A very large proportion of content providers based elsewhere have also elected to comply with the GDPR.
So that they may continue working with institutions and researchers in the EU. GDPR states that he uses IP address is considered to be personal data. While institutional IP addresses are not considered to be personal data. Beyond the requirement to comply with privacy and security laws, section 10.2 of the counter code of practice also deals explicitly with issues around privacy and user confidentiality.
First, we specify that content providers cannot release or sell anything that reveals information about individual users without explicit permission to do so from the individual and from any institution or consortium with which they are affiliated. Second, the Code of Practice states that institutional level usage data is also protected and cannot be released or sold without the permission of the institution. Where an institution is part of a consortium, the consortium itself is similarly protected.
The only exception to this is that consortia administrators are able to access reports on behalf of their member institutions. Some content providers are content aggregators, and these groups are permitted to provide institutional and consortia COUNTER data to the original publisher. For example, an abstracting and indexing service may well provide usage reports to publishers as part of the indexing agreement.
However, they are not permitted to share information about individual users with the original publisher. Total usage of publisher platforms is built up of non attributed and attributed usage, though most open access platforms will only have non-attributed usage. Usage that cannot be identified as belonging to an institution should be attributed to the world and within that attributed, non-attributed split, where the content is paywalled or free to read or open access is a secondary question.
Let's consider a scenario in which a user, Sam, is visiting a publisher platform. The first thing the platform will do, usually invisibly, is check to see whether Sam can be authenticated. That is, does their IP match and institution's records. Have they already logged in with shibboleth and so on? If Sam can be authenticated as belonging to an institution, in this case, University Beta, all of their usage will be attributed to that institution and will appear in the counter reports generated for the institution.
If Sam cannot be authenticated, they may still be able to use content, open access or free to read material, for example, and the platform will still track that usage, but it cannot be attributed to a particular organization. The usage will therefore show up only in COUNTER reports generated for the world as aggregated information. If you would like to learn more about attribution and the world reporting, please watch the foundation class titled Reporting to the World COUNTER for open access.
In the scenario outlined above, Sam's use of privacy is protected in several ways. One, as Sam was authenticated using IP recognition. There is no record of their personal data. If Sam had elected to log in using a form of personal login, such as a username, password combination or a Federated system such as shibboleth, the content provider would have a little more information about Sam as a user, but that would not appear in COUNTER reports.
COUNTER, therefore, applies a second level of protection. Our reports are produced at the level of either the World or an institution with no more granular information about individual users. When platforms collect user data at all, which they may do, but only in compliance with privacy and security legislation, that information must be stripped out as part of the process of generating COUNTER reports.
And three, as a final layer of privacy protection. COUNTER reports do not include information on the number of users from an institution, nor do they show behavioral patterns, such as the roots a user may navigate through a platform. In all scenario, Sam was authenticated as being associated with University Beta through their institutional IP address. IP recognition is a very common form of authentication with other options such as shibboleth username, password, seamless access and GetFTR also playing a role.
Because of the historic reliance on institutional IP as a mechanism of determining whether a user was associated with an institution that held a subscription and should therefore be granted access to subscribed content, many content providers use institutional IP recognition as the primary mechanism for generating institutional COUNTER usage reports. However, they will, of course, include within those institutional reports, any usage that was associated with the institution through another authentication mechanism.
Many users arrive at publisher platforms from a personal that is non-institutional IP address, for example, when they are working from home or are traveling. Personal IP addresses are considered personal data under the terms of GDPR and thus governed by that very strict privacy legislation. Users coming from a personal IP address may still be able to access materials on the platform.
For example, free or OA content, but none of their usage will appear in an institutional COUNTER report unless they choose to log in as part of an institution, for example, via VPN or shibboleth. Fully open access publishers typically do not have records of institutional IP ranges for the simple reason that open access content does not require users to be authenticated before they can access the material.
It can therefore be quite difficult for fully OA publishers to create institution level COUNTER reports, though they can, of course, report total usage through counters, the world reporting option. As libraries become increasingly interested in the usage of open access content, some fully open access publishers are using databases of IP ranges for institutions around the world to generate institution-level COUNTER reports, complementing the World Reports.
As with any COUNTER report, the reports generated by using these databases of IP ranges include only aggregated information about usage by any user within the institution's IP range. No personal data about individual users is included. Even when a publisher uses IP ranges to log usage, the vast majority of usage cannot be attributed to any institution. To address this issue, as well as making it possible for fully open access publishers to report without subscribing to an IP database, there is an extension in COUNTER Release 5 that publishers can use to report the world usage.
The World Reports include the same metrics and look the same as an institutional COUNTER report, but include total usage of content items, whether or not the usage could be attributed to an institution. As with all counter reports, these the World Reports do not contain any information about individual users. Thank you for watching. Visit our media library to view more Foundation Classes and find out more information about COUNTER.

Cadmore media player playing video Privacy and COUNTER Usage Data

Video Player

Transcript

Segments

End of Video Player Control