Museums plead with government to exempt them from strict new privacy rules
Image credit: Dreamstime
World-famous showcases of dinosaur bones, portraiture and war planes fear the forthcoming General Data Protection Regulation (GDPR) obligation to obtain explicit consent to hold personal data could stretch finances and lead curators to lose track of valuable artefacts.
Museum curators will be beset by a bureaucratic nightmare and some art galleries could be in danger of being closed down unless they are exempted from the most onerous parts of a strict new privacy regime set to come into force in the UK next year.
The General Data Protection Regulation (GDPR) originated from the European Union as a means of handing people greater control over the vast quantities of personal information which global technology giants regularly extract and process to generate huge profits.
Insiders who work in the UK museums sector have warned of “unintended consequences”, however, saying there is a risk that world-famous cultural attractions will be pitched into financial oblivion or buried in a heap of bureaucracy because of obligations to painstakingly sift through legacy data to ensure they have obtained explicit consent from all “data subjects”.
Keeping contact details on file could become much more burdensome under the new rules, leading curators to wonder whether they will soon struggle to keep track of artworks and museum pieces loaned out for display elsewhere or artefacts in private collections which they might want to acquire.
Alistair Brown, a Museums Association policy officer, said: “The key issue for museums is actually around that area of obtaining specific consent, as required by the regulation.
“That’s probably going to be a bit of a problem for museums which hold personal data attached to objects in their collections, as well as other data they might hold in relation to market research and friends groups, which I think is a headache for lots of organisations.
“The whole challenge is, if they are then expected to go back through their collections and check to make sure all the required consent has been given, and if they will have to do that all at once by May 2018 [when the regulations will come into force], that’s an enormous task.”
Alexandra Fitzsimmons, a lecturer in Museum Studies at Imperial College London, told E&T: “These organisations will obviously need to know where the exhibits come from and if they are now saying that this could be problematic for them then I’m sure that’s the case.”
In theory, museums and galleries could be fined as much as €20million for infringements of parts of the GDPR. Some have warned the government in no uncertain terms that, while they of course intend to comply with the law, a fine of this size would immediately force them to close their doors forever.
Even if they obey the rules in full, as all intend to, this compliance will itself impose significant extra costs on them, potentially undermining their core educational activities.
Officials from the Natural History Museum have appealed directly to the Department for Culture, Media and Sport (DCMS) for common sense, pointing out that the GDPR was intended primarily to make big private companies behave more responsibly rather than to disadvantage exhibitors of life-size whale replicas and diplodocus skeletons.
They predicted “prohibitively” time-consuming data audit obligations would result unless museums were given some sort of special status under the legislation.
“Given the range of activities and new initiatives that might be subject to this requirement if it is enshrined, a major financial investment would be required... from individual public authorities,” the Natural History Museum told the government in its official response about one part of the GDPR.
They argued: “The sort of high risks that this measure is seeking to mitigate are not generally of relevance to museums and this authorisation appears disproportionate and arguably unnecessary.”
Some publicly financed museums are already said to be anxious about future central government funding and an apparent downturn in the number of paying visitors coming through their doors.
E&T has been told that several of the UK’s major museums recently contacted the DCMS to request “hybrid” status – a legal footing that would shield them from some of the most problematic of the new strictures.
In a letter to the government, an officer from the National Portrait Gallery argued that extra government funding would be needed to cover costs involved in the recruitment and employment of extra staff to meet the punishing new data audit requirements, warning that unless this was forthcoming, cuts elsewhere would be inevitable. The Imperial War Museum was another that complained about the proposed new rules, warning they could make the work of archivists and historians extremely difficult.
Leaders of large museums, which rely to an extent on “high end” donations from wealthy benefactors, are also said to be worried about possible implications for their fundraising activities. For smaller museums funded largely through ticket sales, the proposed new legislation is if anything even scarier as their funds are already very tightly squeezed.
Other organisations that responded to the government’s call for views on different aspects of the GDPR included the British Medical Association, which expressed concern that young people could be deterred from joining the NHS organ donor register due to stipulations that parental consent should be obtained in order for information on under-16s to be stored.
The News Media Association said freedom of the press could be “severely constrained” unless exemptions were put in place covering journalistic activities.
However, others feel the proposed measures do not go far enough. Dr Sandra Wachter, a postdoctoral algorithms researcher at the Oxford Internet Institute, called for more rigorous safeguards to stop entirely automated decision-making processes from unfairly processing data used for e-recruitment or in credit applications. She also warned the measures might not ensure companies were truly transparent about how data was being used.