Privacy concerns regarding user enroll

enroweb · September 10, 2016, 3:57pm

Dear OJS team,

I want to share with you some concerns we have regarding the way OJS handles user information. As per the ‘Enroll a User from this Site in this Journal’ feature, any journal manager can access other journal’s user details. This is a big deal with regard to existing privacy laws, as the French Data Protection Authority confirmed to us.

I know this is supposed to make user’s life easier by using only one account for a series of journals but what is preferable is for them to choose to enroll themselves to a new journal, not the other way round.

Therefore, we believe this is a failure both in privacy design and user journey. Can you confirm whether OJS v3 behaves the same? If not, can you please provide a response to the issue?

Of course, this issue does not take away all the other wonderful things OJS has to offer

Best regards,

Antoine

asmecher · September 12, 2016, 9:17pm

Hi @enroweb,

OJS 3.0 behaves the same way. We support a wide variety of different types of deployments – institutional ones, independent publishers, etc. – and the current approach works better for some than for others.

If you strictly need user accounts fully separated between journals, then I would suggest managing separate installations of OJS for each journal.

Regards,
Alec Smecher
Public Knowledge Project Team

alonsoj · September 23, 2016, 10:29am

I think it would be a good option for the admin role (not to share users between journals).

Regards,
Jaime