Keywords: Library privacy principles
The paper will begin by discussing some of the ethics and standards which the field of librarianship has long been committed to, particularly those related to privacy. An overview of how these principles have come to be undermined in the American public library, particularly since the 1990s and the growth in the use of computers and later, the internet. This will be followed by a more focused discussion about some of the specific realities of patron privacy in the twenty-first century public library. Finally, we will briefly look at what a library which sought to fulfil the promise of privacy might actually look like. We conclude by arguing that a return to strongly enforced patron privacy, while perhaps not impossible, is highly unlikely to happen and that a re-evaluation of the ethical principles of the profession is a more realistic goal. This re-appraisal would, we argue, begin to address the current disconnect between the commitments of the field and the realities on the ground.
If one takes the American Library Association’s (ALA) “Library Bill of Rights” and “Code of Ethics” documents in 1939 as a starting point, library ethical commitments to privacy have been established for almost a century now. The ALA Code of Ethics states that librarians shall “protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted” (American Library Association, 2008). While scholars often focus on the ALA and its strident stance on privacy, the codes of ethics of the International Federation of Library Associations and Institutions (2012), the Library Association of Ireland (2007) and many, if not most, national library associations now include commitments to the protection of patron privacy. We will now begin to trace the undermining of library codes of ethics in more detail by turning our attention to the work of Seeta Peña Gangadharan (2016).
The Impact of “Computerisation” and the Internet In her article “Library Privacy in Practice: System Change and Challenge”, Seeta Peña Gangadharan lays out how “computerisation” has, over the course of many decades, undermined long-held library commitments to privacy (2016, p. 176). She characterises modern libraries as “digital providers” of services as well as “third-party dependents” on the services of others (2016, p. 176, 181).
Beginning with the library-as-digital-provider characterisation, Gangadharan traces how in the 1990s, computers and internet access became widespread in libraries and that by 2013 American patrons were as likely to be visiting the library to use a computer or the internet as to be borrowing a book (2016, p. 177).
These changes in the nature of libraries brought with them changes in the type of information which libraries held on patrons. Traditionally, patron privacy involved keeping patron reading history secret. However, once computer and internet access was involved, libraries had far more user information to protect. numerous examples but for our purposes we need only list two. If a library requires that a patron use their library membership details in order to reserve the use of a computer, then the library has information on which patron used which computer during certain times thereby meaning a record will be created on what that patron did on that computer during that time. Similarly, many public libraries require patrons to sign in to use the Wi-Fi, which once again ties an individual patron to internet use, with a record being created of what the patron did while online. Gangadharan asks important questions about all of this, such as the length of time the records of computer and internet use of individual patrons are kept by the library and “how easily traceable … patron ID numbers” are (2016, p. 178). These are questions which throw the issue of patron privacy into sharp relief. Whether or not libraries themselves do anything with these records, the fact of their existence means newly created patron data is now their responsibility to protect. This immediately raises the question of whether this is necessary? If public libraries are serious about fulfilling their ethical obligations to protect the privacy of their users, then surely it makes more sense not to require patrons to sign in and not to create a record?
Library 2.0 Services Another area where public libraries have failed patrons is in their embrace of what has come to be called “Library 2.0 services” (Zimmer, 2013b, p. 44).
Library 2.0, following Web 2.0 (the second, more interactive, iteration of the web), seeks to encourage patrons to share information which is “often personal” with others (Zimmer, 2013b, p. 44). These others may be library staff, fellow library users or indeed users of the broader web. Library 2.0 services include online reference services, “library-hosted blogs or wikis”, “social tagging platforms”, “comment and rating systems”, utilising patrons social media profiles “to communicate and provide services to patrons” and using patrons’ past library loans in order to create reading “recommendation systems” (Zimmer, 2013a, p. 30). The underlying point about these services is that, to varying degrees, they require patron data in order to function. Moreover, to use many of these services patrons must create profiles with the external service provider whose privacy policies, as mentioned, rarely reach library standards. More importantly, as Zimmer points out, “to take full advantage of Web 2.0 platforms and technologies to deliver Library 2.0 services, libraries will need to capture and retain personal information from their patrons” and that is completely at odds with their stated privacy values (2013a, p. 31).
Reading Analytics and Patron Privacy
Clifford Lynch’s paper “The Rise of Reading Analytics and the Emerging Calculus of Reader Privacy in the Digital World” (2017) is concerned with reading analytics broadly consisting of the analysis and data collection of patron reading habits carried out by the providers of e-books and online magazines to libraries. They analyse and collect information on, for example, what texts patrons are reading, the speed which patrons are reading these texts, whether they are read in full or only skimmed, the annotations and underlining of passages by patrons and more besides (Lynch, 2017). As Lynch later makes clear, however, this is just the thin end of the wedge as “the range of personal identifiability in data collection … might go from a series of anonymous interaction records about a specific text at one extreme, all the way through a deep record (really, a database) about a specific customer” over a long period of time at the other (2017). In other words, there is scope for a lot of information to be collected. While information of this type can be collected for legitimate reasons, such as the improvement of services, it can also be collected for less legitimate reasons including selling or sharing with data brokers – who collect this information for profit. However, the reason for the collection of this information is unimportant – the very fact of its collection shows the stated privacy values of librarianship being undermined in the public library.
The Privacy Policies of Vendors
We saw Lynch (2017) outline the relative weakness of public libraries in their dealings with e-book publishers and platforms. In “Library Patron Privacy in Jeopardy: An Analysis of the Privacy Policies of Digital Content Vendors”, Lambert, Parker and Bashir (2015) analysed the privacy policies of five of the service providers most commonly used by the twenty-five largest American public library systems. Their analysis sought to answer three questions. Firstly, whether these privacy policies could be read and understood by the users of public libraries. Secondly, whether the policies reached the standards of privacy set by the “library community” (Lambert et al., 2015, p. 2) and finally, whether the policies met the standards which American industry set “for companies managing data” (Lambert et al., 2015, p. 4). Our paper need only concern itself with the answers provided by the authors to the first two questions.
On the first question, regarding whether library users were likely to be able to understand the privacy policies of these vendors, the authors concluded that the reading level required to read the policies “indicate[d] that [they] may be too difficult for the average library patron to understand” (Lambert et al., 2015, p. 5). On their second question, about whether vendors were reaching the standards expected by the library community, the authors found that “the vendors overwhelmingly were not meeting the heightened standards of the library profession” (Lambert et al., 2015, p. 6).
While the headline conclusions reached by the authors are notable, of real importance is the detail of what they say, particularly as it relates to the failure of vendors to meet library standards of privacy. The authors begin by pointing out that each of the vendors “were deficient” in their policies when it came to discussion of the enforcement of privacy rights (Lambert et al., 2015, p. 6). Moreover, no mention was made of the privacy audits required by the ALA. Similarly, absent was any reference to the ALA Code of Ethics (Lambert et al., 2015, p. 6). In fact, library privacy requirements are completely absent from the policies which, to the authors, “seemed to have been drafted ignorant of library professional standards” (Lambert et al., 2015, p. 6). While there may be nothing inherently wrong with this, it does give the distinct impression that the vendors do not consider library patron privacy to be of any particular importance. The authors also discuss “personally identifying information” (Lambert et al., 2015, p. 6). The vendors are open about the fact that they collect it and why they do so. This of course conflicts with ALA guidance and standard library procedures for personal information. Furthermore, no indication is given by the vendors as to the necessity of this personally identifying information being collected or the likelihood that it would eventually be deleted (except one vendor which was open about keeping the information). The findings of Lambert et al. (2015) provide further evidence that a disconnect exists between the ethical standards of library professionals and the actual privacy protections in place for public library users.
Behavioural Tracking of Internet Users
Reading analytics and the vendors who provide services to the library, as discussed above, are easily identifiable parts of the wider issues surrounding patron privacy. Internet use by patrons is also broadly understood to be a problem for public libraries in seeking to fulfil the ethical obligations of their profession. A far more subtle part which can nonetheless have a profound impact on the privacy of library users is the behavioural tracking they experience whilst online (Fortier & Burkell, 2015, p. 59). It is often pointed out that this type of information collection involves “non-personally identifiable information” (Fortier & Burkell, 2015, p. 59). In their article, “Hidden Online Surveillance: What Librarians Should Know to Protect Their Privacy and That of Their Patrons”, Alexandre Fortier and Jacquelyn Burkell assert, however, that “behavioural tracking is a form of surveillance” and is thereby an issue which profoundly affects the privacy of library users (Fortier & Burkell, 2015, p. 60).
In order to show that behavioural tracking constitutes a form of surveillance, Fortier and Burkell begin by outlining the initial, largely benign, purpose of behavioural tracking. It “was used to enhance user experience and to make … website interactions more efficient” (Fortier & Burkell, 2015, p. 61). For example, if a user left a website, behavioural tracking meant they could return to the same place on the site or resume a purchase with the same products ready to be paid for as before. This was enabled by “first-party tracking”, that is, tracking of users by the host website (Fortier & Burkell, 2015, p. 62). However, from the vast amount of information which began to be collected, companies started to make inferences about their users. Over time, as even more of this tracking took place a “detailed profile” of users was constructed by the web companies – “potentially aggregated across multiple visits to different websites” (Fortier & Burkell, 2015, p. 62). This aggregation from different sites was enabled because some companies have what are called “third-party” trackers on many different sites (Fortier & Burkell, 2015, p. 62). Google, for example, have third-party trackers on a huge percentage of websites – this means the profile that can be built of a user is likely to be extremely expansive (Libert, 2015). While all of this is concerning enough on its face, the fact that third-party trackers tend to be “invisible to the user” and involve the transfer of user data without “explicit … consent”, makes it far worse (Fortier & Burkell, 2015, p. 62). In a case like this, one could ask, how can the library hope to live up to the professional standards it espouses? How can it go about “safeguarding all library use data, including [the] personally identifiable information” of its patrons (ALA, 2019) when patrons can be tracked merely by going online?
The Case for a Reconsideration of Library Privacy Principles
This paper has repeatedly noted the gap between library privacy standards and the realities in contemporary public libraries. Some authors, however, have tried to paint a picture of what a library which did live up to the standards of the profession would look like. David Irvin (2021) argues that libraries have an ethical responsibility not to turn their backs on privacy. Irvin’s assertion is that to give up on privacy is to endanger “the relevance of the library” (2021, p. 3).
Irvin’s paper, “Ethics, Encryption, and Evolving Concepts of Personal Privacy in the ‘Black Box Library’”, is something of a call to arms, and while he himself calls the article “an imaginative exercise”, it is nonetheless filled with suggestions for how librarians could begin to fulfil the privacy obligations of their profession (2021, p. 2). The overarching ambition of the piece is to suggest that libraries become black boxes where users can access whatever reading materials, information, etc. they need but where none of the data which their activities create ever leaves the library. As Irvin says, “in the black box library, the vendor and library would be blind to all personal information included in active and previous transactions” (2021, p. 4). Irvin (2021) lays out a number of important steps which libraries can take to vastly improve patron privacy. These include “mass encryption, proxy services, legal enforcement of privacy provisions in vendor contracts [and] recordless inventory systems” (Irvin, 2021, p. 1).
So, it is not beyond the bounds of possibility that public libraries could seek to return to their roots and embrace strong patron privacy protections once again. However, it must be asked how realistic this change is – as we said, Irvin himself calls his article “an imaginative exercise” (2021, p. 2). Moreover, a public library system which sought to rebuild its offerings, from the ground up, would, at least initially, have to remove a lot of its services in order to ascertain whether they reached the standards expected. E-journals, e-books, streaming services, library computers, library Wi-Fi, integrated library systems and other services would all have to be analysed to see if they reached the standards expected. In some cases, it might then require a re-negotiation of a contract with a vendor, in others the service might never come back. Either way, the service would be gone for a period of time which would surely lead to some public backlash. While some libraries might, it seems highly unlikely that most would have the determination to go through all of that.
The issues faced by public libraries in seeking to live up to their privacy principles while also offering patrons access to the latest technologies and services are not new. In 2001, Michael Gorman argued that “our privacy codes need to be updated so that we can deal with modern circumstances without ever compromising our core commitment to privacy” (p. 9). This paper follows Gorman (2001) in calling for an update to the privacy principles of the profession but does so as a means of re-aligning the ethics of the field of librarianship with the realities within which libraries now function. As we have shown, it does not seem that libraries are currently meeting the standards the profession has set for itself. Rather than continue to espouse something which has come to be little more than a token gesture, the profession should seek to engage with the reality of the situation. Revisiting and re-evaluating the ethical principles of the profession would lead to a more realistic and honest assessment of the library’s place in the world. Finally, it would also free libraries to proudly offer the services and engage in the activities which it already does without continuously contradicting and undermining the profession’s conception of itself.
Peadar Claffey, BA, MLIS, Library Technician at the North Vancouver City Library
• American Library Association. (2008, January 22). Code of ethics. https://web.archive. org/web/20140226215611/http://www.ala.org/advocacy/proethics/codeofethics/ codeethics
• American Library Association. (2019a, January 29). Library bill of rights. https://www.ala. org/advocacy/intfreedom/librarybill/
• Fortier, A. & Burkell, J. (2015). Hidden online surveillance: What librarians should know to protect their privacy and that of their patrons. Information Technology and Libraries, 34(3), 59-72. https://ir.lib.uwo.ca/cgi/viewcontent.cgi?referer=https://duckduckgo. com/&httpsredir=1&article=1054&context=fimspub
• Gangadharan, S.P. (2016). Library privacy in practice: System change and challenges. I/S: A Journal of Law and Policy for the Information Society, 13(1), 175-198. https://eprints.lse. ac.uk/73001/2/Gangadharan_Library%20privacy%20in%20practive%20system%20 change%20and%20challenges_author_2017.pdf
• Glaser, A. & Macrina, A. (2014, October 20). Librarians are dedicated to user privacy. The tech they have to use is not. Slate. https://slate.com/technology/2014/10/adobes-digitaleditions-e-book-software-and-library-patron-privacy.html
• Gorman, M. (2001, August 16-25). Privacy in the digital environment – Issues for libraries. [Paper presentation]. 67th IFLA Council and General Conference, Boston, USA. https:// archive.ifla.org/IV/ifla67/papers/145-083e.pdf
• International Coalition of Library Consortia. (2002, July 1). Privacy guidelines for electronic resources vendors. https://www.icolc.net/statement/privacy-guidelineselectronic-resources-vendors
• International Federation of Library Associations and Institutions. (2016). Code of ethics for librarians and other information workers. https://www.ifla.org/publications/ node/11092#privacy https://www.ifla.org/publications/ifla-code-of-ethics-forlibrarians-and-other-information-workers-full-version/
• Irvin, D. (2021). Ethics, encryption, and evolving concepts of personal privacy in the ‘black box library’. The Serials Librarian. 10.1080/0361526X.2021.1875960
• Kritikos, K.C. & Zimmer, M. (2017). Privacy policies and practices with cloud-based services in public libraries: An exploratory case of bibliocommons. Journal of Intellectual Freedom and Privacy, 2(1), 23-37. 10.5860/jifp.v2i1.6252
• Lambert, A.D., Parker, M., & Bashir, M. (2015). Library patron privacy in jeopardy: An analysis of the privacy policies of digital content vendors. Proceedings of the Association for Information Science and Technology, 52(1), 1-9. 10.1002/pra2.2015.145052010044
• Libert, T. (2015). Privacy implications of health information seeking on the web. Communications of the ACM, 58(3), 68-77. 10.1145/2658983
• Library Association of Ireland. (2007). Code of ethics. https://www.ifla.org/wp-content/ uploads/2019/05/assets/faife/nationalcodeofethics/irelandlaicodeofethics1.pdf
• Macrina, A. & Glaser, A. (2014, September 23). Radical librarianship: How ninja librarians are ensuring patrons’ electronic privacy. Boing Boing. https://boingboing.net/2014/09/13/ radical-librarianship-how-nin.html
• Lynch, C. (2017). The rise of reading analytics and the emerging calculus of reader privacy in the digital world. First Monday, 22(4). https://www.firstmonday.org/ojs/index. php/fm/article/view/7414
• Zimmer, M. (2013a). Assessing the treatment of patron privacy in library 2.0 literature. Information Technology and Libraries, 32(2), 29-41. 10.6017/ital.v32i2.3420
• Zimmer, M. (2013b). Patron privacy in the “2.0” era: Avoiding the faustian bargain of library 2.0. Journal of Information Ethics, 22(1), 44-59. 10.3172/JIE.22.1.44