Technology and the Undermining of Privacy Principles in the Contemporary American Public Library from the 1990s to the Present Day

Peadar Claffey

Abstract

The implications of computerization and related matters on library privacy policy are considered. Specifically, this article considers the need for reading and usage analytics on patron privacy. Finally, it argues a case can be made for a re-consideration of library privacy principles.
Keywords: Library privacy principles

Introduction

The paper will begin by discussing some of the ethics and standards which the field of librarianship has long been committed to, particularly those related to privacy. An overview of how these principles have come to be undermined in the American public library, particularly since the 1990s and the growth in the use of computers and later, the internet. This will be followed by a more focused discussion about some of the specific realities of patron privacy in the twenty-first century public library. Finally, we will briefly look at what a library which sought to fulfil the promise of privacy might actually look like. We conclude by arguing that a return to strongly enforced patron privacy, while perhaps not impossible, is highly unlikely to happen and that a re-evaluation of the ethical principles of the profession is a more realistic goal. This re-appraisal would, we argue, begin to address the current disconnect between the commitments of the field and the realities on the ground.

If one takes the American Library Association’s (ALA) “Library Bill of Rights” and “Code of Ethics” documents in 1939 as a starting point, library ethical commitments to privacy have been established for almost a century now. The ALA Code of Ethics states that librarians shall “protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted” (American Library Association, 2008). While scholars often focus on the ALA and its strident stance on privacy, the codes of ethics of the International Federation of Library Associations and Institutions (2012), the Library Association of Ireland (2007) and many, if not most, national library associations now include commitments to the protection of patron privacy. We will now begin to trace the undermining of library codes of ethics in more detail by turning our attention to the work of Seeta Peña Gangadharan (2016).

The Impact of “Computerisation” and the Internet In her article “Library Privacy in Practice: System Change and Challenge”, Seeta Peña Gangadharan lays out how “computerisation” has, over the course of many decades, undermined long-held library commitments to privacy (2016, p. 176). She characterises modern libraries as “digital providers” of services as well as “third-party dependents” on the services of others (2016, p. 176, 181).
Beginning with the library-as-digital-provider characterisation, Gangadharan traces how in the 1990s, computers and internet access became widespread in libraries and that by 2013 American patrons were as likely to be visiting the library to use a computer or the internet as to be borrowing a book (2016, p. 177).
These changes in the nature of libraries brought with them changes in the type of information which libraries held on patrons. Traditionally, patron privacy involved keeping patron reading history secret. However, once computer and internet access was involved, libraries had far more user information to protect. numerous examples but for our purposes we need only list two. If a library requires that a patron use their library membership details in order to reserve the use of a computer, then the library has information on which patron used which computer during certain times thereby meaning a record will be created on what that patron did on that computer during that time. Similarly, many public libraries require patrons to sign in to use the Wi-Fi, which once again ties an individual patron to internet use, with a record being created of what the patron did while online. Gangadharan asks important questions about all of this, such as the length of time the records of computer and internet use of individual patrons are kept by the library and “how easily traceable … patron ID numbers” are (2016, p. 178). These are questions which throw the issue of patron privacy into sharp relief. Whether or not libraries themselves do anything with these records, the fact of their existence means newly created patron data is now their responsibility to protect. This immediately raises the question of whether this is necessary? If public libraries are serious about fulfilling their ethical obligations to protect the privacy of their users, then surely it makes more sense not to require patrons to sign in and not to create a record?

Library 2.0 Services Another area where public libraries have failed patrons is in their embrace of what has come to be called “Library 2.0 services” (Zimmer, 2013b, p. 44).

Library 2.0, following Web 2.0 (the second, more interactive, iteration of the web), seeks to encourage patrons to share information which is “often personal” with others (Zimmer, 2013b, p. 44). These others may be library staff, fellow library users or indeed users of the broader web. Library 2.0 services include online reference services, “library-hosted blogs or wikis”, “social tagging platforms”, “comment and rating systems”, utilising patrons social media profiles “to communicate and provide services to patrons” and using patrons’ past library loans in order to create reading “recommendation systems” (Zimmer, 2013a, p. 30). The underlying point about these services is that, to varying degrees, they require patron data in order to function. Moreover, to use many of these services patrons must create profiles with the external service provider whose privacy policies, as mentioned, rarely reach library standards. More importantly, as Zimmer points out, “to take full advantage of Web 2.0 platforms and technologies to deliver Library 2.0 services, libraries will need to capture and retain personal information from their patrons” and that is completely at odds with their stated privacy values (2013a, p. 31).

Reading Analytics and Patron Privacy

Clifford Lynch’s paper “The Rise of Reading Analytics and the Emerging Calculus of Reader Privacy in the Digital World” (2017) is concerned with reading analytics broadly consisting of the analysis and data collection of patron reading habits carried out by the providers of e-books and online magazines to libraries. They analyse and collect information on, for example, what texts patrons are reading, the speed which patrons are reading these texts, whether they are read in full or only skimmed, the annotations and underlining of passages by patrons and more besides (Lynch, 2017). As Lynch later makes clear, however, this is just the thin end of the wedge as “the range of personal identifiability in data collection … might go from a series of anonymous interaction records about a specific text at one extreme, all the way through a deep record (really, a database) about a specific customer” over a long period of time at the other (2017). In other words, there is scope for a lot of information to be collected. While information of this type can be collected for legitimate reasons, such as the improvement of services, it can also be collected for less legitimate reasons including selling or sharing with data brokers – who collect this information for profit. However, the reason for the collection of this information is unimportant – the very fact of its collection shows the stated privacy values of librarianship being undermined in the public library.

The Privacy Policies of Vendors

We saw Lynch (2017) outline the relative weakness of public libraries in their dealings with e-book publishers and platforms. In “Library Patron Privacy in Jeopardy: An Analysis of the Privacy Policies of Digital Content Vendors”, Lambert, Parker and Bashir (2015) analysed the privacy policies of five of the service providers most commonly used by the twenty-five largest American public library systems. Their analysis sought to answer three questions. Firstly, whether these privacy policies could be read and understood by the users of public libraries. Secondly, whether the policies reached the standards of privacy set by the “library community” (Lambert et al., 2015, p. 2) and finally, whether the policies met the standards which American industry set “for companies managing data” (Lambert et al., 2015, p. 4). Our paper need only concern itself with the answers provided by the authors to the first two questions.

On the first question, regarding whether library users were likely to be able to understand the privacy policies of these vendors, the authors concluded that the reading level required to read the policies “indicate[d] that [they] may be too difficult for the average library patron to understand” (Lambert et al., 2015, p. 5). On their second question, about whether vendors were reaching the standards expected by the library community, the authors found that “the vendors overwhelmingly were not meeting the heightened standards of the library profession” (Lambert et al., 2015, p. 6).

While the headline conclusions reached by the authors are notable, of real importance is the detail of what they say, particularly as it relates to the failure of vendors to meet library standards of privacy. The authors begin by pointing out that each of the vendors “were deficient” in their policies when it came to discussion of the enforcement of privacy rights (Lambert et al., 2015, p. 6). Moreover, no mention was made of the privacy audits required by the ALA. Similarly, absent was any reference to the ALA Code of Ethics (Lambert et al., 2015, p. 6). In fact, library privacy requirements are completely absent from the policies which, to the authors, “seemed to have been drafted ignorant of library professional standards” (Lambert et al., 2015, p. 6). While there may be nothing inherently wrong with this, it does give the distinct impression that the vendors do not consider library patron privacy to be of any particular importance. The authors also discuss “personally identifying information” (Lambert et al., 2015, p. 6). The vendors are open about the fact that they collect it and why they do so. This of course conflicts with ALA guidance and standard library procedures for personal information. Furthermore, no indication is given by the vendors as to the necessity of this personally identifying information being collected or the likelihood that it would eventually be deleted (except one vendor which was open about keeping the information). The findings of Lambert et al. (2015) provide further evidence that a disconnect exists between the ethical standards of library professionals and the actual privacy protections in place for public library users.

Behavioural Tracking of Internet Users

Reading analytics and the vendors who provide services to the library, as discussed above, are easily identifiable parts of the wider issues surrounding patron privacy. Internet use by patrons is also broadly understood to be a problem for public libraries in seeking to fulfil the ethical obligations of their profession. A far more subtle part which can nonetheless have a profound impact on the privacy of library users is the behavioural tracking they experience whilst online (Fortier & Burkell, 2015, p. 59). It is often pointed out that this type of information collection involves “non-personally identifiable information” (Fortier & Burkell, 2015, p. 59). In their article, “Hidden Online Surveillance: What Librarians Should Know to Protect Their Privacy and That of Their Patrons”, Alexandre Fortier and Jacquelyn Burkell assert, however, that “behavioural tracking is a form of surveillance” and is thereby an issue which profoundly affects the privacy of library users (Fortier & Burkell, 2015, p. 60).

In order to show that behavioural tracking constitutes a form of surveillance, Fortier and Burkell begin by outlining the initial, largely benign, purpose of behavioural tracking. It “was used to enhance user experience and to make … website interactions more efficient” (Fortier & Burkell, 2015, p. 61). For example, if a user left a website, behavioural tracking meant they could return to the same place on the site or resume a purchase with the same products ready to be paid for as before. This was enabled by “first-party tracking”, that is, tracking of users by the host website (Fortier & Burkell, 2015, p. 62). However, from the vast amount of information which began to be collected, companies started to make inferences about their users. Over time, as even more of this tracking took place a “detailed profile” of users was constructed by the web companies – “potentially aggregated across multiple visits to different websites” (Fortier & Burkell, 2015, p. 62). This aggregation from different sites was enabled because some companies have what are called “third-party” trackers on many different sites (Fortier & Burkell, 2015, p. 62). Google, for example, have third-party trackers on a huge percentage of websites – this means the profile that can be built of a user is likely to be extremely expansive (Libert, 2015). While all of this is concerning enough on its face, the fact that third-party trackers tend to be “invisible to the user” and involve the transfer of user data without “explicit … consent”, makes it far worse (Fortier & Burkell, 2015, p. 62). In a case like this, one could ask, how can the library hope to live up to the professional standards it espouses? How can it go about “safeguarding all library use data, including [the] personally identifiable information” of its patrons (ALA, 2019) when patrons can be tracked merely by going online?

The Case for a Reconsideration of Library Privacy Principles

This paper has repeatedly noted the gap between library privacy standards and the realities in contemporary public libraries. Some authors, however, have tried to paint a picture of what a library which did live up to the standards of the profession would look like. David Irvin (2021) argues that libraries have an ethical responsibility not to turn their backs on privacy. Irvin’s assertion is that to give up on privacy is to endanger “the relevance of the library” (2021, p. 3).

Irvin’s paper, “Ethics, Encryption, and Evolving Concepts of Personal Privacy in the ‘Black Box Library’”, is something of a call to arms, and while he himself calls the article “an imaginative exercise”, it is nonetheless filled with suggestions for how librarians could begin to fulfil the privacy obligations of their profession (2021, p. 2). The overarching ambition of the piece is to suggest that libraries become black boxes where users can access whatever reading materials, information, etc. they need but where none of the data which their activities create ever leaves the library. As Irvin says, “in the black box library, the vendor and library would be blind to all personal information included in active and previous transactions” (2021, p. 4). Irvin (2021) lays out a number of important steps which libraries can take to vastly improve patron privacy. These include “mass encryption, proxy services, legal enforcement of privacy provisions in vendor contracts [and] recordless inventory systems” (Irvin, 2021, p. 1).

So, it is not beyond the bounds of possibility that public libraries could seek to return to their roots and embrace strong patron privacy protections once again. However, it must be asked how realistic this change is – as we said, Irvin himself calls his article “an imaginative exercise” (2021, p. 2). Moreover, a public library system which sought to rebuild its offerings, from the ground up, would, at least initially, have to remove a lot of its services in order to ascertain whether they reached the standards expected. E-journals, e-books, streaming services, library computers, library Wi-Fi, integrated library systems and other services would all have to be analysed to see if they reached the standards expected. In some cases, it might then require a re-negotiation of a contract with a vendor, in others the service might never come back. Either way, the service would be gone for a period of time which would surely lead to some public backlash. While some libraries might, it seems highly unlikely that most would have the determination to go through all of that.

The issues faced by public libraries in seeking to live up to their privacy principles while also offering patrons access to the latest technologies and services are not new. In 2001, Michael Gorman argued that “our privacy codes need to be updated so that we can deal with modern circumstances without ever compromising our core commitment to privacy” (p. 9). This paper follows Gorman (2001) in calling for an update to the privacy principles of the profession but does so as a means of re-aligning the ethics of the field of librarianship with the realities within which libraries now function. As we have shown, it does not seem that libraries are currently meeting the standards the profession has set for itself. Rather than continue to espouse something which has come to be little more than a token gesture, the profession should seek to engage with the reality of the situation. Revisiting and re-evaluating the ethical principles of the profession would lead to a more realistic and honest assessment of the library’s place in the world. Finally, it would also free libraries to proudly offer the services and engage in the activities which it already does without continuously contradicting and undermining the profession’s conception of itself.

Peadar Claffey, BA, MLIS, Library Technician at the North Vancouver City Library

References

• American Library Association. (2008, January 22). Code of ethics. https://web.archive. org/web/20140226215611/http://www.ala.org/advocacy/proethics/codeofethics/ codeethics
• American Library Association. (2019a, January 29). Library bill of rights. https://www.ala. org/advocacy/intfreedom/librarybill/
• Fortier, A. & Burkell, J. (2015). Hidden online surveillance: What librarians should know to protect their privacy and that of their patrons. Information Technology and Libraries, 34(3), 59-72. https://ir.lib.uwo.ca/cgi/viewcontent.cgi?referer=https://duckduckgo. com/&httpsredir=1&article=1054&context=fimspub
• Gangadharan, S.P. (2016). Library privacy in practice: System change and challenges. I/S: A Journal of Law and Policy for the Information Society, 13(1), 175-198. https://eprints.lse. ac.uk/73001/2/Gangadharan_Library%20privacy%20in%20practive%20system%20 change%20and%20challenges_author_2017.pdf
• Glaser, A. & Macrina, A. (2014, October 20). Librarians are dedicated to user privacy. The tech they have to use is not. Slate. https://slate.com/technology/2014/10/adobes-digitaleditions-e-book-software-and-library-patron-privacy.html
• Gorman, M. (2001, August 16-25). Privacy in the digital environment – Issues for libraries. [Paper presentation]. 67th IFLA Council and General Conference, Boston, USA. https:// archive.ifla.org/IV/ifla67/papers/145-083e.pdf
• International Coalition of Library Consortia. (2002, July 1). Privacy guidelines for electronic resources vendors. https://www.icolc.net/statement/privacy-guidelineselectronic-resources-vendors
• International Federation of Library Associations and Institutions. (2016). Code of ethics for librarians and other information workers. https://www.ifla.org/publications/ node/11092#privacy https://www.ifla.org/publications/ifla-code-of-ethics-forlibrarians-and-other-information-workers-full-version/
• Irvin, D. (2021). Ethics, encryption, and evolving concepts of personal privacy in the ‘black box library’. The Serials Librarian. 10.1080/0361526X.2021.1875960
• Kritikos, K.C. & Zimmer, M. (2017). Privacy policies and practices with cloud-based services in public libraries: An exploratory case of bibliocommons. Journal of Intellectual Freedom and Privacy, 2(1), 23-37. 10.5860/jifp.v2i1.6252
• Lambert, A.D., Parker, M., & Bashir, M. (2015). Library patron privacy in jeopardy: An analysis of the privacy policies of digital content vendors. Proceedings of the Association for Information Science and Technology, 52(1), 1-9. 10.1002/pra2.2015.145052010044
• Libert, T. (2015). Privacy implications of health information seeking on the web. Communications of the ACM, 58(3), 68-77. 10.1145/2658983
• Library Association of Ireland. (2007). Code of ethics. https://www.ifla.org/wp-content/ uploads/2019/05/assets/faife/nationalcodeofethics/irelandlaicodeofethics1.pdf
• Macrina, A. & Glaser, A. (2014, September 23). Radical librarianship: How ninja librarians are ensuring patrons’ electronic privacy. Boing Boing. https://boingboing.net/2014/09/13/ radical-librarianship-how-nin.html
• Lynch, C. (2017). The rise of reading analytics and the emerging calculus of reader privacy in the digital world. First Monday, 22(4). https://www.firstmonday.org/ojs/index. php/fm/article/view/7414
• Zimmer, M. (2013a). Assessing the treatment of patron privacy in library 2.0 literature. Information Technology and Libraries, 32(2), 29-41. 10.6017/ital.v32i2.3420
• Zimmer, M. (2013b). Patron privacy in the “2.0” era: Avoiding the faustian bargain of library 2.0. Journal of Information Ethics, 22(1), 44-59. 10.3172/JIE.22.1.44

GDPR

  • Library Association Of Ireland: Privacy Statement
  • Collection of your personal information
  • How we use your Personal Information
  • Security of your personal information
  • Third party services
  • Updating your personal information
  • Website visitors
  • Use of Cookies
  • Changes to this statement
  • Contact Information

Library Association Of Ireland: Privacy Statement

Introduction
The Library Association of Ireland (LAI) is committed to protecting your privacy. The information you share with us means you will be able to use the services we offer. We only collect the information that is necessary to carry out our business, provide the particular service you have requested and to keep you informed. Our privacy policy gives you details on when and why we collect your personal data and how we use it.

Collection of your personal information

The amount and type of information we collect from you depends on the nature of the interaction you have with us. For example, we ask members who wish to join to complete an application form. In each case, we only gather as much information as is necessary to fulfil the service request. But in general we collect the following personal information:

  • contact information including: home or work address, telephone number, qualifications and email address
  • affiliation and role
  • bank details if appropriate.

Information about your computer hardware and software is automatically collected by the LAI. This information can include your: IP address; browser type; domain name; access times; and referring website addresses.

 

How we use your Personal Information

The information we collect and hold on you will be used in a number of ways, including:

  • to fulfil membership requests
  • to fulfil bookings for attendance at events
  • provision of a LAI service,
  • provision of information to inform you of other products or services available from LAI and its affiliates
  • process payments, e.g. fees for attendance at events, payment of invoices, etc.
  • to facilitate discussion and sharing of knowledge through discussion lists and events
  • to contact you to conduct research about your opinion of current services or of potential new services that may be offered
  • when you use the LAI website.

The LAI will keep your information only for as long as is necessary for the purposes set out in this privacy notice and to fulfil our legal obligations. We will not keep more information than we need. The retention period will vary according to the purpose the data is collated.

The LAI does not sell, rent or lease its customer lists to third parties. The LAI may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) is not transferred to the third party.  In addition, the LAI may share data with trusted partners to help us process payments, perform statistical analysis, send you email or postal mail, provide customer support, member services or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to the LAI, and they are required to maintain the confidentiality of your information.

The LAI will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on the LAI or the site; (b) protect and defend the rights or property of the LAI; and, (c) act under exigent circumstances to protect the personal safety of members of the LAI, or the public.

Security of your personal information

The LAI discloses personally-identifying information to its management committee, contractors and affiliates in order to provide services available from the LAI. Payment processing is an example of this. They will not use your data for anything other than the clearly defined purpose relating to the service that they are providing.

Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through LAI public message boards, this information may be collected and used by others. Note: the LAI does not read any of your private online communications.

The LAI secures your personal information from unauthorised access, use or disclosure. The LAI secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, and security protocols.

Third party services

The LAI utilises third party services to assist in the delivery of some of our services, e.g. Eventbrite. When you interact with these sites you may provide information about yourself to those third parties. The LAI is not responsible for how they collect, use and share your information. We encourage you to review the privacy statements of the websites you choose to link to from the LAI, so that you can understand how these websites collect, use and share your information.

Updating your personal information

The LAI will endeavour to ensure the data we hold on you is correct and up-to-date. If you wish us to amend or remove the personal information we hold on you, please contact us by email honsec@libraryassociation.ie or write to Library Association of Ireland, c/o 138-144 Pearse Street, Dublin 2.We will correct any inaccuracies or remove you from our databases as soon as practicable.

Website visitors

Like most websites, the LAI collects non-personally-identifying information of the sort that web browsers and servers make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. We do this to maintain the quality of the service, to determine what LAI services are the most popular and to provide general statistics regarding use of the LAI website. The data may be gathered from our website hosts and Google Analytics.

 

Use of Cookies

The LAI website uses ‘cookies’ to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalise LAI pages, or register with the LAI site or services, a cookie helps the LAI to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same LAI website, the information you previously provided can be retrieved, so you can easily use the LAI features that you customised.

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the LAI services or websites you visit.

Changes to this statement

The LAI will occasionally update this Statement of Privacy to reflect user feedback. The LAI encourages you to periodically review this statement to be informed of how the LAI is protecting your information.

This statement was last updated on 20th June 2018.

Contact Information

The LAI with review and update this Statement of Privacy. If you believe that the LAI has not adhered to this statement, please write the President, Library Association of Ireland, c/o 138-144 Pearse Street, Dublin 2. We will use commercially reasonable efforts to promptly determine and remedy the problem.