Libraries and privacy

These are my notes for my own part of a panel discussion held at the British Columbia Libraries Conference on May 6 2021, called “Who’s Driving This Thing? Data-Driven Companies, Public Spaces, and the Issue of Privacy,” with responses to the questions answered by my colleagues, two archivists and privacy experts, Alexandra Wieland and Robert McLelland, and me. The session was wrangled, envisioned, and moderated by another librarian colleague, Samantha Mills.

A core concept each presenter feels is key to an understanding of privacy, surveillance capitalism, and information organisations 

Put simply, privacy is one of the core values of librarianship.

I’m going to start by going back to my own experience in ancient times in public libraries — the 1980s and 1990s, when I was a library assistant and then a new librarian.

In those days, we were pretty strict about privacy — and it was a lot simpler. If you borrowed a book, all records of that got wiped out after it came back safely. If someone wanted to read a reference book or an article, for the most part no one ever asked for their name — they just did it. (We used to take ID for some materials, but as I recall we gave it back when you returned the item, and we didn’t write your information down anywhere.) We kept patron’s holds behind the front counter where no one else could see them. And I remember being told, as both a library assistant and a librarian, that we were supposed to keep the identities of our patrons confidential. If someone asked, “Does so and so come here?” we were not allowed to tell them. And if we required people to register for a library program or workshop, that registration information was probably kept on a piece of paper, or a computer that wasn’t connected to the internet.

Things are a lot different now. And there are good reasons. Not very many people would stand at the coin-operated photocopier in a library and duplicate entire books or runs of journals — but the equivalent is a lot easier to do with electronic resources, unless vendors have some protection from this happening.

And a lot of our patrons want us to keep records of what they’ve read. And they like the convenience of ebook platforms that have nice interfaces and let them download books to their own devices, and customized features, and the ability to automatically add events to the calendars on their phones when they register for an event.

But as Dorothea Salo points out in her article, Physical-equivalent privacy [selectively quoting here]:

[T]he library patron using library-provided electronic information should enjoy privacy protection equal to that of the same patron using the same information via a library-provided physical information carrier.” This is not a perfect analogy… but it productively tickles most folks’ sense of what’s creepy….

Let’s walk through an example: usage counting for spaces.

Physical first. Gate counts, or a count clicker? Not terribly creepy.

…Counts by a person who asks each patron about their demographic information? Highly, highly creepy—we’ve definitely arrived at “scary” now, if we hadn’t already.

Counts by a person who asks each person their name or library-card barcode number? So scary that the library would likely empty out.

Combining either of the last two with recording the library material that the patron is reading, watching, or listening to? Absolutely beyond the pale; I would expect huge protests from patrons, working professionals, and professional orgs.

Combining demographic information, name or other identifier, and materials choice? Ugh, just forget it—that’s utterly beyond scary into full Orwell.

So many of us are probably agreeing now — it’s unquestionably creepy to think that someone is gathering this information about patrons online.

But what about giving patrons a choice?

Many people say yes to those vendor terms and conditions because they’re not worried or bothered about someone knowing what they read or what events they attend. And others say yes either because they don’t read or think about those terms and conditions (most of us say yes to these all the time), or because they don’t have a choice — that’s the only way to get access to that information, or training, or ebook, or library event.

And there are a few other people — I’m sure a much smaller number — who say no. They don’t use those resources because they don’t want to share their data. So there’s a spectrum of responses.

I think it’s fair to go a step further and say some people are being denied services because they say no. And some people aren’t making informed choices. Those are problems.

Here’s a tougher question. Should we even be giving patrons this choice?

“…The Canadian Federation of Library Associations affirms … that libraries have a core responsibility to support, defend and promote the universal principles of intellectual freedom and privacy…Libraries have a core responsibility to safeguard and defend privacy in the individual’s pursuit of expressive content. To this end, libraries protect the identities and activities of library users except when required by the courts to cede them….”

Canadian Federation of Library Associations 

Just looking at the privacy statements from our professional organisations, we should all be feeling a bit uneasy (if we weren’t already).

Are we really doing what we say we do? Are we protecting the identities and activities of library users, when we use these convenient online tools for Library collections and services?

“The American Library Association affirms that rights of privacy are necessary for intellectual freedom and are fundamental to the ethics and practice of librarianship.”

American Library Association, Core Values of Librarianship 

Frankly, my main goal today is to get us all feeling uncomfortable enough that we feel like we have to take some responsibility — as individuals and organisations — for doing more to protect patron privacy.

What is your biggest concern about libraries/information institutions/public services and privacy?

I’m treating this as the section where we talk about what we’re up against in libraries, especially library culture.

First of all, privacy is one of our core values, and people know this. It’s one of the reasons our communities trust us.

Not protecting privacy can lead to real harm to our communities — especially to more vulnerable people, and we are at risk of losing that trust we have built up over many decades.

How did we get into this situation, where we aren’t protecting privacy the way we used to? And why is it so hard to get out?

Part of it is us, and it’s entirely well-meaning. We are saying yes to services that people are asking for, and that are really very useful and exciting. We are saying yes to convenience. We are providing services that people really need and appreciate.

And part of it feels like it’s out of our control. Usually we buy or lease ebooks or ebook platforms, or research databases, etc. etc. — we very rarely build them ourselves. And we can only choose between products that are actually available.

And I think another part of it is the predominant library culture.

We are very good at many things, including providing essential services and being really responsive to our communities. We are good at telling our stories. We are great at collaborating. We’re also really thrifty and efficient.

On the other hand, many of us working in libraries are not so good at conflict. We are naturally oriented towards working together, not adversarially. If patrons ask us for a particular product or service, how comfortable are we saying we are seriously concerned about the privacy implications — and what if those patrons tell us they don’t care about that? If vendors tell us that our patron data is safe with them, how do we respond? (And what about if we don’t feel like “experts” on privacy in the first place?)

And as individuals in library culture most of us are also very respectful towards the people we work with. We also hesitate to speak up unless we have all the facts.

We think to ourselves, “Who am I to say anything when this isn’t my area? I’ll sound like I don’t know what I’m talking about. Besides, I’m sure Person X in charge of Z knows so much more about this than I do — and I don’t want to step on their toes.”

These are some of the problems. But I will have some suggestions at the end.

What are some actions we can take as people in libraries (including examples of resistance or friction we can practice as individual information workers) — or community members? 

I’m assuming here that none of us (library workers, libraries, even library associations) has the power to solve our privacy problem on our own. But I think that as individuals and as individual libraries we can take some steps, and we can shift the conversations where we already are.

What can I do (as an employee, manager, even a community member)? Here are some of the things I’ve done, tried, or have been reminding myself to do:

Ask! At every stage, starting early on:
– “What about patron privacy?”
– “How will my privacy (or other people’s privacy) be protected?”
(And remember that this applies to physical services as well as online.)

Advocate! And speak up!
– If I can’t say no, can I say “Yes, but only if we can do that while protecting our community members’ privacy”?
– Share examples of privacy statements, positions, and bold privacy-protecting moves from other libraries.
– Ask if my library can develop a public-facing privacy statement to guide staff, and inform my community (and vendors). (And offer to help write it.)
-Remember the impacts of our decisions on less privileged people — especially people different from ourselves. (Here’s where listening to our communities is important, and UX practices can be helpful. We might need to shift our thinking to wanting to hear where the barriers and risks are to different people. And we can also consider the UX practice of developing personas as a way of changing our perspectives and thinking through different impacts on people who are in different situations.)

And things I try not to do:
– Think I need to know everything before asking questions or starting to advocate for privacy. We can legitimately care about something without being experts.
– Censor myself because I worry about someone being Mr Gotcha (e.g. people claiming privacy is all or nothing, or who will criticise me for being on social media, or having a phone, and also caring about privacy ). We all live in the world.
– Gather personal information just in case, or just because I can. (The safest data is the data we don’t collect.)
– Be afraid to be “that person” who always asks about privacy. (I’m starting to feel proud of being that person.)


“Librarians and other information workers respect personal privacy, and the protection of personal data, necessarily shared between individuals and institutions…. The relationship between the library and the user is one of confidentiality and librarians and other information workers will take appropriate measures to ensure that user data is not shared beyond the original transaction.”

The International Federation of Library Associations and Institutions (IFLA) Code of Ethics for Librarians and other Information Workers

Some recommended reading and further resources

For inspiration:
– Stanford Libraries’ “Statement on patron privacy and database access,” co-signed by many heavy hitters, including Harvard, Johns Hopkins, Princeton, and MIT, and which begins: “Many leading providers of digital content to libraries in North America are changing the way they provide access to library patrons. Instead of allowing anonymous access via well-established channels, these providers are increasingly seeking personally identifiable, individual patron data. Often these efforts to gather more patron data are bundled into efforts to “enhance” or modernize platforms as the sector moves towards single sign on, and away from traditional, IP-based access. The providers have many possible drivers to gather this data: personalization, analytics, marketing, et al. This approach is unacceptable.” [emphasis mine]
– Cornell University’s Privacy Services page, including a powerful statement about licenced resources, which includes: “The Library fights against these privacy degradations in solidarity with our peer institutions. Whenever possible, we negotiate with vendors on licensing agreements for online resources in order to secure strong privacy protections for our patrons on and off campus. When we are unable to negotiate changes to invasive policies, we weigh alternatives and proper actions, including canceling subscriptions, if necessary.” [emphasis mine]

Selected background reading:
– From 2016, but still very relevant and helpful for thinking about the real risks of sharing patron data, “Patron data and the fear of surveillance: some thoughts,” by Martin Patrick.
– “Librarianship at the Crossroads of ICE Surveillance” (In the Library with a Lead Pipe, 2019) by law professor and librarian Sarah Lamdan, which begins, “As a fellow librarian, I’m here to warn you: ICE is in your library stacks. Whether directly or indirectly, some of the companies that sell your library research services also sell surveillance data to law enforcement, including ICE (U.S. Immigration and Customs Enforcement).”
– “Addressing the Alarming Systems of Surveillance Built By Library Vendors,” SPARC, April 2021, explains why “The transition to online platforms for education and research—even open ones—has created new, complex, and unprecedented threats to libraries’ commitment to protecting user privacy.”
– “Ethics in Research Use of Library Patron Data Glossary and Explainer,” from The Digital Library Federation Technologies of Surveillance Group, is about the risks of gathering data on students.

Just two of the people worth reading regularly (if you don’t already):
– Cory Doctorow (@doctorow on Twitter): outspoken and plain-language takes on privacy, surveillance capitalism, and technology. E.g. “LinkedIn to Libraries: Drop Dead.”
– Dorothea Salo (@LibSkrat on Twitter): an academic librarian and library-school instructor who writes about security and privacy. E.g. “Physical-equivalent privacy.”

About the author

Janis McKenzie is a user experience librarian, writer, occasional singer, and former campus radio person.

These opinions are solely her own.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.