ATG Hot Topic: Perspectives on Patron Privacy

by | May 31, 2019 | 0 comments

Courtney McAllister

by Courtney McAllister

 

The day after commencement, my library hosted a SNELLA (Southern New England Law Librarians’ Association) spring meeting. Recent graduates and their families had dispersed, leaving the halls and classrooms eerily quiet. It was a perfect opportunity to get together and reflect on this session’s featured topic: ethics and privacy in libraries.

Privacy has on my mind in light of the recent RA21 draft, which recommends remote access authentication measures that are not IP-based. Many in the community have raised questions about what these recommendations would mean for managing user data and ensuring a responsible balance between user friendly design and data security. Remote access to library resources is currently most often based on IP range, but using more granular identifying factors as the basis for authentication could lead to the collection and retention of more unique user information. Clearly, the RA21 recommendations are still in draft form, and the conversation will be ongoing, but the initial draft and the responses it elicited have kept privacy on my radar for the past few weeks. Needless to say, I was excited to see SNELLA’s meeting theme would be relevant.

Patron privacy has been a longstanding concern for libraries of all types. In addition to the personal information connected to your library account, any records relating to which materials you have checked out or asked to see are considered private. This might seem like a fairly straightforward equation: libraries are there to provide access to information, not monitor your habits or engage in any form of surveillance. However, this tenet has led to some controversy. At the SNELLA meeting, we heard from two members of the Connecticut Four, three librarians and one administrator who refused to compromise their commitment to patron privacy and ended up challenging the USA Patriot Act.

It has been over a decade since the Connecticut Four case, but we still have a lot of work to do in understanding what privacy really means in the 21st century and how it impacts the way we serve our users.

Libraries have a lot of opportunities at the local level to uphold privacy, and can use system configurations and policies to reflect the profession’s commitment to protecting patron information. However, the networked age and growing reliance on electronic resources complicate the picture. Rather than just scrutinizing our local library’s Integrated Library System settings, we have to take a holistic view and assess the complex relationship between our users’, their information, and every platform and service with which they might engage. Third party service ad content providers’ attitude towards user privacy might not automatically be compatible with a library’s, and it’s important for librarians to think carefully about what user data is being captured by these products, how it might be used, and whether or not individual users are given the opportunity to opt out of the data collection process.

For me, the most difficult aspect of this issue is that lots of user data is needed to further the development of new tools and systems – things like AI and predictive modeling can only really function if real user data is integrated into them. Many users seem to want more sophisticated personalization, including search results that more closely match their interests and past search patterns. Personally, I worry about the “filter bubble” keeping me from encountering new or interesting things that might challenge my existing position, but many value the convenience and find it preferable to scrolling through pages of search results based solely on relevance to the entered term or query phrase.

Recommendation and referral systems are similarly popular with some users. Amazon’s recommendations have shaped user expectations to crave, or at least appreciate, “more like” recommendation-based discovery. Again, the creation and refinement of those features relies on some access to user data. This raises a concern I keep stewing over: As a librarian, is my primary responsibility to serve my users or uphold the professional standards of patron privacy? I think of these as synonymous, but what if there is some tension between the two? What should I do if my ardent protection of patron privacy actually impedes the development of what patrons want? Do our professional values ever get in the way of actually meeting our users’ needs?

I really struggle with this dilemma. While I do not have any real wisdom or insight to impart, I have been thinking more about advocating for transparency instead of strictly focusing on privacy. If our users understand what data walls and information retention could mean for them later on, and they still want to opt in for personalized tools, I think they have the right to make that cost/benefit analysis. Is our job to fight to preserve that choice and ensure the use and application of that data is clearly stated? Maybe this approach could help libraries fight for accountability when it comes to how user data is incorporated into the development and refinement for things like personalized search results.

I think knowing where the data is going, and how it might be used or sold in other circumstances, is very important to keep a watchful eye on. Data is a hot commodity, and information about users, their behavior, and needs can be more lucrative to a company than traditional service or subscription models. During the SNELLA meeting, Sarah Lamdan shared her recent research findings, which trace some troubling relationships between third party research tools, user information, and data brokers.

Considering these insidious entanglements between library resources and the wider nexus of data commodification, the issue of privacy seems too vast and complex to meaningfully engage with. After indulging in some useless fretting, I have tried to settle my brain and focus on a few takeaways or action items.

  • As information professionals, educating ourselves about privacy needs to be a bigger priority. Personally, I want to refine my understanding of how data is harvested and commodified, how it is anonymized (or not), and who is profiting from it.
  • Learn about the legislation related to patron privacy. Public library user privacy is often protected in state privacy laws, which can be cited during privacy-centric discussions or negotiations.
  • Educate our users about what data is being collected and by whom when they use library services or collections. A flowchart or spreadsheet can help visualize the different types of data and how it might be used.
  • Help users understand that personalization and recommendations are the product of user data gathering and analysis. This may or may not shift preferences or user requests, but it will at least help users make informed decisions.
  • Be as straightforward as possible about how search algorithms operate in our discovery layers. Sometimes they are considered proprietary, so you might not be able to share, but, when you can, consider giving users digestible information about how results are being matches to queries behind the scenes.
  • To help protect transparency, advocating for user choice in license agreements and other terms of service can be one strategy to work with third party content or service providers. Including a clause about user data or privacy in one’s model license agreement could be useful, as well as some language about giving individual users the opportunity to opt in or out of any data gathering that happens on an individual account or session level.
  • Ensure our industry partners know that privacy is a priority for us. There can be a culture clash when library values and vendor/publisher values are not in sync, but more honest conversation about our ethics and commitment to privacy can at least help demystify where libraries are coming from. We might have more in common than we expect!

For further discussion:

  • How do you think libraries should position themselves in terms of patron privacy?
  • Have you ever had to take a stand to protect patron privacy? What was the most difficult aspect?
  • What sources do you turn to to stay abreast of privacy concerns or developments?

 

 

 

Pin It on Pinterest