Lynda’s Privacy Problem
By: guest contributor Samantha Lee (updates added below)
Libraries deal in providing resources to the public; books – yes, but also DVDs, computer/internet access, research help, 3D printers, early childhood literacy programming, cultural enrichment, technology training, meeting room spaces and many other resources too numerous to list. Many libraries provide online access to subscription databases to library cardholders, such as OverDrive/Libby and Hoopla – which provides eBook access to patrons from the comfort of their homes. LyndaLibrary from Lynda.com is another one of these subscription databases that offers technology training resources. It had been long cherished by patrons for offering cost-effective skills training by industry experts in an easy-to-use platform. Those libraries lucky enough to be able to afford and provide LyndaLibrary to their patrons had many praises for the subscription database and platform.
In 2015, Lynda.com was acquired by LinkedIn, the professional networking site used by job-seekers and employers, and has since been rebranded as LinkedIn Learning. Recently, an email from a local librarian to the Connecticut library listserv alerted the community to a problematic platform update to LyndaLibrary/LinkedIn Learning. Library users would be required to create a LinkedIn account to use the LyndaLibrary technology learning resources. That librarian expressed concerns about patron privacy on LinkedIn. Other librarians consulted their account representatives and when pushed on the patron privacy concerns, they failed to adequately address the privacy concerns. As a result, a few libraries have reported that they would not be renewing their contracts with LyndaLibrary/LinkedIn Learning.
LyndaLibrary/LinkedIn Learning is seemingly still going forward with their planned platform update and the LinkedIn account requirement for library patrons, despite input from librarians in Connecticut voicing their collective concerns. There is seemingly no privacy policy distinction between LinkedIn Learning library users and other LinkedIn users. The concerns as related to our professional ethics are as laid out:
From the Library Bill of Rights (adopted January 29, 2019), Article VII:
All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information.
Further clarification is provided by ALA Questions and Answers on Privacy and Confidentiality’s answer to question 22:
Does the library’s responsibility for user privacy and confidentiality extend to licenses and agreements with outside vendors and contractors?
Most libraries conduct business with a variety of vendors in order to provide access to electronic resources, to acquire and run their automated systems, and in some instances, to offer remote storage (e.g. “cloud computing) or to enable access to the Internet. Libraries need to ensure that contracts and licenses reflect their policies and legal obligations concerning user privacy and confidentiality. Whenever a third party has access to personally identifiable information (PII), the agreements need to address appropriate restrictions on the use, aggregation, dissemination, and sale of that information, particularly information about minors. In circumstances in which there is a risk that PII may be disclosed, the library should warn its users.
LyndaLibrary had access to library card numbers for verification purposes. With the proposed change to require patrons to get LinkedIn accounts to access the Lynda resources, LinkedIn Learning would have access to more personally identifiable information than they would have as LyndaLibrary. To get a LinkedIn account, patrons would need to provide an email address and their first and last names. This is more PII than other library e-content vendors would require (OverDrive requires library card numbers only, Hoopla requires a library card and email). After a user creates an account, they are prompted to then add employment history and import their email contacts – under the presumption to help users expand their professional network. So LinkedIn would not only have patron information, but also information for others who did not agree to use its platform. The same patrons who are turning to LyndaLibrary to improve their technology skills are also the same patrons who may not know to protect their PII or practice good digital hygiene. LinkedIn is strategically taking advantage of technology novices all the while fleecing money from limited library budgets.
Perhaps LinkedIn Learning was not aware of their responsibility to user privacy and confidentiality as an outside vendor to libraries. Even so, if libraries’ policy obligations of are not enough to encourage LinkedIn Learning to change their account requirement for library users, then perhaps the legal obligations would. Connecticut’s General Statutes, Chapter 190 Public Libraries, Section 11-25 (b) dictates:
Notwithstanding section 1-210, records maintained by libraries that can be used to identify any library user, or link any user to a library transaction, regardless of format, shall be kept confidential, except that the records may be disclosed to officers, employees and agents of the library, as necessary for operation of the library.
As an outside vendor providing services to library users, any activity on LinkedIn Learning as a library patron would constitute a library transaction and therefore should “be kept confidential.” This becomes problematic when we look at LinkedIn’s Privacy Policy (again, indistinguishable from LyndaLibrary/LinkedIn Learning’s platform) and its indiscriminate collection of user information. From LinkedIn’s Privacy Policy:
1.3 Service Use
We log usage data when you visit or otherwise use our Services, including our sites, app and platform technology (e.g., our off-site plugins), such as when you view or click on content (e.g., learning video) or ads (on or off our sites and apps), perform a search, install or update one of our mobile apps, share articles or apply for jobs. We use log-ins, cookies, device information and internet protocol (“IP”) addresses to identify you and log your use.
Considered with:
4.1 Data Retention
We retain your personal data while your account is in existence or as needed to provide you Services. This includes data you or others provided to us and data generated or inferred from your use of our Services. Even if you only use our Services when looking for a new job every few years, we will retain your information and keep your profile open until you decide to close your account. In some cases we choose to retain certain information (e.g., visits to sites carrying our “share with LinkedIn” or “apply with LinkedIn” plugins without clicking on the plugin) in a depersonalized or aggregated form.
It would appear from this language that LinkedIn keeps user information indefinitely. Most libraries do not keep library patron records indefinitely. As an extension of the library, LyndaLibrary/LinkedIn Learning should be held to libraries’ stricter standards (see Library Privacy Guidelines for E-Book Lending and Digital Content Vendors “User data should not be retained in perpetuity.”). It is possible that LinkedIn occasionally purges their logs of inactive accounts, but without saying so explicitly in their privacy policy, we cannot be sure that it will be.
The information collected by LinkedIn includes, “IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier… data about your location” (1.5 Your Device and Location). Later, LinkedIn says, “We will share your personal data with our affiliates” (3.4 Related Services) and “We can also share your personal data as part of a sale, merger or change in control, or in preparation for any of these events” (3.7 Change in Control or Sale). In the User Agreement, Section 3.1 Your License to LinkedIn:
… you are only granting LinkedIn and our affiliates the following non-exclusive license:
A worldwide, transferable and sublicensable right to use, copy, modify, distribute, publish, and process, information and content that you provide through our Services and the services of others, without any further consent, notice and/or compensation to you or others.
This would run counter to the Guidelines above, “agreements between libraries and vendors should also specify that libraries retain ownership of all data and that the vendor agrees to observe the library’s privacy policies and data retention and security policies.” LyndaLibrary/LinkedIn Learning has decided that they are more qualified to handle library patron data outside of our libraries by requiring patrons get LinkedIn accounts and retaining patron information.
In dealing with the limited budgets, libraries are task with the challenge of providing the best resources to serve the community. They are entrusted to use their budgets wisely for the intellectual and recreational enrichment of their communities. It seems that LyndaLibrary/LinkedIn Learning is milking libraries’ tax dollars and forcing patrons to join a social media platform with complete disregard to privacy concerns.
I encourage all libraries to push their LyndaLibrary/LinkedIn Learning representatives on these privacy concerns as laid out above. Our professional ethics requires us to do this hard and daunting work to protect patron privacy and to hold our e-content vendors responsible. If LinkedIn Learning cannot take our profession’s concerns seriously – while marketing their product to us almost exclusively, then we can and will take our business elsewhere. Maybe then they will be willing to adopt the changes we require to protect patron privacy.
Since publication of the blog post – LinkedIn Learning has provided more information about the account requirements for LinkedIn Learning for Libraries (the Lynda.com replacement). Patrons will need to provide an email address, password, first and last names, their library card, and pin to access LinkedIn Learning for Libraries. This would create a publicly searchable profile. Patrons then have the option to opt into an “obscure” profile within the convoluted privacy settings. An obscure profile will initialize the last name and turn off discoverability of the profile on search engines. Our professional ethics have always been grounded in privacy and confidentiality for patrons – we protect first and then let patrons decide what to share. For a library vendor to create a platform that would automatically compromise a patron’s privacy by creating a publicly searchable profile is reprehensible.
Furthermore, after creating a LinkedIn account, patrons will then receive new member welcome emails that “educates new members on how to get the most value out of LinkedIn.” Those emails would encourage patrons to provide more information to LinkedIn to “complete” their profiles; such as employment history, education, access to their contacts list, and profile photo. The additional information is non-essential to the education and instruction of a patron or functionality and operation of the site. The additional information, instead, is a data gold mine of information with which to create targeted advertising.
LinkedIn has been very careful to tell librarians that users will not see advertising on LinkedIn Learning. However, with the creation of a public profile, systematic social engineering to gather more information about users, coupled with the concerning language in their policies – it’s become obvious that LinkedIn isn’t concerned with patron privacy the same way our code of ethics requires of us.
LinkedIn claimed that the migration from LyndaLibrary to LinkedIn Learning for Libraries was necessitated by fraudulent library accounts created to access Lynda. The most cost-effective way to protect their content was to build a platform off the existing infrastructure of LinkedIn. This includes the use artificial intelligence technology that would verify “real” library users of LinkedIn Learning from the fake ones. LinkedIn presumes to supersede a library’s authority to authenticate patrons – a gross overstep.
Samantha Lee is the Intellectual Freedom Committee Chair of the Connecticut Library Association and Head of Reference Services at the Enfield Public Library. She is committed to protecting intellectual freedom and patron privacy, and helping patrons improve their techno-literacies. She is especially proud of her “Radical Militant Librarian” button and is fond of cookbooks, baked goods and micro-histories.
27 comments
I work at the NEKLS library system in KS and we made that same decision last week. Our service is up for renewal in July and the renewal info our rep sent us had nothing about the new requirement for a LinkedIn account that will be implemented this summer. When I asked, she was unable to adequately assure me that the data asked for was the same as Lynda had always required and that the new account process would not be a burden to our patrons. We won’t be renewing this year in KS, either.
Thank you for sharing your concerns. Protecting our members’ trust and data is always our first priority at LinkedIn. This principle guides our actions and decisions every day and we take this very seriously.
By creating a LinkedIn profile, it allows us to authenticate that users are real people, further protecting our LinkedIn Learning customers and members from bad actors and fraud. With access to LinkedIn Learning’s 14,000+ courses, library patrons will receive personalized course recommendations. And this change allows patrons to retain their learning history if they lose their library card or change cities as learning history will be tied to their LinkedIn profile.
Please know that patrons – and all of our members across corporations, universities, governments and libraries – have control over their privacy and the information that appears on their LinkedIn profile, via the Setting and Privacy page.
More information about our privacy can be found here if interested to learn more.
Excellent article. I pushed our rep pretty hard on this last week. I asked them to consider how libraries would be perceived if we had databases that required patrons to set up a Facebook account to use the service. The answer was not all that reassuring. It was all about how LinkedIn is a different platform than Facebook, not addressing the privacy concerns at all. The rep. tried to tell me that to separate the service would require too much work for their LinkedIn programmers, so requiring patrons to sign up for a LinkedIn account was a nonnegotiable requirement. I don’t think they anticipated this pushback from us.
Made a phone call today to customer service and was pretty well assured that library concerns about privacy and commercialization of public information resources are being dismissed. In Teton County, Wyoming, we will be seriously evaluating alternative resources. Lynda will be missed.
Thank you for your article. We’re investigating this at my university right now and it seems that they have set it up so that one has the option of ‘opting’ out of linking your academic account with your LinkedIn profile if you have one
Thank you for this article, I found it very informative and also a little disturbing. KnowledgeCity is another platform available to libraries that does not require library patrons to give up their private information. Patrons can access the training through their library’s website using their library card. https://www.knowledgecity.com/en/signUp/type/library
Honestly this is a bit blown out of proportion. First of all the idea that you are in any way “anonymous” when using any web-based resources is naive.
More to the point, however, is that LinkedIn requires 0 verification of identity. So you are free to create as many accounts with bogus information as you like.
Finally, Lynda resources are not free. So before this change there had to have been SOME sort of authentication method for access rights. Perhaps the library acted as a middle-man in the process, but even if you sign in with your library account and not a LinkedIn one, the security implications are nearly identical. And let’s be honest, if anything LinkedIn probably has a better security stance than the average library system.
Finally, it is SUPER ironic that you are “required” to put in a name in email to comment here!
@LetsCalmDown may be missing the point a little.
Anonymity is certainly not a guarantee, but that doesn’t mean we should let it erode when we have a chance to control it. Honestly, it’s all the more reason we shouldn’t just blindly accept when more privacy is being removed.
“LinkedIn requires 0 verification of identity” seems contradictory to what LinkedIn themselves are saying. This requirement of an account from libraries and not universities is because they claim they DO have the ability to verify actual users with an account. If you could create bogus accounts, there would be absolutely no reason to require a LinkedIn account.
Your third paragraph contradicts your second paragraph. What security is added by requiring a LinkedIn profile that isn’t already covered by library card and PIN requirements?
Finally, this site is different from a public library. This site caters to professionals and consenting adults with a less invasive ToS, whereas a library and its contents should be accessible to everybody. You understand there is a huge difference between a comment form on a blog and an entire social media account?
I am curious which platforms people are considering replacing LinkedIn Learning with. Before Lynda we looked into other platforms, including Gale Courses, but found them too expensive or not up to standards. I see a suggestion for Knowledge City, which I will look into, but I am curious about other platforms. I agree that privacy is an issue, but so is not providing an alternative. Thanks in advance for suggestions!
Wise Learning is a good alternative. They are privacy focussed and have some great tools to increase usage of the resource in the library. The rep’s name is Manish Arora and his email is manish [AT] tabletwise.com.