Lynda’s Privacy Problem

Intellectual Freedom Issues, Library Vendors and Privacy, Privacy

By: guest contributor Samantha Lee

LyndaLibrary Logo

Libraries deal in providing resources to the public; books – yes, but also DVDs, computer/internet access, research help, 3D printers, early childhood literacy programming, cultural enrichment, technology training, meeting room spaces and many other resources too numerous to list. Many libraries provide online access to subscription databases to library cardholders, such as OverDrive/Libby and Hoopla – which provides eBook access to patrons from the comfort of their homes. LyndaLibrary from Lynda.com is another one of these subscription databases that offers technology training resources. It had been long cherished by patrons for offering cost-effective skills training by industry experts in an easy-to-use platform. Those libraries lucky enough to be able to afford and provide LyndaLibrary to their patrons had many praises for the subscription database and platform.

In 2015, Lynda.com was acquired by LinkedIn, the professional networking site used by job-seekers and employers, and has since been rebranded as LinkedIn Learning. Recently, an email from a local librarian to the Connecticut library listserv alerted the community to a problematic platform update to LyndaLibrary/LinkedIn Learning. Library users would be required to create a LinkedIn account to use the LyndaLibrary technology learning resources. That librarian expressed concerns about patron privacy on LinkedIn. Other librarians consulted their account representatives and when pushed on the patron privacy concerns, they failed to adequately address the privacy concerns. As a result, a few libraries have reported that they would not be renewing their contracts with LyndaLibrary/LinkedIn Learning.

LyndaLibrary/LinkedIn Learning is seemingly still going forward with their planned platform update and the LinkedIn account requirement for library patrons, despite input from librarians in Connecticut voicing their collective concerns. There is seemingly no privacy policy distinction between LinkedIn Learning library users and other LinkedIn users. The concerns as related to our professional ethics are as laid out:

From the Library Bill of Rights (adopted January 29, 2019), Article VII:

All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information.

Further clarification is provided by ALA Questions and Answers on Privacy and Confidentiality’s answer to question 22:

Does the library’s responsibility for user privacy and confidentiality extend to licenses and agreements with outside vendors and contractors?

Most libraries conduct business with a variety of vendors in order to provide access to electronic resources, to acquire and run their automated systems, and in some instances, to offer remote storage (e.g. “cloud computing) or to enable access to the Internet. Libraries need to ensure that contracts and licenses reflect their policies and legal obligations concerning user privacy and confidentiality. Whenever a third party has access to personally identifiable information (PII), the agreements need to address appropriate restrictions on the use, aggregation, dissemination, and sale of that information, particularly information about minors. In circumstances in which there is a risk that PII may be disclosed, the library should warn its users.

LyndaLibrary had access to library card numbers for verification purposes. With the proposed change to require patrons to get LinkedIn accounts to access the Lynda resources, LinkedIn Learning would have access to more personally identifiable information than they would have as LyndaLibrary. To get a LinkedIn account, patrons would need to provide an email address and their first and last names. This is more PII than other library e-content vendors would require (OverDrive requires library card numbers only, Hoopla requires a library card and email). After a user creates an account, they are prompted to then add employment history and import their email contacts – under the presumption to help users expand their professional network. So LinkedIn would not only have patron information, but also information for others who did not agree to use its platform. The same patrons who are turning to LyndaLibrary to improve their technology skills are also the same patrons who may not know to protect their PII or practice good digital hygiene. LinkedIn is strategically taking advantage of technology novices all the while fleecing money from limited library budgets.

Perhaps LinkedIn Learning was not aware of their responsibility to user privacy and confidentiality as an outside vendor to libraries. Even so, if libraries’ policy obligations of are not enough to encourage LinkedIn Learning to change their account requirement for library users, then perhaps the legal obligations would. Connecticut’s General Statutes, Chapter 190 Public Libraries, Section 11-25 (b) dictates:

Notwithstanding section 1-210, records maintained by libraries that can be used to identify any library user, or link any user to a library transaction, regardless of format, shall be kept confidential, except that the records may be disclosed to officers, employees and agents of the library, as necessary for operation of the library.

As an outside vendor providing services to library users, any activity on LinkedIn Learning as a library patron would constitute a library transaction and therefore should “be kept confidential.” This becomes problematic when we look at LinkedIn’s Privacy Policy (again, indistinguishable from LyndaLibrary/LinkedIn Learning’s platform) and its indiscriminate collection of user information. From LinkedIn’s Privacy Policy:

1.3 Service Use

We log usage data when you visit or otherwise use our Services, including our sites, app and platform technology (e.g., our off-site plugins), such as when you view or click on content (e.g., learning video) or ads (on or off our sites and apps), perform a search, install or update one of our mobile apps, share articles or apply for jobs. We use log-ins, cookies, device information and internet protocol (“IP”) addresses to identify you and log your use.

Considered with:

4.1 Data Retention

We retain your personal data while your account is in existence or as needed to provide you Services. This includes data you or others provided to us and data generated or inferred from your use of our Services. Even if you only use our Services when looking for a new job every few years, we will retain your information and keep your profile open until you decide to close your account. In some cases we choose to retain certain information (e.g., visits to sites carrying our “share with LinkedIn” or “apply with LinkedIn” plugins without clicking on the plugin) in a depersonalized or aggregated form.

It would appear from this language that LinkedIn keeps user information indefinitely. Most libraries do not keep library patron records indefinitely. As an extension of the library, LyndaLibrary/LinkedIn Learning should be held to libraries’ stricter standards (see Library Privacy Guidelines for E-Book Lending and Digital Content Vendors “User data should not be retained in perpetuity.”). It is possible that LinkedIn occasionally purges their logs of inactive accounts, but without saying so explicitly in their privacy policy, we cannot be sure that it will be.

The information collected by LinkedIn includes, “IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier… data about your location” (1.5 Your Device and Location). Later, LinkedIn says, “We will share your personal data with our affiliates” (3.4 Related Services) and “We can also share your personal data as part of a sale, merger or change in control, or in preparation for any of these events” (3.7 Change in Control or Sale). In the User Agreement, Section 3.1 Your License to LinkedIn:

… you are only granting LinkedIn and our affiliates the following non-exclusive license:

A worldwide, transferable and sublicensable right to use, copy, modify, distribute, publish, and process, information and content that you provide through our Services and the services of others, without any further consent, notice and/or compensation to you or others.

This would run counter to the Guidelines above, “agreements between libraries and vendors should also specify that libraries retain ownership of all data and that the vendor agrees to observe the library’s privacy policies and data retention and security policies.” LyndaLibrary/LinkedIn Learning has decided that they are more qualified to handle library patron data outside of our libraries by requiring patrons get LinkedIn accounts and retaining patron information.

In dealing with the limited budgets, libraries are task with the challenge of providing the best resources to serve the community. They are entrusted to use their budgets wisely for the intellectual and recreational enrichment of their communities. It seems that LyndaLibrary/LinkedIn Learning is milking libraries’ tax dollars and forcing patrons to join a social media platform with complete disregard to privacy concerns.

I encourage all libraries to push their LyndaLibrary/LinkedIn Learning representatives on these privacy concerns as laid out above. Our professional ethics requires us to do this hard and daunting work to protect patron privacy and to hold our e-content vendors responsible. If LinkedIn Learning cannot take our profession’s concerns seriously – while marketing their product to us almost exclusively, then we can and will take our business elsewhere. Maybe then they will be willing to adopt the changes we require to protect patron privacy.


Samantha Lee

Samantha Lee is the Intellectual Freedom Committee Chair of the Connecticut Library Association and Head of Reference Services at the Enfield Public Library. She is committed to protecting intellectual freedom and patron privacy, and helping patrons improve their techno-literacies. She is especially proud of her “Radical Militant Librarian” button and is fond of cookbooks, baked goods and micro-histories.

5 comments

  • I work at the NEKLS library system in KS and we made that same decision last week. Our service is up for renewal in July and the renewal info our rep sent us had nothing about the new requirement for a LinkedIn account that will be implemented this summer. When I asked, she was unable to adequately assure me that the data asked for was the same as Lynda had always required and that the new account process would not be a burden to our patrons. We won’t be renewing this year in KS, either.

  • Thank you for sharing your concerns. Protecting our members’ trust and data is always our first priority at LinkedIn. This principle guides our actions and decisions every day and we take this very seriously.

    By creating a LinkedIn profile, it allows us to authenticate that users are real people, further protecting our LinkedIn Learning customers and members from bad actors and fraud. With access to LinkedIn Learning’s 14,000+ courses, library patrons will receive personalized course recommendations. And this change allows patrons to retain their learning history if they lose their library card or change cities as learning history will be tied to their LinkedIn profile.

    Please know that patrons – and all of our members across corporations, universities, governments and libraries – have control over their privacy and the information that appears on their LinkedIn profile, via the Setting and Privacy page.

    More information about our privacy can be found here if interested to learn more.

  • Excellent article. I pushed our rep pretty hard on this last week. I asked them to consider how libraries would be perceived if we had databases that required patrons to set up a Facebook account to use the service. The answer was not all that reassuring. It was all about how LinkedIn is a different platform than Facebook, not addressing the privacy concerns at all. The rep. tried to tell me that to separate the service would require too much work for their LinkedIn programmers, so requiring patrons to sign up for a LinkedIn account was a nonnegotiable requirement. I don’t think they anticipated this pushback from us.

  • Made a phone call today to customer service and was pretty well assured that library concerns about privacy and commercialization of public information resources are being dismissed. In Teton County, Wyoming, we will be seriously evaluating alternative resources. Lynda will be missed.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.