A few years ago, after the disclosure that Amazon was collecting and storing user data associated with the loan of library e-books to Kindle users, I wrote an article briefly exploring the “digital dilemma” associated with providing users access to e-books and other resources via third party vendors. At the time I noted that
[t]he current model of digital content delivery for libraries places library users’ privacy at risk. Authorizing the loan of an ebook or the use of a database can communicate unique identifiers or personally identifiable information that reveals a user’s identity. Databases and e-readers create records of users’ intellectual activities that can include search terms, highlighted phrases, and what pages the individuals actually read. Easily aggregated–and then associated–with a particular user, such records can be used against the reader as evidence of intent or belief, especially if the records are stored on vendors’ servers, where they are subject to discovery by law enforcement.
Now the same issue has arisen in regards to Adobe Digital Editions’ collection of reader data and its transmission back to Adobe as unencrypted data sent through unsecured networks. The Library Information Technology Association’s LITA Blog outlines the technical issues. ALA President Courtney Young has commented on the issue and outlines ALA’s planned response.
The ethical issues are clear: it is the responsibility of librarians to establish policies to prevent any threat to privacy posed by new technologies. Libraries need to ensure that contracts and licenses reflect their policies and legal obligations concerning user privacy and confidentiality. Whenever a third party has access to personally identifiable information (PII), the agreements need to address appropriate restrictions on the use, aggregation, dissemination, and sale of that information, particularly information about minors. In circumstances in which there is a risk that PII may be disclosed, the library should warn its users. (See Questions 13 and 22 in the IFC’s Q & A on Privacy and Confidentiality, and Privacy: An Interpretation of the Library Bill of Rights.) In addition, careful thought should be given to the kinds of data that are collected and stored about library users’ reading habits; no personally identifiable data should be collected unless it is essential for the provision of resources and services to the library user, and any data collected should be discarded as soon as it is no longer needed (See the 2006 Resolution on the Retention of Library Usage Records.)
The legal issues are murkier. The majority of state library confidentiality records require libraries to prevent disclosure of library users’ records to third parties in the absence of user consent or a court order or other legal process compelling disclosure. But these laws often do not govern the behavior of third party vendors entrusted with library users’ information. Both Missouri and California have tried to address this by amending their library confidentiality laws to extend the duty to protect library user records to vendors. (See Missouri §185.815 – §185.817, amended and Cal. Gov. Code §6267.) Ultimately, however, the library must be responsible for assuring the privacy and confidentiality of their users’ records.
As libraries move to adopt digital content and new technologies, librarians need to assure that the use of library users’ data for these services does not weaken privacy protections for library users’ data or blur the line between public and confidential records. This will require a firm commitment to the profession’s obligation to protect the confidentiality of library users’ information and the will to advocate for greater legal protections for library users’ data that ensure reader privacy and protect against censorship, whether it is a private, contractual arrangement with the vendor or a public policy solution that includes amending or adopting library confidentiality laws that apply equally to any entity, public or private, that manages, stores, or uses library user data.