Privacy v. Personalized Services in Libraries

Libraries and Data, Library Vendors and Privacy, Privacy, Technology

By: Lisa Hoover

OCLC Wise LogoEarlier this year an OCLC product called OCLC Wise came to my attention, and made me think a lot about the tension between better service and privacy protection in libraries. Wise encourages libraries to “elevate those [library] experiences” by building relationships with the community and communicating the value of your library (OCLC, 2018).

Apparently Wise is used by a large chunk of public libraries in the Netherlands, but only recently became available in the U.S. Wise does the standard library system tasks such as acquisition, cataloging and circulation, but the major pull is that it also integrates marketing, outreach and analytics to create “more personalized and targeted communications with patrons” (Enis, 2018). To this end, it allows user-generated tags, lists, ratings and reviews.

Mary Sauer-Games, the VP of global product management at OCLC, told Library Journal that Wise allows circulation data to inform marketing campaigns and “spot local trends to consider when making acquisitions” (Enis, 2018). Wise also “aims to deliver a tailored experience, using a patron’s past behavior to highlight upcoming events or suggest books and other content they might enjoy” (Enis, 2018). In sum, it’s intended to compile data on patrons to allow more personalized outreach.

This makes a lot of sense in many ways. Society has evolved to expect this type of personalized recommendation system from providers like Amazon and Netflix. (Who doesn’t love the suggestions for what to read or watch next, right?) I think most of us have even gotten used to seeing personalized advertising in our Facebook feeds or Google ads.

We’ve gotten used to, expect, and maybe even enjoy the fact that the web evolves to offer us more of what we want and less of what we don’t. As a side note, this raises all kinds of other issues like filter bubbles and confirmation bias, but that’s a whole other can of information literacy worms.

LibrarySo it makes all kinds of sense that libraries, who are always striving to better serve our patrons, would want to get in on this trend. Built in readers’ advisory sounds great, right? Making advertising more targeted so you aren’t spamming people about events they don’t want to attend, so they will really pay attention to the marketing for things they do want, seems like a win-win for the library and the patron. However, there is a downside, and I am guessing most readers suspect where I am going with this.

A Library Journal article on Wise points out that this level of personalization “requires the collection and retention of data regarding a patron’s interactions with the library, such as reading history, events attended, or click-throughs on newsletters” (Enis, 2018, emphasis added).

While the system allows opt-outs for patrons, this immediately raised questions for me about how Wise might/does clash with strongly held library values regarding the protection of patron information and privacy.

Many libraries keep little or no information about patrons beyond their basic contact information – many circulation systems do not keep borrowing data after a book has been returned, and I can’t imagine many libraries keep records of what events patrons attend.

Data vulnerableAlthough there are many reasons for this, the most obvious post-September 11, 2001 is privacy from the government. The government cannot make us share data on our patrons that we don’t have. As soon as we start collecting that data, it’s vulnerable to requests by the government. Sure, this probably doesn’t happen a lot, but it does happen: The Park City Kansas Library was briefly in the spotlight following the arrest of Dennis Rader, the BTK serial killer. Not to mention that all electronically stored data is vulnerable to hacking. As soon as we start to keep this data, it is potentially vulnerable.

But patrons can opt-out. Does this solve the concern? To some extent, sure. It would give your library cover if someone ever complained or, heaven forbid, sued, and it would allow your very privacy conscientious patrons an “out.” However, how many people are going to opt-out? How many will understand why they (maybe) should, or give it any real thought? I doubt many people who are not librarians are thinking about the issue of someone subpoenaing their reading history. I know I am guilty of often clicking-through or “signing off” without a huge amount of thought to privacy policies or sharing of my data, and as a lawyer turned librarian I am probably more attuned to these issues than most people.

Is this an area where we, as the professionals, should protect people from a danger of which they might not be aware? Or is it paternalistic for us to make that judgment for them? I don’t know the answer, probably because there is really no perfect answer. However, I do know that this highlights how traditional library values and practices can conflict with a society that is always looking for faster and more personalized service. Do we follow the expectations set by services like Netflix and Amazon and offer these personalized services to better serve our patrons? Or do we say no, libraries are different, libraries go above and beyond to protect your privacy?

And, if we want to get really philosophical, is this type of automated personalized service really “better” service? Or is this akin to the filter bubble and confirmation bias problem? Does “built in” readers’ advisory risk taking the personal touch away, and make it less likely that readers will branch out to new genres and authors they might not pick up without that personal touch? Does this matter?

I might be overthinking it, but it seems like OCLC’s Wise (and other products like it) raises a great many philosophical questions about our profession and where it is/should be heading.


Enis, M. (2018) OCLC Debuts Wise, an ILS Focused on Community Engagement. Library Journal. Retrieved July 6, 2018 at

OCLC. Wise. Retrieved July 6, 2018 at


Lisa HooverLisa Hoover is a public services librarian at Clarkson University and an adjunct professor in criminal justice at SUNY Canton. In addition to her MLS, Lisa holds a JD and an MA in political science. She began her career as an editor and then manager for a local news organization, adjunct teaching in her “spare time.” She teaches courses in criminal procedure, criminal law and constitutional law. She is passionate about 1st Amendment issues. She recently began her career as a librarian, starting at Clarkson University in June 2017 teaching information literacy sessions and offering reference services. Lisa and her husband Lee live in Norwood, New York with their cats Hercules, Pandora and Nyx and pug-mix Alexstrasza (Alex). Find her on Twitter @LisaHoover01.


  • To further explore the ethical and legal implications of “Big Data” collection in libraries, view the following posts from 2018’s online symposium for Choose Privacy Week:

    Big Brother Is Watching You: The Ethical Role of Libraries and Big Data

    Libraries As Private Spaces by Jason Griffey

    The Challenge of Balancing Customer Service with Privacy by Sarah Houghton

  • Excellent article.

    One question – how do the Netherlands libraries square the opt-out (as opposed to opt-in) with the new GDPR (EU General Data Protection Regulation)

  • Hi Deborah,

    Thank you for sharing those!

    Mark, that’s a great question and I wish I had thought to include that in my discussion. It looks like OCLC has addressed GDPR on their blog, although it doesn’t look like they referenced WISE specifically: “One of the most noticeable changes for our EU-based customers will be the addition of features that will allow more prominent privacy notices to be displayed in many of our hosted products and services. Internal changes are also underway at OCLC. We are implementing a process that will allow us to assist customers of our hosted software services in honoring individual rights requests made pursuant to GDPR. Additionally, we have taken significant steps toward improving our data security policies and procedures, improvements that will continue past the 25 May compliance date. And we appointed a full-time, dedicated Data Protection Officer who will be our single point of contact for data privacy matters going forward.”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.