Editor’s Note: We first quoted Caltech Artist-in-Residence David Kremers maxim, “Privacy is the new luxury” back in 2009. In the decade since then, we’ve seen a continuous assault on personal privacy, as surveillance has become the dominant business model on the internet. We’ve approached questions of privacy from many different angles over the years here at The Scholarly Kitchen, including technology architectural approaches to privacy (particularly relevant in light of new authentication systems like RA21), as well as striving to find the right balance between personalization and privacy).
Librarians have long been stalwart guardians of patron privacy — an increasingly difficult task in the era of Google and Facebook. Today’s post is by Mimi Calter, Deputy University Librarian for Stanford University, who brings a useful framework for libraries as they consider patron privacy.
Patron privacy has been a long-standing concern of libraries, and in the era of Facebook data-sharing scandals and of GDPR, the privacy of users of digital content is an increasing concern. In response to that general issue, and to several specific difficulties with data providers, Stanford Libraries, with support from a number of our peer institutions, have put forward a Statement on Patron Privacy and Database Access.
Our goal in putting forward this public statement is, first and foremost, to clarify our commitment to our patrons: our campus communities. We want our patrons to know our position and priorities, but, more importantly, we want to be clear with our vendors and data providers that we take this position and our responsibility very seriously. That responsibility in some cases is statutory, but is always an ethical one, as noted in the ALA code of ethics and ALA Library Bill of Rights. We value our role as trusted providers, we have a responsibility for safeguarding patron data, and we will be attentive to that responsibility when we are the customers of data service providers. We will be focused on this issue when drafting and reviewing contracts, and we will be firm on these principles in negotiating terms.
Our particular concern is the issue of transparency and disclosure. We recognize that some users may choose to share their personal data to establish accounts, for example for the sake of a customized or enhanced user experience. The growing trend that concerns us is towards the silent, or unknowing, sharing of patron data. We are seeing a growing number of demands for data from the library, by the provider, “on behalf of the patron,” but without their knowledge or control. We’ve seen the trend in consumer industries, and it is bleeding into information and content services licensed by libraries. This is unacceptable.
Silent sharing creeps in through different ways.
- We have seen examples of data use or privacy clauses that allow for change without notice. This is unacceptable because libraries have a responsibility to ensure that these clauses comply with laws and local policies, which necessitates advance review and approval of any change.
- We see clauses that allow patron data to be shared broadly with third parties. This is unacceptable because we cannot allow our patron data to be shared in ways that are not directly related to the provision of service or in ways that are not secure.
- We see proposed terms that allow for broad capture and open-ended use of patron data and patron activity. This is unacceptable because it is at odds with our long-standing practice of capturing and retaining the minimum data required to provide the desired service.
- We see data and user security terms that demonstrate a lack of understanding by vendors and content providers about GDPR and data privacy. This is unacceptable because, though we are a US-based institution, we have many connections with Europe that require us to comply with these standards.
- We see examples of existing accounts, that were created under acceptable data use policies, or under no data use policy at all, being migrated to new platforms, with different data reuse terms, without notice. This is unacceptable because it does not allow users to make an informed choice about the use of their data, and again does not allow libraries to ensure compliance.
- And we see the growth of potentially high-value initiatives such as RA21, which may bring increased pressure to expose more patron data as a “standard” part of access to digital resources. These must be carefully structured to minimize exposure of patron data as much as possible, but always to ensure disclosure of any PII that may be transmitted.
So our recent statement is to make clear that patron privacy is a matter of fundamental principle for major research libraries. And to demonstrate to our vendors that we are watching. And to show that we are coordinated in our efforts.
As the Identity Providers for our patrons, we must be proactive in protecting them, and we will insist that any data sharing is done under thoroughly informed and expressed consent. We will hold content providers and vendors accountable for their intent, actions, and security practices. Of course, privacy and data management standards will be an ongoing discussion. We expect change, and we welcome debate. But our dedication to protecting patron privacy will be clear and unwavering.