February 16, 2018

How Sacred Are Our Patrons’ Privacy Rights? Answer Carefully | Peer to Peer Review

Rick AndersonMy last column addressed some of the tensions that underlie the idea of “not letting the perfect be the enemy of the good” in library leadership, and at the end I promised that my next would deal in a similar way with trying to balance the occasional tension between problems that are truly important and those that are merely “noisy.”

However, an issue has come up in the meantime that is more timely and urgent, so I’m putting off the “noisy vs. important” column until next time. This month I want to address the issue of patron privacy in the context of the recent revelations about privacy incursions in the latest version of Adobe Digital Editions (ADE)—specifically, the fact that version 4 of the e-reader software gathers highly specific data about individual users’ reading behavior and transmits it, unencrypted and with all identifying information included as well as other data culled from the user’s machine, back to Adobe. (A very useful running summary of the issue and details about how the situation is quickly evolving can be found at the Digital Reader blog.)

Understandably and rightly, the fact that this is happening has ignited something of a firestorm in the library world and elsewhere. Also understandably and also rightly, it has led to hand-wringing and soul-searching within the library profession, as well as some intramural vituperation, particularly from those who have never been comfortable with the information ecology’s marked drift in a digital and networked direction over the past couple of decades.

For what it’s worth, I’d like to provide another perspective on this issue and its implications for library services, one based on two interlocking propositions.

Proposition #1: Our Patrons’ Privacy Is Not Ours to Mess With

This proposition is pretty uncontroversial, I think, and it means that when we’re entrusted with information about our patrons and their use of library resources and service, we have to be absolutely scrupulous about safeguarding it for as long as it’s retained.

However, the obvious and easily-acceptable proposition that our patrons’ privacy is not ours to mess with addresses only one dimension of the patron-privacy issue: the fact that we have no right to breach patrons’ privacy ourselves. It also raises a more complex and difficult question: to what degree will we leave privacy decisions in the hands of our patrons themselves, and to what degree will we take those decisions out of their hands? In other words, this is the access-vs.-privacy question, and it’s difficult because it forces us (as Andromeda Yelton has eloquently written) to choose between several fundamental library values. Or, more accurately in this case, it forces us to grapple with two different expressions of a single fundamental library value, which is the freedom to read. We express that value, on the one hand, by giving our patrons access to books and letting them read whatever they want, without restriction; we also express it, on the other hand, by ensuring to the best of our ability that they will be able to read whatever they wish without being surveilled. So what do we do when we can’t give them access to what they want to read in a way that completely prevents surveillance?

For the moment, let’s set aside the important question of whether things can be fixed so that the choice between access and privacy is obviated. Fixing the system may well be possible in the future, and librarians are uniquely well positioned to be major contributors to the process of making that happen. But for the sake of argument, let’s assume that for right now we do have to make that choice for at least some of the books that our patrons want to read, and that we’ll keep having to make that choice for some time to come. If this is the reality, then for now we really do have to choose, to some degree, between providing access and protecting privacy. Let’s look at some of the issues that bear on that choice, and let’s start by looking at the second of the two interlocking propositions I alluded to earlier:

Proposition #2: Our Patrons’ Privacy Is Theirs to Mess With

The fact that our patrons’ privacy isn’t ours to mess with begs the question: whose is it? And the answer, I believe, is that our patrons’ privacy is theirs to mess with. I think this means that, just as we need to treat as sacrosanct the confidentiality of patron data that we hold, we also have to treat as sacrosanct our patrons’ right to make decisions about their own privacy. To say that this right is sacrosanct isn’t to say that our patrons can be counted on always to make wise privacy decisions. It’s only to say that we shouldn’t take upon ourselves the role of decider when it comes to other people’s privacy any more than we should do so when it comes to other people’s decisions about reading—we don’t tell them what to read, we don’t tell them what to think, we don’t tell them how to use the information we provide them, and I certainly don’t see how we can decide for them what constitutes an acceptable or unacceptable use of their private information.

What does this mean in real life? In the case of the ADE issue, for example, let’s suppose that my library is offering ebooks on that platform and that, for the moment, there is no way to fix the problem of ADE sending personal information about readers and their behavior to its parent company. In that situation, if my library is using that platform, then I don’t believe I have the right simply to continue with business as usual, giving my patrons access to ebooks in that way and disregarding their privacy rights. So in the absence of a short-term fix to the problem itself, it seems to me that I have two options: either stop providing access to the ebooks, or inform my patrons of what’s happening and let them decide for themselves whether access to those books is worth the loss of privacy that using them requires.

Values in Conflict

Neither of these options is a comfortable one, because each of them simultaneously supports and conflicts with my patrons’ freedom to read.

The first option supports the basic library value of freedom to read by ensuring that patrons’ reading behavior won’t be monitored by third parties. The problem, of course, is that it ensures that privacy by making the books inaccessible. That strikes me as problematic—kind of like preventing burglary by burning your house down. (Simply providing the same books in print format will in many cases be impossible, because my library could never afford to provide access to as many print books as it can ebooks.)

But the second option, informing patrons about the privacy issue and letting them choose for themselves to read under surveillance, is also problematic because it assumes that my patrons will a) pay attention to the notifications we put in place about the risks inherent in using these ebooks, and then will b) make good privacy decisions based on that information. As we all know, people are by no means always good judges of what’s in their best interest and they don’t always pay attention to urgently relevant information or make good decisions based on it.

So what do we do?

What Do You Mean When You Say “Privacy Is Sacred”?

As one approach to untangling this problem, consider this: we librarians recently observed Banned Books Week, during which we celebrated “the freedom to seek and to express ideas, even those some consider unorthodox or unpopular”—or, in other words, our determination not to let other people tell our patrons what they can do with their minds. Surely this isn’t because we believe all books are equally worthy of our patrons’ attention, or even that books are only capable of doing good in the world. If we believe that ideas are powerful, then we have to acknowledge that the power of ideas can be destructive as well as constructive—and yet our stance, as a profession, is (and I believe has to be) that we are going to let our patrons select for themselves the ideas they will invite into their minds. In other words, we know that some of our patrons’ reading decisions will be bad—some of them will seek out, absorb, and eventually subscribe to ideas and principles that might lead them down paths that are destructive both to themselves and others—but nevertheless, we see the freedom to choose what one reads as too sacred to take away from them.

So here’s the question for us in regard to ebooks and patron privacy: how sacred is our patrons’ right to privacy? Is it so sacred that only we, the library profession, can be entrusted with its care, since we very often have a better understanding of the implications of privacy decisions and can always be counted on to have the best interests of our patrons at heart? Or is it so sacred that we would never consider arrogating to ourselves the right to make our patrons’ privacy decisions for them?

Now would be a very good time for each of us to decide where we stand on this question. And no matter which stance we choose, we’d better be ready to defend it—because either one is going to make some people angry.

Rick Anderson About Rick Anderson

Rick Anderson (rick.anderson@utah.edu) is Associate Dean for Collections & Scholarly Communication at the University of Utah’s J. Willard Marriott Library. He serves on numerous editorial and advisory boards and is a regular contributor to the Scholarly Kitchen blog. He currently serves as president of the Society for Scholarly Publishing, and a collection of his essays titled Libraries, Leadership, and Scholarly Communication was published this year by ALA Editions.

The Latest Trends in Library Design
Hosted in partnership with Salt Lake County Library and The City Library—at SLCo’s Viridian Center—the newest installment of our library building and design event will let you dig deep with architects, librarians, and vendors to explore building, renovating, and retrofitting spaces to better engage your community.
Facts Matter: Information Literacy for the Real World
Libraries and news organizations are joining forces in a variety of ways to promote news literacy, create innovative community programming, and help patrons/students identify misinformation. This online course will teach you how to partner with local news organizations to promote news literacy through a range of programs—including a citizen journalism hub at your library.


  1. Patrick Carr says:

    Interesting post, Rick. A few very brief points. First, I think the questions you raise pertain not just to e-books but to many other types of library e-resources. For example, there are a number of library databases that require users to create individual accounts before they can be used, and, in some instances, account-level usage data is available to the librarians who administer those accounts (in addition, of course, to the platform administrators). To what extent is it the role of librarians to educate users/make decisions for users regarding their privacy in usage of these resources?

    Second, privacy concerns are sometimes tied to financial concerns. For example, certain emerging models for unmediated DDA delivery of library e-resource content (e.g., ReadCube) require that users create individual accounts, which will be tied to publication-level transaction data. Adopting these new models can potentially be a money saver for libraries but they also entail a decrease in the level of privacy that patrons enjoy in the use of library resources. There are trade-offs between privacy of patrons and financial savings.

    Third, I think it’s useful to think about your post in the context of recent efforts in libraries (mirroring trends in higher ed in general) to assess/quantify/document impact and return on investment. Often these efforts can entail tying library use to things like majors, graduate rates, GPA, etc., and, of course, this in turn entails the collection of users’ personal data when they make use of the library. Now, of all professions, I believe that library personnel would be especially thoughtful and cautious about the collection/retention of such data in relation to privacy concerns. But, to the extent that libraries are collecting this type of data, I think it suggests that–in terms of the either/or question you raise at the end of the post–librarians are taking the stance that we, the library profession, can be entrusted with the care of patron privacy.

    • Rick Anderson says:

      Good comments and questions, Patrick, thanks. And I definitely agree with you, by the way, that these issues and concerns apply in situations well beyond ebooks; they apply in every situation in which we either gather information about our users or provide them with access to third-party products and services that gather information about them.

      To respond to a couple of your specific comments and questions:

      For example, there are a number of library databases that require users to create individual accounts before they can be used, and, in some instances, account-level usage data is available to the librarians who administer those accounts (in addition, of course, to the platform administrators). To what extent is it the role of librarians to educate users/make decisions for users regarding their privacy in usage of these resources?

      In situations where they have to actively provide information about themselves in order to use the resource, I think our responsibility is very limited–we should probably give them a heads-up about what might happen as a result of their sharing that information, but beyond that I think we have to let them make their own choices. In situations where personal information about them will somehow be gathered without their knowledge, then I think our responsibility is much deeper: we need to make sure they don’t start using the resource without being notified about what’s going to happen.

      There are trade-offs between privacy of patrons and financial savings.

      That’s true, but remember what “financial savings” means in the context of library services. It doesn’t mean that a nyone “saves money”; it means that patrons get services that otherwise they would not get (because the library couldn’t pay for them). That’s one reason I think it’s so important that we let patrons choose for themselves. By choosing for them–by saying “we won’t provide access to this content because we think the privacy choice you would have to make in order to use it would be a bad one”–we’re deciding for them what resources they do and don’t get access to. This brings us back to that clash of values I addressed above–or, rather, the clash between two different expressions of the library value “freedom to read.”

      to the extent that libraries are collecting [patrons’ personal] data, I think it suggests that–in terms of the either/or question you raise at the end of the post–librarians are taking the stance that we, the library profession, can be entrusted with the care of patron privacy.

      We certainly are, and that has been business as usual in libraries for as long as there have been libraries. We have always required patrons to give us personal information–phone numbers, addresses, etc.–and we have always been able to see what they read (or what they check out, at any rate). There’s no other way for the library to function. But that’s why it’s so essential that we never abuse the trust they have placed in us in letting us have access to that information.

  2. Thanks for the post. Personally I fall more on the side of let the patron make the decision. But I don’t think that perspective lets the library profession off the hook. Right now the decision we present our users is access ebooks through the library and reveal an unknown amount of private personal information or don’t access the ebook. And often we don’t even inform them that they are making a choice or, as you point out, they ignore/don’t understand the warning.

    What we should work towards is an environment where the patron can decide to access the ebook anonymous/minimal PPI or opt into a more personalized experience (reading history, you might likes, etc). This is the choice people should have online everywhere not just at the library. The user/consumer/patron/citizen should get to decide where to set the dial on the trade off between privacy and convenience.

    Libraries have a long way to go to make something like this happen. We need to band to together to demand our vendors build products and services that respect privacy and allow these choices. And we need aggressively promote digital literacy with a focus on privacy both within the profession and amongst our patrons. ALA does have an effort called Choose Privacy Week (http://chooseprivacyweek.org) in May which is a start.