Privacy and the library patron

Privacy literacy in a complex data landscape at the Brooklyn Public Library, reported at UKSG.

Most library professionals would probably say that they are committed to the practice of privacy in libraries. But some new technologies and service innovations have the potential to invade patron privacy, giving rise to possible tension between professional ethics and the desire to develop new services.

The issue was explored earlier this month at the UKSG conference in Glasgow, when Seeta Peña Gangadharan from the London School of Economics and Political Science shared insight into the Data Privacy Project, a privacy literacy initiative led by the Brooklyn Public Library. The project has inspired the Mayor of New York City to roll out city wide training project with the aim of placing a privacy literate professional in every one of the City’s 130+ library branches.

Over time, pointed out Gangadharan, “the library has evolved into a complex institution that is caught up in the flow of patron information in many different ways”, with two different roles – that of a digital provider (providing access to the internet for its patrons) and that of a digital dependent (using third party services for information management and operations). As a result libraries generate new kinds of patron data, and also contract with third party vendors who in turn generate more new kinds of patron data, as well as hold internet traffic data. This creates a complex landscape where new and diverse of patron data flow to, and through, the library institution.

As an illustration of this complexity, Brooklyn Public Library provides huge numbers of internet sessions on public terminal and connections to public wifi. Although the library isn’t responsible for the patron’s consumer experience on the internet, as Gangadharan pointed out, “there is the potential for conflation between what happens at the library with a person’s internet traffic data, and the library’s responsibility for those flows”.

Brooklyn Public Library also illustrates the complexity of data flowing to third party services. Patrons have access to 184 database services, half of which require a patron ID and log in. The log in means that the library interfaces with third party systems which have their own privacy policies and terms of service -- and these systems may, or may not, have the same commitment to privacy as the libraries themselves.

Not surprisingly, surveys of library staff as part of the training provided by the Digital Privacy Project scheme found that privacy knowledge was initially low. However, Gangadharan stressed that privacy literacy among staff is only one part of the puzzle and needs to be supported by patron education and institutional changes: “there is only so much that a library professional can recommend, or do, if the institutional setting in which she works is not thorough about its choices in how to manage privacy and protect patron data in this complex environment”. And the library cannot work alone – better collaboration with privacy technology developers and digital rights defenders is also vital.

About the Data Privacy Project

Funded by the US Institute of Museum and Library Services, the project teaches New York City library staff how information is shared online, what risks users commonly encounter, and what libraries can do to better protect patron privacy.

Learning modules are available online and cover topics such as highlighting potential vulnerabilities within the library, and providing guidance for understanding specific risks faced by different patrons.

There is also a quiz, plus slides, handouts and facilitator’s guides for two workshops.