Tag Archives: third-party vendors

Four Dimensions of Data Protection in Libraries

Scandals around the collection and use of personal information appear to be reaching a critical mass.

The first cases brought against companies under the General Data Protection Regulation are coming to court in Europe, and Facebook founder Mark Zuckerberg has declared that he wants to focus more on privacy. Stories of major data breaches regularly hit the headlines.

After many years of concern that ‘privacy’ was a niche thing, a priority only for a vocal few, it is now the subject of growing attention.

At least in the library world, the importance of privacy is well established. We know that it facilitates free speech and access to information, helps protect users from having their internet experience channelled for commercial reasons, and allows us to function as people.

Yet like all human rights, privacy – and more specifically data protection in terms of control over what data is collected about you and how it is used – is not necessarily an absolute right. Instead, it can be exercised only so far as it does not stand in the way of other rights and interests (and vice versa).

This blog, therefore, sets out four ‘dimensions’ of the privacy debate where libraries, in their work, have to find the right balance.


Privacy vs Performance

Much of the excitement around the data revolution has come from its potential to help us understand more about the world and make more accurate predictions.

Clearly a focus on measurement as a tool for performance improvement pre-dates the digital age. However, the new technological possibilities to track individuals’ behaviour have made it far more tempting to use data to try to redesign services or products, including for libraries.

However, there are ethical challenges around the tracking of individuals (not least library users). While the intention may be to improve services, it is not without cost. Tracking can involve a violation of privacy (especially when it’s not clearly explained), and a restriction on personal responsibility of users, such as students.

Moreover, it is not necessarily the case that the measurements made are appropriate. We often focus rather on what can be measured (pages read, downloads, time spent in the library) rather than less easily gauged, but more meaningful, things (understanding, skills development). This can lead to misallocation of effort.

A careful judgement needs therefore to be made around where it can be appropriate to collect data, ensuring not only transparency, but also protection of users.


Privacy vs Price

While the idea of surrendering privacy in order to save money can sound cynical, it is in effect what we are doing when we use many free services online.

In the US, there has been the suggestion that consumers can choose between a high-privacy, more expensive internet connection package, and a cheaper one where user data is sold on to advertisers and others.

This choice may not always be explicit, but vendors with whom libraries work can and do collect data about library user behaviour. It is reasonable to think that without this possibility, they would charge more for the services provided, in order to maintain revenues.

It is not always an easy decision, especially when budgets are tight, but libraries a need to take well-judged, conscious decisions, and of course give users the tools and possibility to do the same.


Privacy vs Public Interest

The concept of ‘public interest’ can be a fair reason for taking steps that limit rights. The imprisonment of violent criminals for example – depriving them of many of their freedoms – makes life safer for everyone else.

Where there is a genuine reason, due and transparent process is followed, and restrictions are proportionate, there can be a case for restricting privacy too. The challenge is that all of these terms are at least partially subjective, and require careful (and well-explained) judgement in order to be used properly.

Too often, the ‘public interest’ can also serve as a justification for disproportionate limitations on rights, for example mass-surveillance. This makes it a difficult area for institutions with a strong commitment to freedoms and privacy.

Libraries of course are institutions operating under the law, and cannot be expected to break it. However, within these limits, there can be means of ensuring that privacy is protected, such as through the deletion of data, or allowing anonymous internet browsing.

The key, once again, is to find the right balance. There is of course no simple answer, but it is clear that privacy must be born in mind, and restrictions kept to a minimum.


Privacy vs Preservation

A final debate focuses more on library content itself. Inevitably, any library charged with collecting information that documents contemporary society and thinking will acquire books, journals, newspapers, webpages and other materials that contain information about people.

Much of this – dealing with biographical detail or political views for example – counts as personally identifiable information. While libraries’ activities in this area, strictly speaking, count as a ‘violation’ of privacy, it is one that is necessary for them to do their jobs.

Indeed, thanks to the collection and preservation of such materials, it is possible to ensure as complete a historical record as possible for the benefit of the researchers and readers of the future. It also helps promote, for example, the accountability of politicians or other influential people.

IFLA has therefore been highly cautious around concepts such as the ‘right to be forgotten’ and the ‘right to erasure’. This is not to say that, as part of professional codes of ethics, librarians shouldn’t take care with information that is sensitive. Indeed, this is where the debate should be, not around the deletion, pure and simple, of work.


Perhaps depressingly, this blog serves only to set out questions rather than answers. The questions are also hard, at least for those defending privacy, given that the case ‘against’ in each example can seem attractive –higher-performing services, a greater budget for acquisitions, safer societies, and the preservation of the historical record.

Nonetheless, privacy cannot be sacrificed, given the fundamental impact it has on the way we live our lives, and of course use libraries. The job of librarians – and of IFLA – is to help find the right balance.