January 28th marks the Data Privacy and Protection Day. First introduced by the Council of Europe in 2006, it aims to raise public awareness and understanding of what happens to people’s personal data and the rights they have to privacy and data protection; and to highlight good practices in this area. Privacy has traditionally been a fundamental value for libraries – and this day offers an opportunity to reflect on how the latest technological and social developments shape the roles and duties of librarians in championing privacy in the digital age.
Privacy has long been established as a fundamental operating principle for libraries – enshrined, for example, in IFLA’s statement on Privacy in the Library Environment and Code of Ethics for Librarians and other Information Workers, and the many Codes, Principles, Frameworks and Statements by libraries and library associations around the world. As library services and practices evolve in the digital age, this commitment has taken on new aspects and dimensions; and the past year has seen many data privacy-focused discussions both within and outside the library sector.
What happened in the privacy field over the last year?
Data privacy questions and challenges remained high on the agenda and in the public consciousness throughout the last year. While 2018 already saw the landmark EU General Data Protection Regulation come into force, its knock-on effects continue to reverberate throughout the world, prompting a ‘widespread reform of data privacy regimes around the world’, and changing how we think of data collection rights and practices.
Throughout 2019, there were more widely-publicised data leaks and breaches – the Digital Watch Observatory estimates a 100% increase in the number of records exposed from last year; more formal investigations launched into big tech companies data collection practices, and more reports and studies into how big tech and popular applications handle user data.
Privacy concerns have featured heavily in 2019’s extensive discussions about online advertisement models, particularly in the questions of profiling and the public outrage over targeted political advertisements and their implications for democratic processes. Data privacy questions were also a key dimension in the past year’s discussions about the ethics and human rights implications of advanced and emerging technologies (especially applying Artificial Intelligence for facial recognition purposes), digital ID programmes, ’smart’ cities, homes and devices.
As data privacy remains high on the agenda coming into 2020, we have yet to see the full impacts of these discussions and developments. Views on the progress made in defending users’ data privacy rights are mixed, with some assessments noting a few improvements made by large companies despite critical gaps remaining. Others, for example, note the discrepancy between the changes in rhetoric on privacy among some big tech companies and their continued market dominance, discussing its implications for the attempts to regulate data privacy more strictly.
Libraries and data privacy, heading into 2020
Against the backdrop of these trends, libraries are also grappling with the implications of technological developments for patron privacy. This relationship is often understood to include at least two broad dimensions:
- patrons’ privacy considerations in light of libraries’ own services and practices,
- the role of libraries as educators, helping patrons develop the skills to understand privacy concerns and trade-offs and make informed choices in their daily lives.
For example, as more libraries begin to adopt and make use of tools based on Artificial Intelligence, it is important to carefully consider their impacts on patron privacy. Here, different tools and use cases can carry different implications – the risks may not be the same, for example, for literature search tools and chatbot applications. Other potential library uses of digital tools which can warrant careful examination include library use analytics and commercial online marketing services.
The latter example highlights a crucial related issue: library patrons’ privacy is increasingly determined not by library policies and practices alone, but also by the policies of third-party vendors and services. A 2019 issue of Research Library Issues, for example, incudes a discussion on libraries’ use of licensed third-party sources. It points out the importance of adding privacy clauses as licenses are established or renewed, assessing the potential of a significant class of online learning materials for massive data collection, as well as minding the privacy questions posed by authentication technologies.
In light of such considerations, it is important for libraries to make carefully weighted choices and informed decisions. Overall, libraries’ continued commitment to the values of privacy can easily be seen in the many, many initiatives they dedicate to helping protect their users’ data privacy inside and outside of the library.
Libraries include data privacy and security into their digital skills training programmes or offer stand-alone courses on data privacy, participate in education initiatives, raise awareness, develop learning resources for patrons or fellow librarians, organise and follow trainings to be effective protectors and advocates of data privacy.
Such educational measures and are particularly crucial today, when so many people feel like they have little control over their data privacy. A 2019 study by PEW Research shows, for example, that more than 80% of Americans feel that they have little or no control over the data collected about them.
Libraries and librarians also remain vocal advocates for privacy. From an individual school librarian advocating for careful consideration of student privacy when adopting edtech technologies in her institution, to a group of university libraries drafting and signing a new Statement on Patron Privacy and Database Access, to many American and Canadian librarians vocally opposing changes to a popular learning resource to safeguard their patrons privacy, they continue to speak up for the privacy of their users within and outside the library walls.
A few steps libraries can take to protect user privacy today include:
Following the discussions. Follow the current discussions on data privacy – for example, by exploring sections dedicated to privacy and data protection on such platforms as the Digital Watch Observatory and the Mozilla Internet Health Report; and stay informed about relevant regulatory and legislative initiatives in your area.
Exploring the topic. Explore available primers and educational resources from both within and outside the library sector to learn more about the subject. There is a wide range of webinars, primers and publications available – such as the IFLA webinar on the GDPR, the Data Privacy Project learning modules, the Data Detox Kit, and more.
Protect user privacy. Make use of available guidelines and toolkits to protect and promote user privacy within the library – for example, the Guide to Privacy prepared by CILIP, Newcastle Libraries and the Carnegie UK Trust.
Raising awareness. Mark Data Privacy and Protection Day by raising awareness!