By: Anusha Seyed Nasrulai

“All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information.”

These are the words enshrined in the last article of the American Library Association’s (ALA) Library Bill of Rights. The ALA first adopted principles protecting the freedom of inquiry in 1939 in response to concerns of government censorship and surveillance amid a moral panic against anarchists. In subsequent decades, the Library Bill of Rights was amended and interpreted to champion intellectual freedom during eras like McCarthyism, the Civil Rights Movement, and post-9/11. 

The Legal Right to Data Privacy 

Recognition of the freedom of inquiry in libraries also developed at the same time as a legal right to privacy was being conceptualized. In 1890, lawyers Samuel Warren and future Supreme Court Justice Louis Brandeis first defined a legal right to privacy in a famous law review article. Still, a legal right to privacy was not widely recognized till 1965 in Griswold v. Connecticut. There is currently no comprehensive federal data privacy law, resulting in a patchwork of sectoral and state data privacy laws. However, the libraries’ privacy principles obligate libraries to expand the privacy rights afforded to patrons beyond what the law requires. Examining libraries’ data privacy principles offers important lessons for envisioning new legal data privacy frameworks.

Libraries’ responsibility to protect patron privacy and confidentiality is, in fact, recognized by the law. Forty-eight states protect the confidentiality of patron records, and the attorney generals in the other two states have recognized the privacy of patrons’ library records. 

Libraries’ Approach to Data Privacy 

Precise definitions are required to understand these principles. For libraries, the right to “privacy is the right to open inquiry without having the subject of one’s interest examined or scrutinized by others.” Confidentiality is the libraries’ duty to keep personally identifiable information private on patrons’ behalf. Personally Identifiable Information (PII) is information that can be used to identify a specific person.

Data Privacy Policies 

Only 19 states have passed comprehensive privacy laws. Rights recognized under state laws may include the right to request data for correction or deletion, the right to opt out of certain processing and sales, the prohibition on discrimination for exercising rights under the law, notice and transparency requirements, and data purpose and processing limitations. The state laws typically only apply to for-profit businesses that meet high thresholds for gross revenue and amount of business activity in the state. Whereas library policies protect patron data from private and government requests. State laws are also limited by their enforcement mechanisms. Many state privacy laws rely on the enforcement of attorney generals rather than create a private right of action.

In addition to complying with privacy laws, library privacy policies are developed with guidance from the ALA’s Privacy Interpretation of the Library Bill of Rights and NISO Consensus Principles on Users’ Digital Privacy in Library, Publisher, and Software-Provider Systems. Libraries have a duty to create and maintain clear, easily accessible, and understandable privacy policies for all patrons. Privacy policies include information on what data is collected, who the data is shared with, and how long the data is retained for. PII should only be collected and stored when required for specific, clearly disclosed purposes and only with the patron’s consent. Users should have the right to access their own personal information or activity data for review, export, and request correction or deletion. Libraries should process these requests wherever operationally feasible.

Libraries practice data minimization, meaning libraries only collect personal data necessary for an operational purpose. Libraries default to practices such as purpose limitation and opting users out of nonessential data collections. Patrons should have an opportunity to give explicit consent so they can make an informed decision whether to agree with the collection of their data for nonessential purposes. Patrons should also be able to opt out at any time. For instance, some libraries offer patrons to opt in to a saved history of their checked-out books, otherwise, this data is deleted by default.

Libraries’ privacy policies often reflect a deep commitment to patron trust. As Mustafa Hassoun, a privacy attorney at Hillis Clark Martin & Peterson, noted, “Libraries always strive to do right by their patrons.” He works with libraries across Washington state and emphasized that “this commitment to patron trust and data stewardship continues even in the absence of broader legislation like the People’s Privacy Act, which would significantly expand data protection requirements in Washington.”

Vendor Partners 

Libraries aim to hold vendor partners, such as publishers and software providers, accountable to their data privacy principles where possible. Vendors are obligated to make their data use policies accessible to patrons. Libraries also carefully consider patrons’ privacy before entering data sharing agreements with vendors. The ALA’s Privacy Interpretation guides libraries to never share patron’s PII with vendors unless they have explicit patron permission or are required to under law or existing contract. When such information is shared, “any data collected for analysis should be anonymous or aggregated, it should never be linked to personal information.” Finally, when procuring new technologies, “[b]iometric technologies, like facial recognition, do not align with the library’s mission of facilitating access without unjust surveillance.”

The library community has developed processes and resources to negotiate contracts that align with their privacy principles. This is significant given that readers often lack clarity into how vendors use their data. Also, vendor partners may have great incentives to collect and aggregate as much user data as possible.

Complying with Law Enforcement 

The ALA guides library workers to consult with their library administration and legal counsel before complying with law enforcement. Records are to be shared only in response to a properly executed court order or legal process. “If a library worker is compelled to release information by a valid subpoena or court order,” they are instructed to personally retrieve the requested information rather than “allowing the law enforcement agency to perform its own retrieval [which] may compromise confidential information that is not subject to the current request.” 

Libraries have chosen to strictly comply with the boundaries of the law to balance the strong interest of protecting patron privacy while complying with legal orders. As Jonathan Franklin, a Digital Innovation Law Librarian at the University of Washington, puts it, “In a world where all data is seen as having value, it might be that the easiest path is to delete nothing and sell/use everything, so protecting privacy over profits takes extra-effort.” Companies or other entities may have different incentives for more broadly collaborating with law enforcement. Companies like Ring, Flock, and many others are directly partnering with law enforcement to share data that facilitates surveillance of customers and the broader public.

Looking Forward: Lessons and Challenges

Libraries provide important insights regarding how to enact data privacy principles and policies that champion people’s freedom of intellectual exploration and expression. As data privacy law continues to develop and transform, these lessons from libraries exemplify how data privacy principles can be enacted to uphold people’s privacy and civil liberties.

The privacy ideals of libraries are constrained by the realities of limited resources and funding. One study found that libraries face significant challenges when upholding patron privacy due to lack of technical knowledge and training among staff, as well as inadequate funding for training or privacy protection tools. Many of the data privacy studies and resources developed by and for librarians are funded by the Institute of Museum and Library Services (IMLS) grants. The current administration is attempting to dismantle IMLS, though that is being challenged in court. Amid these pressures, libraries have an almost century-long tradition of protecting patron data from censorship and surveillance.

As C. Allison Sills, an instructional librarian in North Carolina, aptly stated, the “Invasion of privacy by retaining patron checkout history is tantamount to book banning. If you surveil the populace, the populace will start to self-censor to prevent ‘potential’ discrimination, which starts the fear cycle.”