Privacy and User Information
By Karen Coyle

A talk given at the ALA/OITP Ebook Task Force preconference January 23, 2003

If you are of a certain age you may remember when a library book had a pocket pasted inside the front cover with a card in the pocket. When you wanted to check out the book you wrote you library card number or perhaps your name on the card, which you handed in to the librarian at the desk.

This card served - in a very analog way - some of the same functions of the recommender systems that we so appreciate today on web sites like By looking at the card you could see how often the book had been checked out and therefore get an idea of its popularity. And in some cases you could even see who had read the book before you, which might tell you something about how likely you might enjoy it.

That was an "age of innocence " in our use of libraries; a time when no one thught that reading a library book could be controversial. In the decades that followed we found out otherwise.

Library use by individuals has come to the attention of government, of law enforcement, of morality crusaders, and of marketers. We'll come back to that latter one in a minute.

Freedom to Read

It was in the 70's that there was a government program to use libraries as "watchdogs" for suspicious reading. The library world, fortunately, reacted in horror. The American Library Association created strong policies for the protection of the privacy and confidentiality of patrons. Privacy is now a basic user right, and is stated in the Library Bill of Rights.

The privacy of library use is also the specific subject of laws in all but a small number of our states, and is covered by some laws in every state. These laws were enacted for the most part two to three decades ago, and it is the case that they are aging. Many of them refer to the "circulation of library materials" as the focus of the privacy legislation. None that I know of mention newer technologies such as the Internet. But these laws and their intended spirit serve as a legal framework within which libraries act. So the protection of user privacy is not just a good idea -- it is indeed the law.

Why is reader privacy so important? Some of our most basic freedoms are stated in the First Amendment: the right of free speech and the freedom of a broad concept that is stated in the First Amendment as "the press." A free press would have little effect on freedom of the citizenry if those very citizens were afraid to be caught reading. In other words, all of us have to have the same level of freedom to read, and to explore ideas, as we have to speak and publish our ideas. These are clearly two sides of the same coin, although the Bill of Rights takes the "listening" part of free speech for granted.

Libraries call this particular privacy goal the "Freedom to Read," although it means more than that. Freedom to Read really means the freedom to explore ideas. Libraries, as the reading room of our civilization, have a key role in making those ideas available to all. To do so, they must be able to assure their users that their library use will not lead to intimidation or harrassment, much less arrest or confinement.

Yet actually protecting the privacy of users is not an easy task.

The Practicalities

Those cards in the pockets of the books are gone. So is the card catalog. In fact, the whole library operation has been computerized. Computers allow libraries, as they allow other organizations, to do more things faster.

They also tend to create records; records of every tiny transaction; records that are often invisible even to those who work in the library but that might be found by someone who is motivated to look for them. Computers create records of activities that used to go unrecorded: you take a book off the shelf, browse a few pages, put it back -- no record exists. But if you browse digital materials through a computer at the library, a record, albeit skimpy, is made.

So although we have laws that state that the use of library materials will be kept confidential, implementing those laws is another matter. In some areas, libraries have made modifications to their computer systems, or vendors have done so for them. When you check out a book from a library, there is a record that shows that you have that book. But when you bring it back, that record is removed. There is no list of all of the books that you have checked out, nor is there a list linked to the book of all the people who have take it home. On the Internet stations of most libraries, when a user finishes a session and closes the web browser all of the cache and history entries that have been stored on the hard drive during that session are erased. That way the next person who uses the machine cannot see a list of sites that the previous person visited.

But that's not nearly enough if we want to protect patron privacy. Other records like web logs and various system logs also exist. In our need to keep up with technology, libraries have automated functions without looking deeply into the privacy implications. For this reason, many libraries today are undertaking what we call a "privacy audit," to try to assess what technology has done to our ability to support the Freedom to Read, and how we can work better within our technological environment to give people the assurances they deserve.

Publishers and Publishing

So what does all this have to do with publishers and publishing?

There's a real dilemma today with libraries and digital materials. Libraries license digital materials on behalf of their users. Unlike hard copy materials, however, the library does not take possession of these materials in most cases. Instead the materials are housed at a side owned by a publisher or vendor, and users actually exit the library (electronically) to use the materials. The library's role is financial but not actual in that the library does not handle the access to the materials or the user interface that their patrons interact with.

So the question is (and I do not know the answer): does the legal obligation to protect the privacy of library patrons still maintain? I can say that librarians assume that it does and act as if it does. Therefore contracts with libraries should, and these days usually do, contain an agreement on confidentiality of use, often stating that the vendor cannot make any unauthorized use of identifying information.

This obligation to protect the identity of users is not always an easy one to live up to. Many systems today allow users to create personal profiles, to email results to themselves, to interact with other systems such as interlibrary loan. All of these potentially gather personally identifiable information about the user and therefore could violate the privacy agreement if accessed by unauthorized parties.

Protecting the confidentiality of users requires more effort than not, and therefore it has a cost associated with it. I'm afraid that librarians don't always give vendors credit for the cost of their efforts on behalf of our users, and we need to do some consciousness-raising around that issue.

The other side of that coin is the desire that some vendors or publishers might have to market to library patrons. This is undoubtedly tempting because libraries are a teeming hive of active readers. Not only are libraries full of readers, the library itself provides guidance to those readers, teaches non-readers to read, and actually does training and tech support for new reading technologies. A mailing list of everyone who uses the library or everyone who has checked out an ebook could be valuable for reaching new customers. Unfortunaly, no can do.

What we can do, and are very much interested in collaborating on, is to learn how ebooks meet the needs of our users in ways that do not violate our privacy obligations. We welcome the use of aggregate data to help us -- and you -- provide a better user experience. As a matter of fact, libraries often insist on statistical reporting as part of the ebook package the vendor provides. Good reporting is especially important in these early days of ebook technology, and reports that we have received have often astounded as well as informed us.

Librarians know a great deal about how people read and how they interact with reading materials thanks to their daily direct contact with library users. I encourage you to take part in what I like to call the "take a librarian to lunch" program. You will find us willing to share that information with you. Some ebook products have been radically redesigned because company representatives talked to and listen to librarians. And, of course, it's so much more pleasant over lunch.


So admittedly the privacy practices of libraries are at the least an inconvenience to companies -- and at the worst may look like a lost business opportunity.

We hope that we make up for that by being in the singular position of encouraging people to read, promoting reading materials in a variety of formats, and being steady customers for published materials. Like you, we want to explore positive directions for the future of reading.

Copyright Karen Coyle 2003

Back to Karen Coyle's Home Page