Commercial publisher practices of employing tracking technologies to collect and sell user data have been fairly widely addressed (see “tracking tools” post), and Emily Cukier recently summarized the issues for libraries in “What the Vendor Saw: Digital Surveillance in Libraries.” Commercial publishers, such as Thomson Reuters, the RELX Group, Clarivate, Wiley and others, are incentivized to make money, and they have expanded their revenue sources from the published content itself (subscription fees, author processing charges) to user data which they monetize in different ways.
Aside from the financial implications of extracting more revenue from libraries and their users, libraries’ reliance on these publisher platforms to deliver content conflicts with a fundamental tenet of the American Library Association’s Code of Ethics:
We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.
ALA Code of Ethics, #3
Code that tracks both a specific item of content and its user has potential and real chilling effects on intellectual freedom. Aggregated data that informs policy and practices can also “bake in” existing biases and inequities that further disadvantage marginalized communities.
So what can libraries do to protect patron privacy? A first step is to ensure that providers have clear, accessible and easily findable privacy policies. Another is to draw attention to these policies and their implications. Libraries should also make provider policies and practices a part of their contracts. Cukier cites ALA’s privacy best practice guides, including one on vendors and privacy that offers checklists for what should (e.g. security standards, disclosure to outside parties, how data is encrypted and stored) and should not (e.g. vagueness, lack of definition, reserved rights to monitor users) be in contracts. The Library Freedom Project also offers privacy resources, including a Vendor Privacy Scorecard and Privacy Audit Worksheet.
Finally, Cukier references an interview with Felix Rada from the Society for Civil Rights and the four aspects he says are important for contracts with external service providers:
- Bid so that different companies have to compete
- Avoid “lock-in effects” such as proprietary platforms that leave libraries permanently dependent on a specific provider
- Let licenses allow unlimited further use on any platform, for any purpose
- Prohibit search tracking at the level of individual researchers and run software in-house wherever possible.
Librarians and researchers will recognize these publisher practices. Ultimately Rada says, “Universities and libraries should preferably completely avoid these contracts and invest the money in their own infrastructure.” He advocates for open access and open science built on publicly-aligned infrastructure.