Statement on patron privacy and database access

Many leading providers of digital content to libraries in North America are changing the way they provide access to library patrons. Instead of allowing anonymous access via well-established channels, these providers are increasingly seeking personally identifiable, individual patron data. Often these efforts to gather more patron data are bundled into efforts to “enhance” or modernize platforms as the sector moves towards single sign-on, and away from traditional, IP-based access. The providers have many possible drivers to gather this data: personalization, analytics, marketing, et al. 

This approach is unacceptable. 

Safeguarding patron privacy is a fundamental and longstanding value for libraries. The American Library Association (ALA) Code of Ethics declares that “we protect each library user’s right to privacy and confidentiality”. This includes their personal data, the subjects of their research, and the information resources they consult. Indeed, readers make an assumption of privacy when they choose to use resources provided through their libraries rather than those available to them on the open Internet, where they expect their reading and searching habits to be tracked. 

Privacy and confidentiality are integral to intellectual freedom, to free speech, and to free association. The prospect of monitoring and data mining may have a chilling effect on what a patron searches for, reads, and ultimately, thinks. This is why many states explicitly prohibit disclosing the use of library materials by individuals, including electronic materials (see, for example, New Hampshire Revised Statutes Annotated, Chapter 201-D:11: “... including records of materials that have been viewed or stored in electronic form.”) Our library patrons therefore have an expectation of privacy, whether for intellectual freedom, or simply “the right to be left alone—the most comprehensive of rights, and the right most valued by a free people” as Supreme Court Justice Louis Brandeis wrote in 1928 (Olmstead v. U.S.). 

As research libraries, we do not sell patron data. We do not share it. We object to, and reject, subscription agreements that silently expose it to third-party interests, whether they be commercial or governmental. While we recognize the added value and convenience that some readers may find in using personalization tools, which often require disclosure of personal information, registering for these must be at the sole discretion of the reader and not a condition of access, and must always be accompanied by an explanation of how personal information will be stored, used, and to whom it will be made available. 

As markets and technology change, and as new, potentially high value initiatives such as RA-21 mature, we expect to see increasing pressure to expose more patron data in exchange for access to digital resources. It is important for libraries to monitor these developments and redirect them in favor of patron privacy in order to safeguard our role as trusted providers in the information age. 

This statement is endorsed by the following institutions: 

  • Stanford Libraries 
  • Brown University Library 
  • Columbia University Libraries 
  • Cornell University Library 
  • Duke University Libraries 
  • Harvard Library 
  • Johns Hopkins University Libraries 
  • MIT Libraries 
  • Princeton University Library 
  • Thomas More University 
  • University of Chicago Library 
  • University of Miami Libraries 
  • University of Pennsylvania Libraries 

Add your institution to this list.