Defending the right to privacy is one of our roles
I personally believe
that libraries exist to defend people’s rights to enrich and
improve their own lives, their environment and society. We library
staff make this happen by facilitating access to and by sharing
information, knowledge and culture. We stand for freedom of
information and freedom of expression; and, as highlighted in the
International Federation of Library Associations and Institutions
(IFLA) Statement on privacy in the library
environment, “privacy is integral to ensuring these
rights”.
As a member of CILIP,
the UK library and information association, the ethical
principles I have signed up to clearly state that I “make
a commitment to uphold, promote and defend […] the confidentiality
of information provided by clients or users and the right of all
individuals to privacy”.
Because of our
profession's commitment to providing access to information that is “a
reflection of the plurality and diversity of society [...] free from
all forms of ideological, political or religious censorship or
business pressure”1,
our stance is often mistaken as being neutral. But we are not
neutral; this is clear when it comes to privacy. If we do not make
efforts to protect citizens' privacy we are in effect allowing others
to collect and use the personal data of our users. It is only by
taking steps to defend the right to privacy that we can live up to
our own ethical standards and our role as a profession.
Leading the way for
better data protection
Voluntarily or
involuntarily, users of our libraries tell us about themselves, their
interests, their financial situation, where they're planning to go on
holiday, what health issues they or someone close to them is
encountering. Even if we never speak to a library member about any of
those things, we could potentially infer them from their borrowing
record or Internet browsing history.
We owe it to citizens
to make sure we treat this personal information with care, to keep it
private by keeping it secure and to be transparent about what we do
with it.
Data protection
legislation and guidelines express the practical ways in which we
should interpret, support and protect the right to privacy. In the
European Union we are lucky to have the General Data Protection
Regulation (GDPR), which came into force in 2018. GDPR is a fantastic
improvement for the protection of citizens' rights. This said, a lot
of us are still working on improving our compliance with the
Regulation. I see the GDPR principles (as set out in article
5) as a basis for us to work from, whichever country we
are based in. It's about making sure that we:
- know for what specific purpose we want that personal data;
- collect only the information necessary and keep it only for the time we realistically need to use it;
- are transparent with citizens regarding how we handle their information and explain it to them in simple words at the time they provide us with their data.
Exercising our
rights as individuals
Privacy is about
choice. For citizens to be in a position to make an informed choice –
about whether to take steps to actively protect their privacy –
they need to be aware of the risks to their personal data, of their
rights and of what could help them to better protect their privacy.
Are you making informed
choices about how your personal data is used?
In Europe it is a legal
requirement for websites to tell you whether they are installing
cookies – small files within your browser – and what these do.
Some cookies collect information to create a profile of you,
including where you are and what your interests are.
When you land on a
website for the first time and the cookie consent information
appears, do you automatically click “Allow all cookies” or do you
check first what those cookies are doing? Do you feel that you made
an informed decision?
We can promote and
defend the right to privacy through having more awareness of it and
being the ones to demand more information on how personal data is
handled in everyday life. We can do that within our library services;
we should also champion those privacy and data protection rights
outside of work. I would love it if next time we have to travel to a
conference we each asked the train company, the airline and the hotel
staff: “Is it mandatory for me to provide that personal
information? What do you use it for? How long do you keep it?” And
for all the people we interact with to realise: “Ah, the library
workers are in town.”
Practising what we
preach stand for
I believe we library
staff should be privacy advocates. We should publicly show our
commitment to the right to privacy and demonstrate best practice in
terms of data protection in our own services. We should uphold,
promote and defend these rights on behalf of all citizens.
Where do you start?
- Learn more about
the topic
If you feel like you need to learn more about rights, practices and tools you may find the library advocate resources on Artefacto's libraryskills.io site useful. It's a “starter collection” I have recently curated (more resources will be added in the future, and suggestions are welcome!) - Make changes in
your library service
You may need to start by asking questions, having discussions with your colleagues – and doing it all over again. Think of the things that would be easier to change first, start with small steps before moving on to bigger pieces of work and more radical changes. I included suggestions of areas to look into in Leading the way : a guide to privacy for public library staff. - Work with partners
and suppliers
We work with others to provide specific services used by staff and citizens. Where do these partners and suppliers stand on the rights to privacy and data protection? Do their practices match our own standards? It is up to us to ask the questions, explain our position and say what changes we want to see.
1 Words borrowed from the Association des Bibliothécaires de France Bib'lib charter of the fundamental right of citizens to have access to and share information and knowledge via libraries, article 1. English version at:http://www.abf.asso.fr/fichiers/file/ABF/biblib/charte_biblib_abf_uk.pdf [Accessed 23/06/19]