Sunday 28 July 2019

Library staff as privacy advocates

I was asked by the Princh marketing team to write a guest post for their blog. In my original draft I was mentioning Princh but they politely asked that I do not use them as an example so their name was removed. Here is the version that was published; you can also view it on the Princh blog.

Defending the right to privacy is one of our roles

I personally believe that libraries exist to defend people’s rights to enrich and improve their own lives, their environment and society. We library staff make this happen by facilitating access to and by sharing information, knowledge and culture. We stand for freedom of information and freedom of expression; and, as highlighted in the International Federation of Library Associations and Institutions (IFLA) Statement on privacy in the library environment, “privacy is integral to ensuring these rights”.

As a member of CILIP, the UK library and information association, the ethical principles I have signed up to clearly state that I “make a commitment to uphold, promote and defend […] the confidentiality of information provided by clients or users and the right of all individuals to privacy”.

Because of our profession's commitment to providing access to information that is “a reflection of the plurality and diversity of society [...] free from all forms of ideological, political or religious censorship or business pressure”1, our stance is often mistaken as being neutral. But we are not neutral; this is clear when it comes to privacy. If we do not make efforts to protect citizens' privacy we are in effect allowing others to collect and use the personal data of our users. It is only by taking steps to defend the right to privacy that we can live up to our own ethical standards and our role as a profession.

Leading the way for better data protection

Voluntarily or involuntarily, users of our libraries tell us about themselves, their interests, their financial situation, where they're planning to go on holiday, what health issues they or someone close to them is encountering. Even if we never speak to a library member about any of those things, we could potentially infer them from their borrowing record or Internet browsing history.
We owe it to citizens to make sure we treat this personal information with care, to keep it private by keeping it secure and to be transparent about what we do with it.

Data protection legislation and guidelines express the practical ways in which we should interpret, support and protect the right to privacy. In the European Union we are lucky to have the General Data Protection Regulation (GDPR), which came into force in 2018. GDPR is a fantastic improvement for the protection of citizens' rights. This said, a lot of us are still working on improving our compliance with the Regulation. I see the GDPR principles (as set out in article 5) as a basis for us to work from, whichever country we are based in. It's about making sure that we:
  • know for what specific purpose we want that personal data;
  • collect only the information necessary and keep it only for the time we realistically need to use it;
  • are transparent with citizens regarding how we handle their information and explain it to them in simple words at the time they provide us with their data.
Exercising our rights as individuals

Privacy is about choice. For citizens to be in a position to make an informed choice – about whether to take steps to actively protect their privacy – they need to be aware of the risks to their personal data, of their rights and of what could help them to better protect their privacy.

Are you making informed choices about how your personal data is used?
In Europe it is a legal requirement for websites to tell you whether they are installing cookies – small files within your browser – and what these do. Some cookies collect information to create a profile of you, including where you are and what your interests are.

When you land on a website for the first time and the cookie consent information appears, do you automatically click “Allow all cookies” or do you check first what those cookies are doing? Do you feel that you made an informed decision?

We can promote and defend the right to privacy through having more awareness of it and being the ones to demand more information on how personal data is handled in everyday life. We can do that within our library services; we should also champion those privacy and data protection rights outside of work. I would love it if next time we have to travel to a conference we each asked the train company, the airline and the hotel staff: “Is it mandatory for me to provide that personal information? What do you use it for? How long do you keep it?” And for all the people we interact with to realise: “Ah, the library workers are in town.”

Practising what we preach stand for

I believe we library staff should be privacy advocates. We should publicly show our commitment to the right to privacy and demonstrate best practice in terms of data protection in our own services. We should uphold, promote and defend these rights on behalf of all citizens.

Where do you start?
  1. Learn more about the topic
    If you feel like you need to learn more about rights, practices and tools you may find the library advocate resources on Artefacto's libraryskills.io site useful. It's a “starter collection” I have recently curated (more resources will be added in the future, and suggestions are welcome!)
  2. Make changes in your library service
    You may need to start by asking questions, having discussions with your colleagues – and doing it all over again. Think of the things that would be easier to change first, start with small steps before moving on to bigger pieces of work and more radical changes. I included suggestions of areas to look into in Leading the way : a guide to privacy for public library staff.
  3. Work with partners and suppliers
    We work with others to provide specific services used by staff and citizens. Where do these partners and suppliers stand on the rights to privacy and data protection? Do their practices match our own standards? It is up to us to ask the questions, explain our position and say what changes we want to see.


1 Words borrowed from the Association des Bibliothécaires de France Bib'lib charter of the fundamental right of citizens to have access to and share information and knowledge via libraries, article 1. English version at:http://www.abf.asso.fr/fichiers/file/ABF/biblib/charte_biblib_abf_uk.pdf [Accessed 23/06/19]