Data Privacy in Libraries
The Nightmare of the Transparent Reader

Transparant reader
Transparant reader | Photo (detail): © thomass -

How secure are the data of library users? The World Association IFLA has signed a declaration on the protection of human rights in the surveillance of communications. In the professional scene, however, a critical discussion continues on the cooperation between libraries and IT companies.

It is the nightmare scenario of the transparent reader. Roland Reuß, Professor of German and Edition Philology at the University of Heidelberg, sees data privacy endangered at German libraries. In a much debated article published in the Frankfurter Allgemeine Zeitung (FAZ) in November 2013, he painted the risks of the digital age: by implementing so-called “history functions”, many libraries save users’ searches in their online databases. When then a book is borrowed, these data are assigned to specific people. The algorithmic analysis of reading behaviour by monitoring instances could have disastrous consequences. “Why such data is dicey is obvious”, wrote Reuß. “Overlapping reading of Hegel, Marx, Engels, Bakunin and Lenin; ergo: Communist and (depending on the prevailing political conditions) arrest.” Is Big Brother reading you?

Responsible conduct of librarians

On the other hand, Barbara Lison, member of the governing board of the International Federation of Library Associations (IFLA) and Director of the Bremen Public Library, emphasizes the high sense of responsibility in library work with respect to data privacy. “Even before the introduction of electronic data processing, we specifically protected user and loan data”, she says. At the Bremen Public Library this rule continues to apply in the online age: “Reading behaviour isn’t tracked and personal searches aren’t saved.” When a borrowed medium is returned, the title and user data are separated from the system no later than a few days after the medium has been returned to its place. At most, libraries are required to impart user data in the case of state investigations.

Nor do university libraries operate in a legal vacuum; they too are subject to the obligations of data privacy. “Every library must of course have publicly available procedure registers in which all computerized procedures are described in detail”, says Lison.

Standards of data protection

To reaffirm the importance of privacy in the digital age, the IFLA signed in autumn 2013 the “International Standards for the Application of Human Rights in the Surveillance of Communications”. The paper was developed by several international NGOs. It formulates principles of legality, necessity, appropriateness and proportionality for communication monitoring. Its aim is to provide a common basis for IFLA members. “We’re an organization in which countries with various degrees of marked awareness for data protection are represented”, explains Lison. The Association works at a high level of aggregation not only on this question, often asking “Is the Central European standard also the norm elsewhere?”

Opportunism with respect to the IT industry?

The concern of data privacy sceptics such as Reuß, however, is directed at the increasing cooperation between libraries and IT companies such as Google, Facebook and Amazon. Their handling of user and customer data has repeatedly come under close scrutiny because of lack of transparency. In his FAZ article (headline: They call it service, but it is folly), Reuß therefore speaks of not only the negligent but also the “dangerous opportunism of large libraries with respect to the IT industry”.

In 2007 the Bavarian State Library, among others, entered into a partnership with the internet giant Google to digitalize its copyright-free holdings. More than a million works are now available online on the Digital Library and the library catalogue OPACplus. What rights the contract granted Google has not been made public.

The linking of the online catalogue of some German university libraries (including Essen-Duisburg, Heidelberg and Bayreuth) with Amazon has also met with criticism. Lison points out, however, that, depending on the provisions of the contract, commissions from the industry giants could flow to the participating libraries. And “sponsors of public institutions are encouraging them to do more to generate their own revenue”.

Need for transparency

The decision of the Working Group of the Combined Systems (in which all the mergers of libraries in German-speaking countries are represented) to make available to Google up to 50 million catalogue datasets has also caused debate among experts. “Metadata paid for by the German taxpayer”, notes Reuß. But here too Lison makes a qualification: “If the library offerings don’t appear in the commercial search engines, they lose relevance.”

Of course, she concedes, in return it must be guaranteed that IT companies are not allowed access to sensitive library user data. “The most important thing is transparency”, says Lison. “On demand, users must be able to learn how their data have been handled.”

Library management systems should be adapted accordingly. If software fails to delete user data after a certain space of time, she agrees, it is necessary to take action. “Awareness for data privacy”, Lison concludes, “must be uppermost in the minds of librarians and library suppliers.”