Ryan Eby speaks with tongue firmly in cheek in this blog post, but his point is well taken. Privacy is serious to us, but we nonetheless make decisions that trade bits of our patrons’ privacy as an operational cost. While we argue about the appropriate time keep backups of our circulation records, we largely accept them — and the way they connect our patrons with the books they read — without question.
The problem here is that it’s a decision we make on behalf our patrons, often without bothering to inform our patrons of the risks we take with their privacy. And the problem there is that it violates users’ expectations of transparency and self determination — some of the same expectations you’ll find in Jenny Levine’s Online Library User Manifesto.
So here’s the trick: how do we deliver targeted and customized services online, without unhinging our patrons’ privacy? The answer so far is that we allow patrons to choose, giving patrons the tools and knowledge they need to make their own decisions about how much they reveal. But that answer depends on the notion that library services must be self-contained, that the only way our patrons can manage reading lists and the like is if libraries offer those services.
One only need look at LibraryThing to see an alternative. It’s not that I think LibraryThing or Listal or any other service will make better privacy decisions than we will. My point is that our attempts to build out customized services will likely draw resources away from efforts to improve the way our existing services interoperate with the rest of the internet. Listal and LibraryThing work because Amazon built an outstanding API and made it freely available to all. If libraries offered an API like that, those services could easily integrate our holdings, and LibraryThing users could match their interests against materials available at their local libraries without revealing themselves to us. Patrons could run desktop applications like Delicious Library and (mostly) avoid revealing themselves over the network. Libraries are in the awkward position of having identifying information about their patrons, but online-only services might not need any more identification than an anonymous username and password.
But even more simply than that, it’s worth asking how easily our online services work with basic expectations of web sites. Can users bookmark an item in your catalog in their browsers? Can they send the catalog URL of their new favorite book in an email to a friend? Can Google or other search engines index your catalog and help your patrons find materials even when they don’t know to search your site specifically?
Circulation records can be subpoenaed, but getting at the reading list I’ve been keeping as bookmarks in my browser is more likely to require officials to serve me with a search warrant. Building systems that work with the internet puts users in charge of their own privacy decisions.