Why use of T&C’s for notice and consent doesn’t work

Notice and consent/choice is a sign of a dysfunctional system for regulating privacy. Problems of a control based regime of “notice and choice” include:

  • terms are hidden in the fine print of legal notices virtually no one reads
  • there is as little meaningful choice as in old-fashioned consumer adhesion contracts
  • privacy policies are dense and unreadable

In most cases that matter, the assumption that users have actual notice or meaningful choice is an illusion. Privacy self-management is increasingly recognized to be unworkable and possibly even a farce…one study by computer scientists found that if an ordinary Internet user were to quickly read every privacy policy they encountered over the course of a year, it would take them seventy-six working days to do so. Another study by leading privacy journalist Julia Angwin revealed that it was practically impossible to opt-out of pervasive surveillance by governments and companies without practically opting out of society and human contact itself (Richards, Hartzog 2017).

The notice and consent paradigm assumes that citizens are able to assess the potential benefits and costs of data acquisition sufficiently accurately to make informed choices. This assumption was something of a legal fiction when applied to data collected by government agencies and regulated industries in the 1970s. It is most certainly a legal fantasy today, for a variety of reasons including the increasing use of complex and opaque predictive data-mining techniques, the interrelatedness of personal data, and the unpredictability of potential harms from its nearly ubiquitous collection (Strandburg 2014).


RICHARDS, N. and HARTZOG, W., 2017. Privacy’s trust gap. Yale Law Journal, (17-02),.

STRANDBURG, K.J., 2014. Monitoring, datafication, and consent: legal approaches to privacy in the big data context. In: J. LANE, V. STODDEN, S. BENDER and H. NISSENBAUM, eds, Privacy, big data and the public good. Cambridge University Press, pp. 5-43.


Library users’ trust in librarians to protect their privacy

Trust has to be earnt. It can’t be taken for granted. And earning that trust is a continuous process.

Librarianship is one of the few professions which covers privacy in their codes of ethics.

When thinking about privacy, it is almost as though the relationship between a librarian and his or her user is considered in the same way that people think of the relationship between a doctor and his or her patient or a priest and a penitent.

It is worth thinking about what, if anything, we do to earn the trust of library users. Do we demonstrate professionalism in the way we operate. When someone joins the library do we tell users that we are governed by a code of ethics. When we are collecting their personal data as part of the process of them getting a library card (such as date of birth), do we point them towards, or give them a copy, of the library’s privacy policy. If we were asked what protections we have in place to keep their PII secure, would we have an answer (such as being able to say that we undertaken network penetration testing).

From the literature, here are a selection of quotations which cover aspects of trust:

“with a significant number of government and commercial services moving online, patrons are increasingly coming to libraries to get assistance with applying for passports, accessing digital banking services and making online payments. It was commented that while this demonstrates the high level of trust the public place on library staff, the migration of services online is exposing vulnerable sections of society to greater risk as they are increasingly disposed to disclose personal information to strangers” (International Federation of Library Associations, 2016)

“If you knew you could trust someone just by looking at them, you wouldn’t need to trust them. Ridiculous as it sounds, you can trust people only because you can mistrust them” (Cohen, 2013)

“In practical terms, much of the relationship between a library and its patrons is based on trust, and, in a free society, a library user should be secure in trusting us not to reveal and not to cause to be revealed which resources are being used and by whom” (Gorman, 2015)

(Dettlaff, 2007) poses the question of why librarians should protect user privacy when they seem as though they couldn’t care less about their privacy. She answers her own question by saying it is a matter of professional ethics, and also because it establishes a level of trust between the user and the library staff.

(Sturges, Davies et al. 2003) surveyed library users and found a low level of concern regarding trust in the library as a respecter of privacy. When users did have privacy concerns they were about commercial intrusion (61%) rather than from official bodies (33%). Users were certainly not concerned about threats to privacy whilst using the library, 89% expressing no, or little, concern

(Sutlieff and Chelin, 2010) studied library patron’s perceptions of trust in the library and its ability to keep personal information private. This was helped by having a clear policy on the confidentiality of library records and the privacy of information.

Libraries represent a trusted resource, and they should avoid lending their credibility to institutions that fail to uphold similar ethical values (Fernandez, 2009)

Surprisingly, the library literature reveals no in-depth examination of the privacy policies of vendors of library online resources. …If librarians continue to assure users that their library searches and research interests are confidential but know nothing about the privacy policies of the vendors who provide the databases offered by the library, librarians risk betraying their users’ trust (Magi, 2010)

(Adams, 2000) in her research on the use of privacy in regard to multimedia technologies, makes a point that is extensible to all information access about how “the relationship between organisational control and trust affects users’ privacy. Trust is undermined if users are not allowed to judge trade-offs for themselves or feel part of the proposed solution. Ultimately privacy, as with trust, is reliant on our perception of it”


Adams, A. (2000) ‘Multimedia information changes the whole privacy ballgame’, ACM, pp. 25.

Cohen, J. (2013) The private life : why we remain in the dark. Granta Publications.

Dettlaff, C. (2007) ‘Protecting user privacy in the library’, Community & Junior College Libraries, 13 (4), pp.7-8.

Fernandez, P. (2009) ‘Online social networking sites and privacy: revisiting ethical considerations for a new generation of technology’, Library Philosophy and Practice, .

Gorman, M. (2015) Our enduring values revisited: librarianship in an ever-changing world. Chicago: ALA Editions, an imprint of the American Library Association.

Gorman, M. (2000) Our enduring values: librarianship in the 21st century. Chicago; London: American Library Association.

International Federation of Library Associations (2016) ‘IFLA trends update’, .

Magi, T.J. (2010) ‘A content analysis of library vendor privacy policies: Do they meet our standards?’, College & Research Libraries, 71 (3), pp.254-272.

Sutlieff, L. and Chelin, J. (2010) ‘`An absolute prerequisite’: The importance of user privacy and trust in maintaining academic freedom at the library’, Journal of Librarianship and Information Science, 42 (3), pp.163-177.


Open data and privacy risks

Anonymisation is hard to achieve when there are correlation attacks; and when in amongst millions of items of data someone having access to four random pieces of information can deanonymise over 90% of those records (Singer 2015).

To illustrate the dangers that come with open data: The New York City Taxi and Limousine Commission released a dataset containing the details about every taxi ride (yellow cabs) in New York in 2013, including the pickup and drop off times, locations, fare and tip amounts, as well as anonymized (hashed) versions of the taxi’s license and medallion numbers.  From this (Tockar 2014)  was able to identify the home addresses of frequent visitors to a strip club in the city.

Perfect anonymisation is a myth. There is a tension between the level of usefulness of the data and the risk of privacy being compromised: the less granular the data the less interesting and useful it is for businesses, for policymakers, for researchers and for the public. The problem is that the more granular and detailed the information is, the greater the risk that personally identifiable and potentially highly sensitive information can be revealed.

Risks include:

–          Re-identification

–          False re-identification (When data is partially anonymous, individuals are at risk of having sensitive facts incorrectly connected to them through flawed re-identification techniques.)

–          Jigsaw identification (The ability to identify someone by using two or more different pieces of information from two or more sources-especially when the person’s identity is meant to be secret for legal reasons)

–          The “mosaic effect”/Mosaic theory

There are various risk mitigation techniques that researchers can use, for example to remove low numbers, aggregate data sets.

It isn’t simply a question of whether the information that is made available contains anything that could in and of itself identify a particular individual, because data protection legislation requires that you also take into account whether that information could potentially be combined with something else which together identifies the person. Article 4 (Definitions) of the GDPR 2016/679 says that ”‘personal data’  means any  information relating to  an  identified or  identifiable  natural person (‘data  subject’);  an identifiable natural person is  one  who  can  be  identified,  directly or  indirectly,  in  particular by  reference to  an identifier such as a name, an identification number, location data, an online identifier or  to one or  more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”

SINGER, N., 2015. With a few bits of data researchers identify “anonymous” people. New York Times, (January 29),.

TOCKAR, A., 2014. Riding with the stars: Passenger privacy in the nyc taxicab dataset. Neustar Research, September, 15.


Terms of service / Contract override

Are there lessons from copyright law that can be applied to privacy law? Isn’t there a need for certain “rights” that can’t be overridden by contracts in the shape of terms of service.

I believe that individuals should have a basic set of unambiguous & meaningful rights. They should be rights with real teeth which cannot be overridden by contract law.

Websites typically have a privacy policy statement which governs the way in which they deal with personal data. As soon as you use a service, you are deemed to have agreed to the terms and conditions.

(Mayer-Schönberger, Cukier 2013) recognise that privacy has become much more difficult to protect, especially with old strategies such as individual notice and consent. The use of terms and conditions disempowers the data subject, because:
* The terms and conditions are non-negotiable
* They can be changed at any time
* The changes can take place retrospectively

Cullen (Hoback 2013) documentary “Terms and conditions may apply” draws attention to the use of T&C’s They are typically very long, written in legalese, appear in a small font, and the text often uses capital letters.

You wouldn’t be expected to agree to a set of T&C’s before being able to watch television, or before being able to read a book; whereas that is precisely what is expected of you if you read an ebook on a Kindle device, or watch a video on YouTube.

UK copyright law does not have a generic “no contractual override” provision which would apply in all circumstances. However, following a series of changes to the copyright exceptions which were brought into force in 2014, a number of the exceptions contain wording which does prevent contract override. So, for example, the text and data mining exception says that “To the extent that a term of a contract purports to
prevent or restrict the making of a copy which, by virtue of this paragraph, would not infringe any right conferred by this Chapter, that term is unenforceable”, and a similar form of words is used in a number of the copyright exceptions.

Four practical examples of how privacy impacts libraries

Receipts from self-service machines

Years ago retailers realized that they were putting too much information onto till receipts, notably the full credit or debit card number. Given the threat of identify fraud, they stopped displaying complete card numbers, and instead only showed some of the numbers while using asterisks to mask some of the digits.

With the prevalence of self-issue machines, libraries need to think carefully about the information that is printed out on transaction receipts. In the case of receipts for items borrowed, consider the following two examples:



At the top of the receipt it says:

Item(s) checked out to SURNAME, FIRSTNAME.

Then it shows:






At the top of the receipt it says:

Borrower number

Borrowed items DATE TIME

Item title

(Barcode of the book is shown)

(Followed by the title of the book)


Why is it necessary for LIBRARY A to show the user’s first name and surname on the printed slip? Wouldn’t it be better to show the last few digits of their library membership card?

Isn’t it likely that users will utilize the printed slip as a bookmark, to show how far they are up to with the book. And, further, isn’t there a fair chance that some users will forget to remove the printed slip before returning the book to the library. Depending on how many books they borrowed in a single transaction, and depending on the nature of the material being borrowed, the information on the slip could be quite revealing about someone’s reading habits.


Online databases and personalization

Many online databases try to help users by providing a number of personalization features. However, this involves a trade-off with user privacy. In order to personalize the service, to tailor it to their needs, it inevitably needs to know the user’s identity. Otherwise, they would get the generic, standard service. A lot of people are happy to give up some of their privacy in exchange for a more tailored service. And that is absolutely fine, provided that the user is making an informed choice.

Think of the online databases that your institution subscribes to. Do you or your users:

  • Create saved searches that you can run as required
  • Create alerts so that users are automatically informed of new material matching their interests
  • Make use of personalization features such as a list of companies whose share price you monitor, or the industry sectors and sub sectors that you monitor regularly
  • Bookmark articles of interest
  • Annotate items

Are library staff confident that the database vendor will keep this information secure? If so, what makes you so sure. Did you cover that in the contract negotiations. And do you monitor that vendor on an ongoing basis, to see that they are living up to what they promised in the contract.

Imagine you are a corporate librarian. What if that sort of information gets into the wrong hands. It could tell a lot about you and your organisation – the companies you are looking as part of considering potential acquisitions; the product development work you are currently undertaking for a highly secret project on a new product idea and so on and so forth.

(Lynch 2017) looks at the ecosystem that has evolved for scholarly journals involving a whole range of players including platform providers, various publishers’ websites, authors, readers, traditional publishers, libraries, third parties, and analytics providers.

“Whenever a third party has access to personally identifiable information, the agreements need to address appropriate restrictions on the use, aggregation, dissemination and sale of that information, particularly information about minors” Jones 2014

Agreements between libraries and vendors should specify that libraries retain ownership of all data; that the vendor agrees to observe the library’s privacy, data retention, and security policies; and that the vendor agrees to bind any third parties it uses in delivering services to these policies as well.


Telephone notification

A library service notifies users that the book(s) that they have requested on hold has now arrived and is ready for them to collect

This is done by email, but sometimes by phone. In one instance, a member of library staff called the user to inform them. The library user wasn’t home at the time, and so a voicemail was left. The message included details of the book title that was now ready for collection.

What if that book had been about domestic violence? What if the message was picked up by the partner of the library user?


Self-service holds

Libraries offer “click and collect” services whereby users can browse through the library catalogue from the comfort of their own homes, select the item(s) that they would like to read watch or listen to, specify which library they would like to specify as the pickup location, and then visit that library at convenient time to collect the item(s) once they have been notified that it is ready for collection.

As part of this “click and collect” facility, many public and academic libraries place the items awaiting collection in a public area of the library so that the library user can pick up the item without needing any library staff intervention. But the procedures vary from one library to another. Just as library practices vary, so too does the extent to which their actions encroach upon the privacy of library users:

LIBRARY 1:  Items that have been placed on hold are available on a set of open shelves housed on a standalone shelving display unit. All of the books that have been requested are individually wrapped in a sheet of A4 paper upon which are written the first three letters of the user’s surname, plus the last four digits of their library membership card.

LIBRARY 2: Items that have been placed on hold are available in a room on open shelves awaiting collection. In order to enter the room, users have to swipe their library card in order to gain access to the area designated for items placed on hold. Once inside, they browse the shelves looking for the first four letters of their surname. All items are individually wrapped in a sheet of A4 paper which is fixed in place with an elastic band.

LIBRARY 3: Items on hold are placed on the end of a set of library shelves in alphabetical order of requestor’s surname. All of the titles are easily browseable, because there is no paper wrapped around the items. Users full surnames are hand-written onto a slip of paper.

Of the three library procedures outlined above, the one adopted by library 3 is the least respectful of user privacy. First of all, because there is no paper wrapped around the items that have been requested, it is possible for anyone to quickly look through the titles. Then, secondly, if they spot titles that seem quite racy, provocative, controversial or embarrassing, they can look for the requestor’s surname to see if they recognize who has asked for that particular item. Some people have unusual or distinctive surnames thereby making it likely that in some cases the surname will be sufficient to identify a specific individual

Personal data is non-rivalrous

This is absolutely crucial to understanding the issues that can and do arise with protecting one’s personal data, and the ability to have control over it. I am currently trying to think through the implications of the non-rivalrous nature of personal data.

By “non-rivalrous” I am thinking of how the use (or processing) of your personal data by one individual or by one organization does not prevent its use by someone else.

A good is considered non-rivalrous or non-rival if, for any level of production, the cost of providing it to a marginal (additional) individual is zero.

“We need to allow the individual to get much more of the value of the data about them, and because data is non-rivalrous this can be done without reducing the value of the data to the data holder. Moreover, this can be done in ways which respect the privacy, commercial and other interests of all the parties concerned”.
Source : Nigel Shadbolt, Midata: towards a personal information revolution IN Digital Enlightenment Yearbook 2013: the value of personal data edited by M Hildebrandt et al

A few years back the UK government were promoting the midata project which envisaged data portability. The problem was that there was little incentive for companies to cooperate if it made life easier for customers to get access to their data (such as usage data) in order to be able to switch suppliers. It is worth noting that the General Data Protection Regulation, which will be implemented in May 2018, contains a right to data portability.
“Data have been described as a ‘non-rivalrous’ good in that they can be used for multiple purposes on multiple occasions without reducing their value for other users. Data are unlike other economic goods in that their value depends on the means of combining them and extracting knowledge from them”.
Source: Report of workshop on privacy, consumers, competition and big data (EDPS, 2014)

Role of libraries and librarians regarding privacy

  • This article considers potential roles for libraries & librarians on privacy issues, from the passive and reactive through to more radical and activist roles

  • To protect
  • To defend
  • Activism
  • To be radical
  • To lobby/advocate
  • To negotiate
  • To educate/train
  • To provide a sanctuary of safe haven for private reflection
  • To participate
  • To debate
  • To be a privacy watchdog or auditor
  • To take on a leadership role

Privacy is one of the most commonly featured values in the codes of ethics of library associations around the world. Indeed (Lamdan 2015a) says that librarianship is one of the only professions that explicitly expresses privacy rights in its codes of ethics. (Shachaf 2005) undertook a study involving a comparative content analysis of the English versions of codes of ethics proposed by professional associations in 28 countries. The study yielded an empirically grounded typology of principles arranged in twenty categories. The most frequently identified principles were professional development, integrity, confidentiality or privacy, and free and equal access to information.

(Fouty 1993) says that library staff authorized for any level of access to online patron records should be thoroughly educated in local and federal data privacy laws. She raises the question of enforcing institutional privacy policies and legislation. Fouty says that sanctions for violating rules and regulations governing data privacy should be approved and upheld by the library’s administration, and clearly presented to staff in the strongest terms possible. Staff should be made aware that any deviations from acceptable procedure will be treated as serious violations, subject to discipline or even termination of employment.

(Fouty 1993) considers the enforceability of the law, pointing out that the confidentiality laws in five states – Colorado, Florida, Arizona, Michigan, and South Carolina include clauses that define penalties for violating those laws. The American Library Association has gathered together the relevant state laws at http://www.ala.org/advocacy/privacyconfidentiality/privacy/stateprivacy. In the case of Michigan The Library Privacy Act MCLS prec § 397.601 says that “the person identified may bring a civil action for actual damages or $250.00, whichever is greater; reasonable attorney fees; and the costs of bringing the action”; while in Arizona, Florida or South Carolina it could be a prison sentence of up to 90 days, although the 90 day figure is only applicable in South Carolina, and only where the person convicted has committed a number of offences. The Code of laws of South Carolina, title 60: Libraries, Archives, Museums and Arts says that someone can be “fined not more than two thousand dollars or imprisoned for not more than ninety days for the third or subsequent offense”.

I believe that the information profession needs to have a debate about the role of the librarian in protecting user privacy. Such a debate needs to go back to first principles to ask whether librarians have a role in protecting user privacy, and if so, what form that role should take. (Cooper 2016) did a survey in which participants were asked their views on the following statement: “Libraries should play a role in educating the general public about issues of personal privacy and data protection”. The overwhelming majority (78.6%) of survey respondents either agreed or strongly agreed with the statement, but 15.5% neither agreed nor disagreed with the statement, while 6% of respondents either disagreed or strongly disagreed with it:

  • Strongly agree 40.5%
  • Agree 38.1%
  • Neither agree nor disagree 15.5%
  • Disagree 2.4%
  • Strongly disagree 3.6%

Even amongst those who do believe that librarians have a role to play in protecting user privacy, there is still the question of quite what that role should be. This could range from a more passive approach, simply protecting the personally identifiable information held about users – through to a more active approach in the form of lobbying and advocacy work; organising cryptoparties etc.

There are a number of potential roles that librarians can and do play. These are not mutually exclusive:

To protect (Brantley 2015) believes that “Public libraries are among the last protectors of privacy in contemporary society”

(Fortier, Burkell 2015) reinforce the role of protecting user privacy saying that “Librarians have a professional responsibility to protect the right to access information free from surveillance. This right is at risk from a new and increasing threat: the collection and use of non-personally identifying information such as IP addresses through online behavioral tracking.”

To defend (Mattlage 2015) (p76) considers the role of librarians defending the information rights of users: “Having special obligations to protect information rights means that information professionals must first of all take information rights seriously by defending them against countervailing pressures for more expedient public policies. It is the unique role of information professionals to be last to abandon the defense of these rights, even if this leads others—who do not have these special obligations—to perceive information professionals as unreasonable”.

Activism Speaking of the privacy role of librarians in terms of activism is bound to be controversial. But it is interesting to observe the way in which librarians in America reacted to the repeal of the Federal Communications Commission’s rules requiring ISPs to adopt fair information privacy practices in regards to their customers’ data (Caldwell-Stone, Robinson 2017). These responses have included use of encryption, of VPNs, and of using the Tor browser to enable anonymous web searching.

To be radical It is worth noting that people who identify themselves as being “radical librarians” seem to place a particularly high priority on ethical issues. (Clark 2016) says that “If we cannot (or do not) protect the intellectual privacy of our users, then we are failing as professionals”.

To lobby / advocate In the United Kingdom, librarians across the whole range of sectors have for many years worked together through the Libraries and Archives Copyright Alliance (LACA) to lobby for fairer copyright laws from a user perspective. The present researcher believes that there is a real need for a similar organisation to lobby government for laws that are more respectful of user privacy.

(Lamdan 2015b) “As traditional keepers of information, librarians have innate roles as Internet advocates for their patrons”.

The advocacy function could also include promoting best practice within the profession.

To negotiate

An important role for librarians involves vendor management – from the initial selection of vendors, negotiating the right contract terms, through to continuous oversight of the contract once the agreement has been signed.

A key part of that work involves ensuring that the contracts they have with vendors provide adequate protection for user privacy. (Dixon 2008) “If libraries only chose vendors who had good privacy policies, the industry would have to change its standards in order to obtain library business”

(Magi 2010) Librarians have a long history of protecting user privacy, but they have done seemingly little to understand or influence the privacy policies of  library resource vendors that increasingly collect user information through Web 2.0-style personalization features.

(Caro, Markman 2016, Magi 2010) list a series of questions librarians should be asking of their vendors, covering data breach policy, data encryption, data retention, the ease of use of the vendor’s terms of service, patron privacy, secure connections and advertising networks.

(McMenemy 2016) says that “We need to be careful of how many of our values we cede to software vendors to manage for us”

To educate/train (Fifarek 2002) Libraries need to take an active role in educating users about protecting their privacy. Users should be educated as to what their privacy rights are and what privacy protections exist. Additionally, users need to understand that protecting their personal privacy requires them to make choices about what information they are willing to disclose in order to receive services.

Libraries are ideally placed to offer training on how users can protect their privacy (such as using browser addons and other tools; making full use of privacy settings within browsers etc).

(Noh 2016) The library is the most general and representative organization that can promote digital inclusion. The public library, in particular, is one of the few organizations in the public domain that all citizens can use free of charge. Public libraries are accessible to citizens throughout the nation from all walks of life. As such, they are the ideal environment for studying varying digital levels of ordinary citizens.

(Jones 2014) p163 Libraries should seize this opportunity to play a major role in teen entrepreneurship, critical thinking, creativity—and the role of privacy in their digital lives. Libraries are well positioned to educate teens on how their personally identifiable information can be used to compromise their privacy and possibly hurt them at a job interview or other important events in their lives. The very technology that enables them so much creative freedom can also be used against them. With education on how their personal information is collected, and what they can do to protect their privacy, they will learn to make educated decisions and choices about their personal space.

To provide a sanctuary or safe haven for private reflection (Johnston 2000) says that “Public libraries further fulfill an essential social role by providing public space which serves ”as safe havens for private reflection and as meeting places for community functions””

In Quad/Graphics, Inc. v. S. Adirondack Library System, 174 Misc.2d 291, 664 N.Y.S.2d 225 (N.Y.Sup., 1997) the court noted that a library was “a unique sanctuary of the widest possible spectrum of ideas [and] must protect the confidentiality of its records in order to insure its readers’ right to read anything they wish, free from the fear that someone might see what they read and use this in a way to intimidate them”.

To participate If librarians are to protect the privacy of their users, it is essential that they take part in the formulation of privacy policies. A failure to do so would be an abrogation of their ethical responsibilities.

(Jones 2014) p159 All over the world people are concerned about government surveillance and corporate collection of their personal data. Now is the time for libraries to seize the opportunity to play a major role in this policy arena! Librarians and library associations from all cultures must collaborate in this work, since the concept and application of privacy principles varies from culture to culture

It is indeed important for librarians to participate in the process of formulating privacy policies. (Esposito 2016) says that “Libraries have, with the best of intentions in the world, taken a strong position on privacy, and they have lost. They got the whole privacy thing all wrong. Rather than participate in the policies of their institutions and the many organizations that interact with them, they have abdicated their role and are now watching as their institutions are being colonized by commercial interests, which are no longer answerable to libraries”.

To debate (McMenemy 2016) says that “If we cannot debate important issues such as privacy and freedom of expression within our profession, we will lose our moral authority on them”.

To be a privacy watchdog or auditor (Johnston 2000)By accepting the existence of new privacy threats within the institution, it becomes possible to see an important new role for librarians. By building on such traditional responsibilities as evaluation of sources, monitoring of information systems, and keeping abreast of new tools or changes in old ones and addressing internal and external information flows, the librarian could become something akin to a privacy watchdog or auditor”

To take on a leadership role (Fernandez 2010) recommends that librarians take a leadership role in the public debate on privacy: “After determining that libraries should have a presence within a social networking site, they can take a leadership role in promoting awareness and engagement on the issues surrounding information literacy and privacy.”

(Lamdan 2015a) believes, more specifically, that librarians should lead a campaign to urge Internet social media companies to include Privacy by Design principles in their user agreements.

Privacy by design originates from a report on “Privacy enhancing technologies” from the Information & Privacy Commissioner of Ontario, Canada, the Dutch DPA Authority and the Netherlands Organisation for Applied Scientific Research in 1995. The foundational principles are:

  1. Proactive not reactive; Preventative not remedial
  2. Privacy as the default setting
  3. Privacy embedded into design
  4. Full functionality – positive-sum, not zero-sum
  5. End-to-end security – full lifecycle protection
  6. Visibility and transparency – keep it open
  7. Respect for user privacy – keep it user-centric

https://autoriteitpersoonsgegevens.nl/sites/default/files/downloads/av/av11.pdf (revised edition of “Privacy enhancing technologies: the path to anonymity, 2000).

Magi (2013) says “As a former marketing professional, I know the importance of occupying a unique position in the marketplace—of finding something that sets your organization apart. More than ever, libraries hold a unique and critically important place in the information landscape. I can think of few other information providers that do what libraries do: provide a broad range of information, make it accessible to everyone regardless of means, while embracing the ethical principle that our users’ personal information is not a commodity to be traded or sold. Our commitment to user confidentiality is rare and special, and it’s a characteristic that research tells us is important to people. That means it’s a competitive advantage, in the same way that reliability of its cars has been a competitive advantage for Toyota. I believe it’s essential that we work to preserve that competitive advantage, both because it’s the ethical thing to do, and because it’s a practical way to stay relevant.