Library Web Chic

ACRLBlog has a good post pointing out a New York Times article discussing the tension between privacy and personalization of services. This is an issues which is very close to home for me. A little less than a year ago I gave a presentation at Computers in Libraries discussing the issues that libraries face in trying to protect patron privacy. Library system create a tremendous amount of data about library users. This data can be used to improve services but it also can be used to meddle in the lives of library users. The problem is that increasingly because of websites like Amazon, Netflix, Yahoo, etc. library users expect personalization. To make matters worse new sites like Netvibes allow users to customize their web experience and the information they receive to an even greater degree. (The best way to describe Netvibes if MyYahoo on steriods. If you haven’t checked it out. Go there now! As a result, libraries like Notre Dame and North Carolina State University have started to provide personalization of services to their users using system like MyLibrary. However, in order to do this Notre Dame and North Carolina State University must collect additional information about their users. Information which under the Patriot Act the federal government can ask for.

Many librarian including some quoted in the article have resorted to the “I can’t give what I don’t have strategy”, which basically means that you purge that data you have on a regular basis. I’ve used this strategy myself in the past and it is quite effective in cases where purging or anonymizing the data doesn’t effect the library’s ability to function. However, with systems for personalization, there doesn’t seem to be a good way to anonymize the data. In fact, the personalize services libraries need to do just the opposite. They need to keep more data on their users than ever to target content and services to them. Some may say that library users make the choice to put their information and information seeking habits out there by using personalization. However, the bottom line is that libraries are moving to an “opt-out” rather than opt in model. What this means is that personalization may become so integrated with library services that users information is automatically collected and they must take action to have it removed. This is the case with many online services like Amazon. It also means that the library website and web-based services will function in a fundementally different way for users who choose not to personalize, potentially disadvantaging these users. In order to avoid this libraries need to think about creating a world where library users don’t have to choose between personalization and privacy. If I want to share my information with the world, I can. However, if I choose not to the quality of service and information which I receive is not diminished.

So how to libraries go about doing this. To me there are two possible paths for exploration: the legislative route and the technological route. The first path would involve libraries campaigning (and they already are campaigning) for privacy protections on user information. This doesn’t just mean repealing the portion of the Patriot Act which allows the federal government to look at library record but putting in place legislation which will safeguard the multitudes of current and future information might be collected. While I feel this path is important, I’m not a lawyer and it isn’t one which I feel I can adequately pursue. So I will leave it up to the lawyers and folks at ALA.

The second path which libraries can take is the technological route. Libraries can try to create systems which allow users to personalize their experience and maintain their privacy. What would it take to create this type of system, for all my technical experience I’m not really sure. One thing I do know is that in the current personalization systems, the libraries hold all the data about the user. Making a simple data store from which information can be accessed. This puts the library in charge of how the data store is protected, maintained and purged. So I find myself asking the question, what if libraries chose to break up the data store? Perhaps libraries would hold some of the data and the user would hold some of that data, particularly the personably identifying pieces of data. What if the user had all of the data rather than the library? They could store it on a portable storage device like a USB thumbdrive or a cellphone. They could carry that device with them and use it on any computer to access the “personalized” version of the library. While this might not work for some personalized services it is a step towards thinking about how to do things in a way in which privacy and personalization can co-exist. Until this point and time, libraries have merely copied the practices of other web-based information providers, most of whom care very little about protecting user privacy. If libraries want to set themselves apart from other web-based information providers, they should consider providing information services in the online environment which DO protect user privacy.