A publicly funded library is usually subject to privacy laws and regulations at its country's national, local, and state levels—and to regional and international agreements, some of which are nonbinding. National library associations should assume the responsibility for collecting these laws and understanding their applicability to library patron data. In the United States, as an example, there is no explicit right to privacy in the U.S. Constitution. The approach is, rather, sectoral, meaning that different bodies of law are developed for different sectors—such as health care, educational institutions, and so on. Library user privacy could conceivably be influenced by the following laws, regulations, and agreements:

• National legislative protections such as the 1986 Electronic Communications Privacy Act and, in contrast, the setbacks to privacy in the 2001 USA PATRIOT Act.
• Regulatory agency actions. For example, the Federal Communications Commission has taken the lead in protecting consumers from private sector misuse of personally identifiable information.
• Constitutional protections. For example, Katz v. U.S. protects people from government eavesdropping as prohibited by the Fourth Amendment.
• State laws, such as the library confidentiality statutes or agreements in each state. Information on state privacy laws is available on the ALA website.
• International agreements such as the Organisation for Economic Co-operation and Development (OECD) Guidelines of 1980, which protect privacy and transborder flows of personal data.

State Privacy Laws Regarding Library Records

www.ala.org/ala/aboutala/offices/oif/ifgroups/stateifcchairs/stateifcinaction/stateprivacy.cfm

The United States government, like most, tries to strike a balance between promoting the individual's right to privacy and protecting national security. Many civil society groups argue that the balance has tipped too far toward national security and surveillance with the passage of the USA PATRIOT Act in 2001, which trumps state laws governing confidentiality of library records, and the 2006 extension of the 1994 Communications Assistance for Law Enforcement Act (CALEA), which allows surveillance of the Internet.

The European Union, on the other hand, is subject to the 1995 European Union Data Protection Directive. It is a very strong set of directives—so strong that special negotiations were necessary before the EU would allow data transfers into the United States. (U.S. data privacy regulations are much weaker than the EU mandates.)

Most countries in the developing world, in contrast, have very few privacy laws, regulations, or directives. The just-released IFLA World Report 2010 shows that, of the 122 countries responding (the report is usually submitted by the national librarian or head of the national library association), only 17 reported national antiterror legislation “that affects Intellectual Freedom.” (Further research by the report's compilers found far more antiterrorism legislation than was reported.) Sadly, only one half of the 122 respondents had any opinion about the legislation's impact on reader privacy. And of the seventeen countries reporting they have antiterror legislation, only five elaborated on the negative impact: the United States, the United Kingdom, Japan, Italy, and the Netherlands. These results clearly demonstrate that privacy is not on the radar screens of many librarians—at least those who responded to the survey. Regarding the survey question about whether libraries keep patron usage records, the compilers concluded there was not enough data to make valid deductions by region. However, of the respondents to the question “whether keeping usage records affects freedom of access to information of the individual Internet library user,” 66.7 percent of European libraries said yes; 66.7 percent of African librarians responded no. I am writing this article at the 2010 IFLA Conference in Gothenburg, Sweden, and I can confirm from conversations and the dearth of presentations that library privacy is not on the agenda—particularly in the developing world. As one national librarian of an African country told me, “Most of us are so focused on obtaining computers and bandwidth that Internet privacy is not an issue we have the luxury of discussing.”

IFLA World Report 2010

http://ifla-world-report.org

Much has been written about the “digital divide,” and indeed it is a key factor in barriers to Internet access for all. The IFLA World Report 2010 collected information about library Internet access from 122 countries. In terms of Internet access in public libraries worldwide, only 37.3 percent of reporting countries have 81–100 percent of their public libraries with Internet access. In Africa, there is only one country with public libraries at that level—Egypt; in Latin America, 10 out of 22. These results are only slightly higher than the 2007 report, so the developing world is experiencing little movement toward public library Internet access.

One third of African countries reported that only 20 percent or fewer of their university libraries have Internet access—the same as the 2007 report. To put this digital divide in higher education in context, 80 percent of the reporting countries have Internet access in 61–100 percent of university libraries. But 15 countries are at the level of 40 percent to less than 20 percent—and 8 of these 15 are in Africa.

Here is another way to dramatize the problem: of the 122 countries reporting, 4 countries report that less than 20 percent of libraries in each category—academic, school, and public—have Internet access. All these low statistics come from Africa. No countries in Europe, Latin American, or North America report any type of library in that lowest category of 20 percent Internet access. It is easy to see why African countries aren't thinking of privacy at the moment—even though, arguably, it is best to incorporate privacy safeguards at the very beginning of building technological infrastructure.

These discouraging statistics also mean that many countries have not yet developed a national information infrastructure. Those governments’ decision makers have not directly experienced the value of Web 2.0 and other technology for public policy work. Library and IT staff in those countries do not have workplace access to computers and the Internet. At a recent library meeting in the developing world, my colleague turned to me and said, “Most of the librarians in this room can't turn on a computer, because they didn't have them in library school and they don't have them in their libraries.” Nor do they do have access to technology training programs or experience with user services and interfaces. At FAIFE's first Internet Manifesto workshop (2006 in Central America), my colleague was demonstrating how she trains users and promotes YouTube and Facebook in her U.S. urban public library. She was met with blank stares. We learned very quickly not to take anything for granted. While it is important to demonstrate innovation, it is also important to know the audience's frame of reference. There was simply no way that she could explain the privacy issues surrounding Facebook to that audience on that occasion.

In 2009 I presented a two-day invitational workshop in an African country to help government ministry officials and librarians adopt social media for government websites in order to encourage citizen participation and interaction. I was unable to show examples from such interesting United States government agency websites as www.whitehouse.gov or www.fema.gov because the Internet bandwidth was too slow. This was a frustrating example of a government that could not implement its vision of citizen participation in e-government because it put the social media cart before the bandwidth horse. And of course, privacy concerns were not on the radar screen at all.

While attending a conference in Oslo, I asked a library colleague whether librarians’ salaries were sufficient to accommodate the extremely high cost of living. He—hardly a close friend—casually revealed to me his exact salary. In Norway and other socialist-leaning countries, one's salary is not considered as private as it is in the United States. Anthropologists and other researchers are finding that the concepts of privacy and “personal sphere” differ from culture to culture. Further, some cultures determine that certain actions are not decided by individual citizens because the individual has a moral obligation to act on behalf of the larger community. And in most societies some actions are based on gender roles.

But one concept seems universal. Clinical studies across cultures seem to indicate that “there are basic psychological limits to the extent to which others (including society) can impinge on the private lives of individuals.”⁵ And “[w]hat is being recognized is that basic requirements for psychological integrity include the establishment of an arena of personal choice and privacy.”⁶ But cultural definitions and norms may differ; nonetheless, this sphere does exist to an extent. This includes children and adolescents. This research applies to children of various ages and leads to important questions about how much privacy and agency should be afforded to young people as part of their development.

It is important to underscore that in all cultures, people do seem to care about a certain modicum of personal privacy. In many countries in which HIV/AIDS is a large public health concern, librarians report that in small villages or towns, clinic workers will not keep the blood test results confidential. As a result many librarians in the developing world have experienced patrons consulting the library about HIV/AIDS instead of the clinic. One African colleague stayed in the same hospital room with a pregnant HIV/AIDS patient who was not told how pregnancy with HIV/AIDS should be dealt with. After her release, the librarian did research and returned to the hospital room to relay the information to the pregnant woman, who trusted her over the hospital workers.

I am not making the argument that human rights are culturally relative. In fact, Nucci says, “Empirical work indicates that there is both evidence for a psychological basis for claims to basic human rights, and considerable contextual and cultural variation in their expression.”⁷ However, for the real world of library Internet access and service, the great human rights documents and the word privacy must be translated into practical applications.

E-government is, in most cases, a well-intentioned and promising way for governments to collect public records and, in some cases, aggregate them and make them available online so that citizens can monitor government accountability and accessibility.

The “one card” or “universal ID” has become an integral element of many e-government services. Some countries are developing cards so that citizens can do anything from paying their water bill, to checking out library books, to consulting a local health clinic for an HIV/AIDS status update. Much government business can be transacted at centrally located kiosks. The clash of equally compelling values was made clear to me during a workshop on the Internet Manifesto in Central America. When I asked my colleagues whether they were concerned about having so much personal information on one chip, they replied that fighting corruption (not to mention personal convenience) outweighed their concerns over personal privacy. Before the “one card,” it often took over four hours to pay a utility bill or transact government business. Thus many people were compelled to pay workers to stand in line for them. This system bred corruption. Local public employee unions opposed these cards because the kiosks took away their jobs. In evaluating what the developed world calls “progress,” we must look at the local complexities and decide how to promote privacy when it is not a high priority or is a conflicting value.

Novelist and rights activist Henning Mankell tells the story about his conversation with young street boys in Mozambique. When asked what they wanted more than anything in the world, they told him, “A national identity card so that people know who I am.” Only after he asked them how they would get a card did they mention the importance of being able to read and write.⁸ And so, when we librarians in the developed world tell librarians in the developing world that they must move privacy to the top of their list of professional values, we must listen to the reasons why it isn't there now.

I am persuaded by the approach of such thinkers as Helen Nissenbaum in her 2010 book, Privacy in Context: Technology, Policy, and the Integrity of Social Life.⁹ Although her book and approach focus mostly to the United States, I believe that her conclusions and theories could be applied to privacy solutions in a global context. Nissenbaum asserts that legal and political structures might not be the best way to promote privacy. Instead, she suggests that we (1) look at information flow in our culture; (2) identify places in which lack of privacy has disrupted the integrity of our lives; and (3) address and solve the problem by fixing the information flow. The problem might be fixed via laws, but we don't start with a law and point it at the problem; we start with the problem and devise the proper legal or regulatory fixes. This approach is relevant for non-U.S. libraries, where each country's history, legal structure, and cultural norms will define the private sphere differently; therefore, the libraries need a variety of options for fixing the invasion of privacy. While I view the rule of law and such documents as the Universal Declaration of Human Rights as essential, they are too vague for practical library application.

I would make the following recommendations:

• The national library association should collect, make available, and monitor national legislation and international treaties by which its country is bound—and determine how they apply to libraries.
• The national library association should adopt a code of ethics with privacy embedded therein.
• Librarians should share ideas about how to present the right to privacy in a dramatic way. Here at the Gothenburg IFLA conference, I realized that slides of the burning of Harry Potter books are far more emotionally compelling than abstract notions of personal data theft. How do we envision privacy and tell the story? Elementary schools students told me we should act it out in plays. Others recommend posters with colorful, catchy slogans. The American Library Association Privacy Revolution uses an edgy video. Maybe showing and discussing movies like The Lives of Others would make a more emotional impact.

Privacy Revolution

www.privacyrevolution.org

• Librarians should work closely with legislators to help fashion laws that address privacy protection.
• Employers should train librarians and IT professionals about the principles of privacy, as outlined in the Code of Fair Information Practices.
• Librarians worldwide should avoid reinventing the wheel by consulting the privacy policy formulations of such organizations as IFLA/FAIFE and the American Library Association's Office for Intellectual Freedom.
• Libraries should not attempt to promote privacy by banning social media. Rather, they should teach library users how to use it responsibly.
• Librarians should find ways to show how the loss of privacy is incremental. I am reminded of an exhibit at the Museum of the Resistance in Amsterdam. This exhibit documents how the Jews of Amsterdam lost certain rights one by one. First they could not order telephones. Next they could not be on the street during certain hours. Then they were restricted to certain areas of the city. Because the restrictions were introduced over a period of years, they were easier to tolerate. Many believe that the loss of privacy happens in the same way and that the result can also be catastrophic. Another analogy is the development of the system of apartheid in South Africa, in which all citizens were categorized into one of eleven racial/ethnic groups. This data was stored on a computer. In fact, much of our history documents oppression enforced by taking away the private sphere of the individual victims.
• We should listen to librarians who (1) have lived in repressive regimes, (2) live in countries with no privacy protections, and (3) believe that privacy is gone and that we should get over it. While we may disagree with some of their approaches, we can't address the problem without the benefit of their wisdom.