I compare the privacy policies of three popular library vendors and offer some suggestions about how they could be improved: https://github.com/alisonLFP/libraryfreedominstitute/blob/master/assignments/week11/B.N.%20Jones%20LFI%20week%2011.pdf
great work Bryan. love that you tried it over Tor as well as trying with Privacy Badger and Lightbeam. some thoughts…
I wonder how Freegal expects people under 13 to “not share any PII”? lol, I mean, what?
also, it’s so amazing that vendors don’t consider IP addresses or other identifying data to be PII – that’s madness (although fairly typical – none of these ones consider IP addresses PII).
I wonder how we can convince vendors that their definition of PII is woefully inadequate.
I spent some time looking over the Library Privacy Checklist for E-Book Lending and Digital Content Vendors and made a plan for how I will work through Priority 1 Actions at my library.
“As consideration for your use of the Baltimore County Public Library website, you agree to provide true and accurate information about yourself and to make certain the information that you provide is current, complete and promptly updated as necessary.” Could this be grounds for BCPL to not allow users accessing the website via Tor?
“…your substantive communications and materials transmitted to us, such as data, questions, comments or suggestions, are considered non-confidential and non-proprietary.” This is bad! If electronic only, this can still include emails, purchase requests, electronic reference questions, and more. I question this in the assignment but am having a lot of trouble understanding why it would be included.
re: deleting old accounts. do you think you could contact former students and ask them about account deletion before you do it? or make this into something at a policy level? eg “accounts unused after x amount of time will be deleted to protect your privacy”
Wowwww. It’s basically saying “just don’t use computers or the internet ever”.
Interesting. I guess technically this would mean that Tor was against the policy. But I wonder about such a policy more broadly. How can this possibly be enforced?
This is indeed very worrisome. This is the part of the policy I’d personally push back against the strongest. It goes against the ALA code of ethics. They might have this in here because they don’t want to act like they can guarantee privacy or anything, but saying explicitly that this information is essentially public is something else entirely!
Ah - I can contact students if they signed up for the accounts with their personal email addresses, but a lot of times, they use their school account, and then forget about it when they move on to bigger and better things. But I SHOULD try that first before I delete them, and yes… I think on that research guide about creating user accounts with our various platforms, I could have a policy level warning about untouched user accounts… Hmmm… Lots to think about!
looks great @clobdell. smart to put it through a reading level checker. despite my best efforts, I always get 10th or 11th grade on mine too. though occasionally I have been able to lower it a little by turning sentences into bullet points.