Week 12: Vendor agreements and privacy policies

Hi all, here’s a thread for discussion from Erin’s lecture on Friday. I am planning to re-watch it today and get my thoughts together since I couldn’t see the slides. But her talk was great and it’s given me so much to think about already. Here are her slides: https://docs.google.com/presentation/d/11Iu4jLwpV4TlDqB7ROgF6zBxT9ZHkX00sdfO_s92Tqg/edit#slide=id.g35f391192_00

What thoughts do people have about Friday’s lecture?

1 Like

I thought it was really eye-opening! Since we are part of a part of a system, as part of a consortium, a lot of those decisions are made above my pay grade, but now I know what to look for and what to ask when I get the opportunities to be in on those conversations. It’s horrifying to me that companies would date mine our patrons! Our information and privacy should be sacrosanct.

That was an excellent lecture. I learned a lot from Erin and it made me think of a few things:

I wish there was an online parser that you could feed a privacy policy and and return it back into natural language.

I wonder if consortiums could pull more weight when negotiating privacy policies. CUNY has 20+ campus libraries and we have multi-million contracts with eResource vendors. Individual schools also have contracts, but I feel that “consortium” would have more power for more expensive resources.

We have to pay closer attention to our vendors’ privacy policies. I think the points about patrons assuming the library has vetted any resources we provide so they are “safe” and that really in a patron’s eyes any resource we provide is “the library” regardless of whether it technically comes from a vendor, are important to remember.

I was so disturbed by the Kanopy policy that I already reached out to our Tech Advisory Committee and admin detailing concerns about Kanopy’s privacy policy and suggesting we reconsider our subscription, so we’ll see if that goes anywhere…

The closest I know of are readability checkers like https://datayze.com/readability-analyzer.php which aren’t perfect but can at least give you an idea of how difficult your language is.

I think this has to be the case! Consortia spend so much money on e-resources. Vendors don’t want to lose those contracts.

I’ve been thinking a lot about this too, and our patrons aren’t wrong for thinking this. So now I’m wondering not just how we can demand better from our vendors, but how we can better communicate to our patrons about the whole ecosystem behind our e-resources.

1 Like

I wish there was an online parser that you could feed a privacy policy and and return it back into natural language.

This isn’t exactly the same thing, and it’s not perfect, but there is also that browser add on that Erin shared, Privacy Checker, that summarizes privacy policy issues for a site visually and with simple language.

This is what it looked like when I ran it for kanopy(if you hover on an icon it tells you what it means for example the red badge icon says, “sharing with law enforcement: they do not require a warrant/subpoena”):


oh I thought @jtidal was asking about writing the policies not reading them, but I re-reading his question, your response makes more sense than mine. :slight_smile:

1 Like


I am so glad that you were able to post the slides and I look forward to rewatching the video: Erin made so many excellent points about TOS. Before the lecture, I left a meeting with Librarians and we were discussing Lynda & the changes being made to its TOS. It was very surprising to hear librarians respond by saying that don’t feel like they/we have the power; everybody is violating privacy, so how is this any different; and, some floated the idea that patrons just don’t care.

During Friday’s lecture, what resonated with me the most was the point that Erin made about the public trust. Erin stated that it is fragile, foundational to our services, and once/if broken, libraries will not get it back, and then without trust, all is lost. Her statement that people do care, and are just coming to realize how much they do, was also particularly resonant.

I look forward to rewatching the presentation once its posted!

1 Like

it’s up in the lectures thread @apuglisi!

1 Like

My library is part of a consortium (Council of Chief Librarians/Community College League of California ) of California community colleges. There are 114 community colleges in California. There is a review and purchasing process which certainly gives some weight to members. Megan, who is part of cohort 1 in LFI, is working with the consortium and a group of librarians to add a section on privacy in the reviews. I think that this could certainly make vendors pay attention if they know that privacy is a part of the decision process for a consortium purchase, especially for such a large number of libraries. I certainly think that 20+ libraries could flex their muscle to get a better response on privacy issues.


you’re awesome!

when’s the next review period Michele? I’d love to hear how this develops.

the institutional dissembling on ethics continues

privacy haunts the library
a poltergeist with a long, lost password

a new portrait appears in our foyer
a sad masterpiece: it’s you walking away
and then to 42.301138, -71.035825

enjoy our new tools in your home home on the range or even on the go

we won’t be watching
but our friend likes to


Still, I think it’s important for libraries to craft readable policies, especially when it comes to privacy. We’ve been using the Hemingway App to re-write electronic resources descriptions to ensure that they’re accessible to our community.

1 Like

I think this is an excellent point, Junior. I also learned a lot from Erin’s lecture and felt that it was so important and so critical. My library is also involved in several consortiums-one of which I’ve been asked to chair a committee on privacy. This consortium primarily serves rural libraries, and many of which are public. Yet I think this would be a great test bed to determine how to work with the larger consortium that made up of academic libraries all over the state and we also have contracts with eResource vendors though it is not as large as the CUNY system. I think it’s important to begin the work within our state, but one question I have is, once we’ve done that, how do we (can we) start to form even larger coalitions around these issues? Is it being done?

1 Like

Yes, my heart stopped when I saw how bad Kanopy privacy policy is, but it is a great places to start making changes. And I love reading the New York Times, so Erin burst my bubble there too. :frowning:

This is key, isn’t it?

I do think library systems want to protect users rights but I don’t think enough of us have enough training to know how to do so. This especially true when it comes to databases and dealing with vendors. Many small libraries may not have the expertise on staff or the time and money to invest for someone to be especially trained in this area. Perhaps we can begin to advocate for each library system or at least on the state level have some one available in the area of privacy. We have had to get systems libraries as we put computers in our libraries…so now I think we can also have privacy librarians.

I also tried the privacycheck extension, but I felt like it was a little misleading. Like for amazon.com it told me that they weren’t using PII for marketing purposes…but that can’t be true, right?

They’re still in the process of working through how to integrate this into the review system. I imagine that this will be several months before it is implemented, but I’ll keep you updated for sure.

Electronic resources are reviewed throughout the year, but renewals happen in the fall and the spring.

1 Like