An Interpretation of the Library Bill of Rights
Privacy is essential to the exercise of free speech, free thought, and free association. The courts have established a First Amendment right to receive information in a publicly funded library.1 Further, the courts have upheld the right to privacy based on the Bill of Rights of the U.S. Constitution.2 Many states provide guarantees of privacy in their constitutions and statute law.3 Numerous decisions in case law have defined and extended rights to privacy.4
In a library (physical or virtual), the right to privacy is the right to open inquiry without having the subject of one’s interest examined or scrutinized by others. Confidentiality exists when a library is in possession of personally identifiable information about users and keeps that information private on their behalf.5 Confidentiality extends to “information sought or received and resources consulted, borrowed, acquired or transmitted” (ALA Code of Ethics), including, but not limited to: database search records, reference questions and interviews, circulation records, interlibrary loan records, information about materials downloaded or placed on “hold” or “reserve,” and other personally identifiable information about uses of library materials, programs, facilities, or services.
Protecting user privacy and confidentiality has long been an integral part of the mission of libraries. The ALA has affirmed a right to privacy since 1939.6 Existing ALA policies affirm that confidentiality is crucial to freedom of inquiry.7 Rights to privacy and confidentiality also are implicit in the Library Bill of Rights’ guarantee of free access to library resources for all users.8
Rights of Library Users
The Library Bill of Rights affirms the ethical imperative to provide unrestricted access to information and to guard against impediments to open inquiry. Article IV states: “Libraries should cooperate with all persons and groups concerned with resisting abridgement of free expression and free access to ideas.” When users recognize or fear that their privacy or confidentiality is compromised, true freedom of inquiry no longer exists.
In all areas of librarianship, best practice leaves the user in control of as many choices as possible. These include decisions about the selection of, access to, and use of information. Lack of privacy and confidentiality has a chilling effect on users’ choices. All users have a right to be free from any unreasonable intrusion into or surveillance of their lawful library use.
Users have the right to be informed what policies and procedures govern the amount and retention of personally identifiable information, why that information is necessary for the library, and what the user can do to maintain his or her privacy. Library users expect and in many places have a legal right to have their information protected and kept private and confidential by anyone with direct or indirect access to that information. In addition, Article V of the Library Bill of Rights states: “A person’s right to use a library should not be denied or abridged because of origin, age, background, or views.” This article precludes the use of profiling as a basis for any breach of privacy rights. Users have the right to use a library without any abridgement of privacy that may result from equating the subject of their inquiry with behavior.9
Responsibilities in Libraries
The library profession has a long-standing commitment to an ethic of facilitating, not monitoring, access to information. This commitment is implemented locally through the adoption of and adherence to library privacy policies that are consistent with applicable federal, state, and local law.
Everyone (paid or unpaid) who provides governance, administration or service in libraries has a responsibility to maintain an environment respectful and protective of the privacy of all users. Users have the responsibility to respect each others’ privacy.
For administrative purposes, librarians may establish appropriate time, place, and manner restrictions on the use of library resources.10 In keeping with this principle, the collection of personally identifiable information should only be a matter of routine or policy when necessary for the fulfillment of the mission of the library. Regardless of the technology used, everyone who collects or accesses personally identifiable information in any format has a legal and ethical obligation to protect confidentiality.
Libraries should not share personally identifiable user information with third parties or with vendors that provide resources and library services unless the library has obtained the permission of the user or has entered into a legal agreement with the vendor. Such agreements should stipulate that the library retains control of the information, that the information is confidential, and that it may not be used or shared except with the permission of the library.
Law enforcement agencies and officers may occasionally believe that library records contain information that would be helpful to the investigation of criminal activity. The American judicial system provides a mechanism for seeking release of such confidential records: a court order issued following a showing of good cause based on specific facts by a court of competent jurisdiction. Libraries should make such records available only in response to properly executed orders.
The American Library Association affirms that rights of privacy are necessary for intellectual freedom and are fundamental to the ethics and practice of librarianship.
1 Court opinions establishing a right to receive information in a public library include Board of Education. v. Pico, 457 U.S. 853 (1982); Kreimer v. Bureau of Police for the Town of Morristown, 958 F.2d 1242 (3d Cir. 1992); and Reno v. American Civil Liberties Union, 117 S.Ct. 2329, 138 L.Ed.2d 874 (1997).
2 See in particular the Fourth Amendment’s guarantee of “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures,” the Fifth Amendment’s guarantee against self-incrimination, and the Ninth Amendment’s guarantee that “[t]he enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.” This right is explicit in Article Twelve of the Universal Declaration of Human Rights: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.” See: http://www.un.org/Overview/rights.html. This right has further been explicitly codified as Article Seventeen of the International Covenant on Civil and Political Rights, a legally binding international human rights agreement ratified by the United States on June 8, 1992. See: http://www.unhchr.ch/html/menu3/b/a_ccpr.htm.
3 Ten state constitutions guarantee a right of privacy or bar unreasonable intrusions into citizens’ privacy. Forty-eight states protect the confidentiality of library users’ records by law, and the attorneys general in the remaining two states have issued opinions recognizing the privacy of users’ library records. See: State Privacy Laws.
4 Cases recognizing a right to privacy include: NAACP v. Alabama, 357 U.S. 449 (1958); Griswold v. Connecticut 381 U.S. 479 (1965); Katz v. United States, 389 U.S. 347 (1967); and Stanley v. Georgia, 394 U.S. 557 (1969). Congress recognized the right to privacy in the Privacy Act of 1974 and Amendments (5 USC Sec. 552a), which addresses the potential for government’s violation of privacy through its collection of personal information. The Privacy Act’s “Congressional Findings and Statement of Purpose” states in part: “the right to privacy is a personal and fundamental right protected by the Constitution of the United States.” See: http://caselaw.lp.findlaw.com/scripts/ts_search.pl?title=5&sec=552a.
5 The phrase “personally identifiable information” was established in ALA policy in 1991. See: “Policy Concerning Confidentiality of Personally Identifiable Information about Library Users.” Personally identifiable information can include many types of library records, including: information that the library requires an individual to provide in order to be eligible to use library services or borrow materials, information that identifies an individual as having requested or obtained specific materials or materials on a particular subject, and information that is provided by an individual to assist a library staff member to answer a specific question or provide information on a particular subject. Personally identifiable information does not include information that does not identify any individual and that is retained only for the purpose of studying or evaluating the use of a library and its materials and services. Personally identifiable information does include any data that can link choices of taste, interest, or research with a specific individual.
6 Article Eleven of the Code of Ethics for Librarians (1939) asserted that “It is the librarian’s obligation to treat as confidential any private information obtained through contact with library patrons.” See: Code of Ethics for Librarians (1939). Article Three of the 1995 Code states: “We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted.”
7 See these ALA Policies: “Access for Children and Young Adults to Nonprint Materials”; “Access to Library Resources and Services for Minors”; “Freedom to Read”; “Libraries: An American Value”; the newly revised “Library Principles for a Networked World”; “Policy Concerning Confidentiality of Personally Identifiable Information about Library Users”; “Policy on Confidentiality of Library Records”.
8 Adopted June 18, 1948; amended February 2, 1961, and January 23, 1980; inclusion of “age” reaffirmed January 23, 1996, by the ALA Council.
9 Existing ALA Policy asserts, in part, that: “The government’s interest in library use reflects a dangerous and fallacious equation of what a person reads with what that person believes or how that person is likely to behave. Such a presumption can and does threaten the freedom of access to information.” “Policy Concerning Confidentiality of Personally Identifiable Information about Library Users.”
Adopted June 19, 2002, by the ALA Council; amended on July 1, 2014.