Data protection in libraries

User data collected by libraries are not as harmless as may appear at first sight. Once the data are put together, they actually produce an extremely detailed personality profile. We have therefore published an article which sets out to explain exactly how such data can be published in a way that satisfies data protection requirements.

A few years ago, the library world reacted with alarm to a report from the USA. The FBI (Federal Bureau of Investigation), as part of its fight against terrorism, demanded that US libraries provide it with user data they held on file. By this time it had become clear that what were considered to be harmless data about loaned books and searches performed on library computers could under certain circumstances be stitched together to produce a detailed personality profile. We therefore decided to take a closer look at the way libraries handle users' personal data and, where appropriate, to ask for adjustments to make them data-protection compliant.

We took advantage of an invitation to attend a symposium organised by the Association of Swiss Law Libraries to analyse the different forms of data processing that are carried out in public libraries, and to draw up a report on rendering the processing of personal data compatible with data protection rules. The position set out in the report is intended to help libraries process the personal data they need to store in order to provide the services their users need, whilst at the same time avoiding any unnecessary accumulation of information which, when put together, could allow the creation of one of those controversial personality profiles. The focus here is on the master and borrower records, as well as on the traces left on computers with internet access that are made available for public use.

The master records must be limited to the data necessary for the lending service and should be deleted once the customer relationship has come to an end, or at the latest once the legally-required storage period has expired. The loan data must be deleted once the borrowed media has been returned. Even where libraries are part of an interconnected system, they must only have access to the data of users who have actually borrowed from that particular library.

In cases where customers are allowed access to a computer with an internet access, the system must be configured in such a way that user data are automatically deleted at the end of a session, and no data from previous users should be visible. We also recommend that no anonymous use of computers be permitted. For their own security, users should have to register in advance and their data should be stored for a six month period.
Further information on the processing of personal data by public libraries in a data protection compliant manner can be found in the article in question or on our website in German, French or Italian.