Personalization vs. Privacy

Keeping online visitors safe while meeting service needs

November 1, 2019

Dispatches, by Marshall Breeding

In ensuring user privacy, libraries that provide personalized online services often encounter tensions and contradictions. Tools and technologies that offer opportunities for better engagement do not always draw a clear boundary between privacy and personalization.

Commercial websites aim to capture as much personal data as possible. This data powers a global advertising ecosystem designed to strengthen retail sales through finely targeted ad placement. To manage websites and internet technologies in ways that reflect their values, libraries invariably must make difficult choices and compromises.

While they may not be able to entirely isolate their web-based services from commercial technologies, they can take measures to limit exposure and protect patron privacy.

HTTPS at a minimum

Libraries must ensure that their websites provide adequate privacy protection, particularly HTTPS protocol. Without this standard encryption, visitors are vulnerable to exposure. Even with HTTPS, tracking agents placed on the site for analytics or advertising—or added inadvertently as components of a desired feature—can circumvent basic protections.

Almost all libraries use Google Analytics to measure website usage, in which case their data is collected by Google’s servers. To help protect patron privacy, libraries can anonymize IP addresses before they are recorded. This essentially truncates the address so that it retains only some information about the user’s general location. IP address anonymization can be configured in the administrative console of Google Tag Manager or specified in the JavaScript code. Because Google Analytics is based in the advertising ecosystem, it warrants careful handling to ensure that its use remains consistent with library privacy policies.

Web browsers now routinely flag unencrypted library websites as insecure and untrustworthy. A substantial portion of libraries continue to operate unencrypted websites, while others fail to implement basic HTTPS. The widespread use of tracking agents without employing an anonymization process means that some libraries are putting their patrons at greater risk.

Libraries often borrow scripts or widgets from other libraries or commercial sources to achieve the desired visual effects or functionality. These components may in turn include tracking agents or other code that can have an impact on patron privacy. To mitigate these threats, library staff can use the Ghostery tool to confirm which tracking agents have been installed. An audit allows libraries to identify all tracking agents deployed and review them against their privacy policies.

There is no fast or easy way to encourage the deployment of properly secured HTTPS. Many libraries have made a slow transition from obsolete technology to more modern alternatives. The libraries that remain represent a long tail with sparse resources and low awareness about the technical issues involved.

Patron opt-in

To support user services, recommendations, and social-sharing features, many libraries collect personalized data with patron consent. Users can opt in to allow data retention on borrowed items or other interactions in order to receive personalized services. A library’s stated privacy policy can determine whether opt-in or opt-out options are set as a default. As libraries enhance their personalized services, they must consider both the benefits and the privacy risks.

In the future, privacy must be a key consideration in library website design to be consistent with libraries’ values and strategic objectives.


Choose Privacy Week is May 1–7, 2017.Illustration: Valery Brozhinsky/Adobe Stock

By the Numbers: Privacy

Stats on security and surveillance for Choose Privacy Week

Data Collection and Privacy

Balancing information needs with patron protection