Privacy When Accessing Library Contracted Third-Party Sites
Third-party sites and applications used in the library for ebooks, e-learning, or other library services have their own privacy policies that may not align with the library’s privacy goals or beliefs.
Key Topics
Privacy on third-party sites
Though libraries may partner with third parties like Overdrive and LinkedIn Learning, this does not mean that these third parties have the same privacy standards that libraries have. Therefore, it is important to ensure that patrons are aware that their privacy is not regarded the same between platforms.
Recommended Actions
Recommended Action: Explicitly state when a patron leaves the library website and goes to a third-party website. Communicate with patrons about the possible privacy risks when navigating to third-party sites.
Recommended Action: It is impractical for all staff to understand all of the privacy policies of the third parties associated with the library. However, if a library is thinking about adopting a third-party program/tool, they should engage in a vetting process before adding it. For guidance on how to do this, consult ALA’s guidance and the Library Freedom Vendor Privacy Audit. There are privacy policy ratings of popular vendors available, such as the Library Freedom Vendor Privacy Scorecard.
Examples of Library Policy
“When connecting to licensed databases and content providers outside the library, CCPL only releases information that authenticates users. Nevertheless, when accessing remote or third party vendor sites, there are limits to the privacy protection the library can provide.” –Cecil County Public Library (Maryland)
“In choosing sources to link to from its home pages, the Library follows its materials selection guidelines. Beyond this, the Library is not responsible for the content of the Internet, changes in content of the sources to which the Library home pages link, or for the content of sources accessed through secondary links.” –New York Public Library
“Boise Public Library works with 3rd party vendors to deliver online services, digital collections, streaming media content, and more. We strive to ensure the library’s contracts, licenses, and offsite computer service arrangements reflect our policies and legal obligations when it comes to customer privacy and confidentiality. For example, the library expects vendors to follow all privacy-related items in the vendor contract and licensing agreements; conform to library privacy policies; provide a product that complies with the Children’s Online Privacy Protection Act; and refrain from collecting or sharing information about customers other than what’s needed for delivery of the library services in question. Because third-party vendors operate with their own terms, there are limits to the privacy protection we can offer when you use their services.” –Boise Public Library (Idaho)
“San José Public Library licenses services and content from third-party vendors who have their own privacy policies and confidentiality practices. When you leave the library website, your interaction with these systems will be governed by their individual privacy policies.” [followed by a list of vendors with links to their privacy policies] –San Jose Public Library (California)
“Our Confidentiality and Privacy Policy may not extend to the services and content we offer through third party vendors, which range from digital collections to reference resources to some of our background systems. If you use library services provided through these companies, your interaction is subjected to the privacy policies and confidentiality practices of that specific vendor. Check their privacy statements to learn more about what data they store and how they use it.” [followed by a list of vendors with links to their privacy policies] –Iowa City Public Library (Iowa)
“Please exercise discretion when browsing the Internet. You should be aware that when you are on our website, you could be directed to other sites that are beyond our control. These other sites (‘External Sites’) may send their own ‘cookies’ to users, collect data, solicit personal information, or contain information that you may find inappropriate or offensive.” –Wayne Public Library (New Jersey)
“The Library’s web site contains links to other sites. BCLD is not responsible for the privacy practices of other sites, which may be different from the privacy practices described in this policy. We encourage you to become familiar with privacy practices of other sites you visit, including linked sites.” –Berthoud Community Library District (Colorado)