Evidence Summary
Third-Party Tracking in Online Public
Library Environments in the United States and Canada: A Statistical Analysis
A Review of:
Gardner, G. J. (2021). Aiding and abetting: Third-party tracking and
(in)secure connections in public libraries. The Serials Librarian, 81(1),
69–87. https://doi.org/10.1080/0361526X.2021.1943105
Reviewed by:
David Dettman
Associate Professor and
Library Instruction Program Coordinator
University of
Wisconsin-Stevens Point
Stevens Point, Wisconsin,
United States of America
Email: ddettman@uwsp.edu
Received: 6 Mar. 2023 Accepted: 20 Apr. 2023
2023 Dettman. This is an Open
Access article distributed under the terms of the Creative Commons‐Attribution‐Noncommercial‐Share Alike License 4.0
International (http://creativecommons.org/licenses/by-nc-sa/4.0/),
which permits unrestricted use, distribution, and reproduction in any medium,
provided the original work is properly attributed, not used for commercial
purposes, and, if transformed, the resulting work is redistributed under the
same or similar license to this one.
DOI: 10.18438/eblip30342
Abstract
Objective – To determine through statistical data
collection the frequency of tracking by third parties in online public library
environments along with the visibility and ease of discovery of online library
policies and disclosures related to third-party tracking in particular
and data privacy in general.
Design – Online evaluation of public library
websites.
Setting – English-language public libraries in the
United States and Canada.
Subjects – 178 public library websites (133 in the
United States and 45 in Canada). The libraries included in the study were
intentionally selected for their membership in either the Canadian Urban
Libraries Council (CULC) or the Urban Libraries Council (ULC) in the Unites
States, since these libraries have some of the largest systems membership
serving predominantly urban and suburban communities in both countries. The
included Canadian libraries serve nearly 41% of the population in that country
while the included libraries in the United States are positioned to serve 28%
percent of the total population. The author notes that “These percentage
figures serve as hypothetical, upper-bound estimates of the population affected
by third-party tracking since not every member of these communities actually
uses their local public library” (Gardner, 2021, p.72).
Methods – In addition to evaluating the public library
catalog and website in general with regards to third-party tracking and data
privacy, 10 common content sources (databases) available at all
of the included libraries were also included in the examination. Two
browser add-ons designed to detect third-party tracking, Ghostery
and Disconnect, were used in the study due to their popularity and
incorporation into previous similar studies. In addition to third-party
tracking the author executed word searches on library homepages using Ctrl-F
for words commonly used to denote privacy or terms of use statements. No
qualitative analysis was performed to determine if information shared regarding
third-party tracking was accurate, and subpages were not examined. The data
collection period lasted a total of three months beginning in March 2017 and
running through May 2017.
Main Results – The data gathered between March and May of
2017 clearly indicates a general disregard among most sampled public libraries
regarding the protection of patron data gathered by third-party tracking. Of
Canadian libraries included in the sample 89% (40) enabled third-party
tracking, while libraries in the United States allowed it at a rate of 87%
(116). Both Ghostery and Disconnect revealed an
almost identical number of incidences of third-party tracking in library
catalogs and in the 10 popular public library databases examined in the study.
Certain OPACS were associated with higher tracking counts as were certain
library databases. Libraries were found to be lax when it came to providing a
link on the homepage potentially informing users of the presence of third-party
tracking. Of the 156 total libraries with third-party tracking in their online
catalogs, 69 (44%) included a homepage link while the rest did not. The author
notes that the presence of a link was all that was examined, and not specific
language used to disclose the level of third-party tracking or data privacy. In
total, 8 of the 10 common content sources allowed third-party tracking. All 10
provided a link to either privacy or terms of service statements on their
landing pages.
Conclusion – Although patron privacy is an issue
addressed in the American Library Association (ALA) Code of Ethics (American
Library Association, 2021), the author concludes that “Together with previous
research on usage of privacy-enhancing tools in public libraries, these results
suggest that public libraries are accessories to third-party tracking on a
large scale” (Gardner, 2021, p.69).
Commentary
The introduction to the article references the
2019 report issued by a Civil Grand Jury in Santa Cruz County, California
castigating the Santa Cruz Public Libraries for neglecting to make users aware
of how personal data was being tracked by third-party software, along with
reprimanding them for not adhering to ALA best practices. They were also
reprimanded for entering into agreements with third parties that “raised
liability issues related to patron privacy – among other things” (Gardner,
2021, p.69).
The author asserts that although public
librarians often see themselves as the protectors of patron privacy, complex
challenges have presented themselves in an information age where online
environments become increasingly the place where information is disseminated.
Despite this cataclysmic change, the author notes that there are certain
measures that can be easily undertaken, for example, adopting HTTPS to take
advantage of built-in security instead of continuing to deliver websites and
catalogs to patrons over HTTP. The study revealed that 46.7% of Canadian
libraries in the sample and 66.9% of libraries in the United States did not
have HTTPS configured to run on either their homepage or their OPAC.
The author rightly asserts that “An
underappreciated aspect of recent development over the past decade or so is the
rise of e-scores. Indeed, they’ve been dubbed ‘the new face of predictive
analytics’ by the American Marketing Association” (Gardner, 2021, p.81). This
is truly a concern when we consider how patron-harvested data can be used to
determine not just consumer habits and personalized advertising content.
Harvested patron data can also be used for more sinister and nefarious purposes
when it is fed into algorithms used to reinforce and bolster systematic and
structural forms of racism and oppression.
The author concedes that the data from 2017 may
not accurately represent the current state of affairs.
They mention that the study was completed prior to the widespread adoption of
the European Union’s General Data Protection Regulation, which is making it
more commonplace for users on commercial websites (and library database
websites, in this reviewer’s experiences) to be presented with third-party
tracking details with Web cookie or other tracking notification. The author
also notes that when the data was gathered in 2017 the Let’s Encrypt
certificate authority had been released the previous year, and it is being
increasingly adopted by organizations of all kinds. This certificate provides
free TSL/SSL certificates that greatly increase measures to protect personal
data. This along with unprecedented high-profile incidences of the compromise
of personal data “have increased public and governmental awareness of website
security and privacy issues” (Gardner, 2021, p.83).
The quality of the study was appraised using
“The CAT: a generic critical appraisal tool,” created by Perryman and
Rathbun-Grubb (2014). Based on this analysis the quality of the study was found
to be high. According to their ORCID page the author is the Interim Associate
Dean of the University Library at California State University, Long Beach and
has published extensively around information-seeking behavior and use as it is
mediated through library systems. A useful literature review is included, and
the research question is clearly defined. The methods used in the research are
clearly communicated. There are also discussions about the limitations of the
study and the direction that further research might profitably take.
References
American Library Association. (2021, June 29). Code
of Ethics. https://www.ala.org/tools/ethics
Gardner, G. J. (2021). Aiding and abetting: Third-party
tracking and (in)secure connections in public libraries. The Serials
Librarian, 81(1), 69–87. https://doi.org/10.1080/0361526X.2021.1943105
Perryman, C., & Rathbun-Grubb, S. (2014).
The CAT: A generic critical appraisal tool. http://www.jotform.us/cp1757/TheCat