One of the things discussed in the NISO patron privacy conference calls has been the need for transparency with patrons about what information is being gathered about them and what is done with it. The recent announcement by Google of a "My Account" page and a privacy question/answer site got me thinking about what such a system might look like for libraries. Google and libraries are different in many ways, but one similarity we share is that people use both to find information. (This is not the only use of Google and libraries, but it is a primary use.) Might we be able to learn something about how Google puts users in control of their activity data? Even though our motivations and ethics are different, I think we can.
What the Google "My Account" page gives us
Last week I got an e-mail from Google that invited me to visit the new My Account page for "controls to protect and secure my Google account."
[caption id="attachment_25851" align="aligncenter" width="750"] Google's "My Account" home page[/caption]
I think the heart of the page is the "Security Checkup" tool and the "Privacy Checkup" tool. The "Privacy Checkup" link takes you through five steps:
[caption id="attachment_25849" align="alignright" width="250"] The five areas that Google offers when you run the "Privacy Checkup".[/caption]
- Google+ settings (including what information is shared in your public profile)
- Phone numbers (whether people can find you by your real life phone numbers)
- YouTube settings (default privacy settings for videos you upload and playlists you create)
- Account history (what of your activity with Google services is saved)
- Ads settings (what demographic information Google knows about you for tailoring ads)
These are broad brushes of control; the settings available here are pretty global. For instance, if you want to see your search history and what links you followed from the search pages, you would need to go to a separate page. In the "Privacy Checkup" the only option that is offered is whether or not your search history is saved. Still, for someone who wants to go with an "everything off" or "everything on" approach, the Privacy Checkup is a good way to do that.
Sidebar: I would also urge you to go through the "Security Checkup" as well. There you can change you password and account recovery options, see what other services have access to your Google account data, and make changes to account security settings.
The more in-depth settings can be reached by going to the "Personal Information and Privacy" page. This is a really long page, and you can see the full page content separately.
[caption id="attachment_25852" align="aligncenter" width="1273"] First part of the My Account "Personal Information and Privacy" page. The full screen capture is also available.[/caption]
There you can see individual searches and search results that you followed.
[caption id="attachment_25854" align="aligncenter" width="769"] My Account "Search and App Activity" page[/caption]
Same with activity on YouTube.
[caption id="attachment_25855" align="aligncenter" width="896"] My Account 'YouTube Activity' page[/caption]
Google clearly put some thought and engineering time into developing this. What would a library version of this look like?
Google's Privacy site
The second item in the Google announcement was its privacy site. There they cover these topics:
- What data does Google collect?
- What does Google do with the data it collects?
- Does Google sell my personal information?
- What tools do I have to control my Google experience?
- How does Google keep my information safe?
- What can I do to stay safe online?
Each has a brief answer that leads to more information and sometimes to an action page like updating your password to something more secure or setting search history preferences.
Does this apply to libraries?
It could. It is clearly easier for Google because they have control over all the web properties and can do a nice integration like what is on the My Account page. We will have a more difficult task because libraries use many service providers and there are not programming interfaces libraries can use to pull together all the privacy settings onto one page. There isn't even consistency of vocabulary or setting labels that service providers could use to build such a page for making choices. Coming to an agreement on:
- how service providers should be transparent on what is collected, and
- how patrons can opt-in to data collection for their own benefit, see what data has been collected, and selectively delete and/or download that activity
...would be a significant step forward. Hopefully that is the level of detail that the NISO Patron Privacy framework can describe.