By: Guest Contributor Samantha Lee (posted June 4, 2019 with additional updates)
Crossposted from the OIF Blog
Libraries deal in providing resources to the public; books – yes, but also DVDs, computer/internet access, research help, 3D printers, early childhood literacy programming, cultural enrichment, technology training, meeting room spaces and many other resources too numerous to list. Many libraries provide online access to subscription databases to library cardholders, such as OverDrive/Libby and Hoopla – which provides eBook access to patrons from the comfort of their homes. LyndaLibrary from Lynda.com is another one of these subscription databases that offers technology training resources. It had been long cherished by patrons for offering cost-effective skills training by industry experts in an easy-to-use platform. Those libraries lucky enough to be able to afford and provide LyndaLibrary to their patrons had many praises for the subscription database and platform.
In 2015, Lynda.com was acquired by LinkedIn, the professional networking site used by job-seekers and employers, and has since been rebranded as LinkedIn Learning. Recently, an email from a local librarian to the Connecticut library listserv alerted the community to a problematic platform update to LyndaLibrary/LinkedIn Learning. Library users would be required to create a LinkedIn account to use the LyndaLibrary technology learning resources. That librarian expressed concerns about patron privacy on LinkedIn. Other librarians consulted their account representatives and when pushed on the patron privacy concerns, they failed to adequately address the privacy concerns. As a result, a few libraries have reported that they would not be renewing their contracts with LyndaLibrary/LinkedIn Learning.
From the Library Bill of Rights (adopted January 29, 2019), Article VII:
All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information.
Further clarification is provided by ALA Questions and Answers on Privacy and Confidentiality’s answer to question 22:
Does the library’s responsibility for user privacy and confidentiality extend to licenses and agreements with outside vendors and contractors?
Most libraries conduct business with a variety of vendors in order to provide access to electronic resources, to acquire and run their automated systems, and in some instances, to offer remote storage (e.g. “cloud computing) or to enable access to the Internet. Libraries need to ensure that contracts and licenses reflect their policies and legal obligations concerning user privacy and confidentiality. Whenever a third party has access to personally identifiable information (PII), the agreements need to address appropriate restrictions on the use, aggregation, dissemination, and sale of that information, particularly information about minors. In circumstances in which there is a risk that PII may be disclosed, the library should warn its users.
LyndaLibrary had access to library card numbers for verification purposes. With the proposed change to require patrons to get LinkedIn accounts to access the Lynda resources, LinkedIn Learning would have access to more personally identifiable information than they would have as LyndaLibrary. To get a LinkedIn account, patrons would need to provide an email address and their first and last names. This is more PII than other library e-content vendors would require (OverDrive requires library card numbers only, Hoopla requires a library card and email). After a user creates an account, they are prompted to then add employment history and import their email contacts – under the presumption to help users expand their professional network. So LinkedIn would not only have patron information, but also information for others who did not agree to use its platform. The same patrons who are turning to LyndaLibrary to improve their technology skills are also the same patrons who may not know to protect their PII or practice good digital hygiene. LinkedIn is strategically taking advantage of technology novices all the while fleecing money from limited library budgets.
Perhaps LinkedIn Learning was not aware of their responsibility to user privacy and confidentiality as an outside vendor to libraries. Even so, if libraries’ policy obligations of are not enough to encourage LinkedIn Learning to change their account requirement for library users, then perhaps the legal obligations would. Connecticut’s General Statutes, Chapter 190 Public Libraries, Section 11-25 (b) dictates:
Notwithstanding section 1-210, records maintained by libraries that can be used to identify any library user, or link any user to a library transaction, regardless of format, shall be kept confidential, except that the records may be disclosed to officers, employees and agents of the library, as necessary for operation of the library.
1.3 Service Use
We log usage data when you visit or otherwise use our Services, including our sites, app and platform technology (e.g., our off-site plugins), such as when you view or click on content (e.g., learning video) or ads (on or off our sites and apps), perform a search, install or update one of our mobile apps, share articles or apply for jobs. We use log-ins, cookies, device information and internet protocol (“IP”) addresses to identify you and log your use.
4.1 Data Retention
We retain your personal data while your account is in existence or as needed to provide you Services. This includes data you or others provided to us and data generated or inferred from your use of our Services. Even if you only use our Services when looking for a new job every few years, we will retain your information and keep your profile open until you decide to close your account. In some cases we choose to retain certain information (e.g., visits to sites carrying our “share with LinkedIn” or “apply with LinkedIn” plugins without clicking on the plugin) in a depersonalized or aggregated form.
The information collected by LinkedIn includes, “IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier… data about your location” (1.5 Your Device and Location). Later, LinkedIn says, “We will share your personal data with our affiliates” (3.4 Related Services) and “We can also share your personal data as part of a sale, merger or change in control, or in preparation for any of these events” (3.7 Change in Control or Sale). In the User Agreement, Section 3.1 Your License to LinkedIn:
… you are only granting LinkedIn and our affiliates the following non-exclusive license:
A worldwide, transferable and sublicensable right to use, copy, modify, distribute, publish, and process, information and content that you provide through our Services and the services of others, without any further consent, notice and/or compensation to you or others.
This would run counter to the Guidelines above, “agreements between libraries and vendors should also specify that libraries retain ownership of all data and that the vendor agrees to observe the library’s privacy policies and data retention and security policies.” LyndaLibrary/LinkedIn Learning has decided that they are more qualified to handle library patron data outside of our libraries by requiring patrons get LinkedIn accounts and retaining patron information.
In dealing with the limited budgets, libraries are task with the challenge of providing the best resources to serve the community. They are entrusted to use their budgets wisely for the intellectual and recreational enrichment of their communities. It seems that LyndaLibrary/LinkedIn Learning is milking libraries’ tax dollars and forcing patrons to join a social media platform with complete disregard to privacy concerns.
I encourage all libraries to push their LyndaLibrary/LinkedIn Learning representatives on these privacy concerns as laid out above. Our professional ethics requires us to do this hard and daunting work to protect patron privacy and to hold our e-content vendors responsible. If LinkedIn Learning cannot take our profession’s concerns seriously – while marketing their product to us almost exclusively, then we can take our business elsewhere. Maybe then they will be willing to adopt the changes we require to protect patron privacy.
Since publication of the blog post – LinkedIn Learning has provided more information about the account requirements for LinkedIn Learning for Libraries (the Lynda.com replacement). Patrons will need to provide an email address, password, first and last names, their library card, and pin to access LinkedIn Learning for Libraries. This would create a publicly searchable profile. Patrons then have the option to opt into an “obscure” profile within the convoluted privacy settings. An obscure profile will initialize the last name and turn off discoverability of the profile on search engines. Our professional ethics have always been grounded in privacy and confidentiality for patrons – we protect first and then let patrons decide what to share. For a library vendor to create a platform that would automatically compromise a patron’s privacy by creating a publicly searchable profile is reprehensible.
Furthermore, after creating a LinkedIn account, patrons will then receive new member welcome emails that “educates new members on how to get the most value out of LinkedIn.” Those emails would encourage patrons to provide more information to LinkedIn to “complete” their profiles; such as employment history, education, access to their contacts list, and profile photo. The additional information is non-essential to the education and instruction of a patron or functionality and operation of the site. The additional information, instead, is a data gold mine of information with which to create targeted advertising.
LinkedIn has been very careful to tell librarians that users will not see advertising on LinkedIn Learning. However, with the creation of a public profile, systematic social engineering to gather more information about users, coupled with the concerning language in their policies – it’s become obvious that LinkedIn isn’t concerned with patron privacy the same way our code of ethics requires of us.
LinkedIn claimed that the migration from LyndaLibrary to LinkedIn Learning for Libraries was necessitated by fraudulent library accounts created to access Lynda. The most cost-effective way to protect their content was to build a platform off the existing infrastructure of LinkedIn. This includes the use artificial intelligence technology that would verify “real” library users of LinkedIn Learning from the fake ones. LinkedIn presumes to supersede a library’s authority to authenticate patrons – a gross overstep.
Samantha Lee is the Intellectual Freedom Committee Chair of the Connecticut Library Association and Head of Reference Services at the Enfield Public Library. She is committed to protecting intellectual freedom and patron privacy, and helping patrons improve their techno-literacies. She is especially proud of her “Radical Militant Librarian” button and is fond of cookbooks, baked goods and micro-histories.