Online First

Librarians deal with library user personal information and must be well aware of possible situations where users’ privacy may be infringed upon. Moreover, it seems obvious that librarians would be able to identify and take proper measures against personal information infringement only when they are well aware of the concepts of personal information and privacy.

In this context, under the belief that privacy is a right not to have any contact with anyone if the user wants, Shils (1960) defined privacy as a ‘zero relationship’ between more than 2 persons ‘with no communication or interaction once they make a choice’ for that privacy.

Second, in the respect that privacy is self‐determination of information, controlling and managing one’s own information, Garoogian (1991) said that privacy is the ability to control and protect from others his or her thoughts, emotions, beliefs, fears, plans, or fantasies and other similar things, and the ability to determine whether he or she will share them with others or not.

Third, from a perspective that library privacy is the right to seek intellectual freedom without anyone’s disturbance or supervision, Blitz (2006) said that the value of library users’ privacy is ‘the right to receive information’ and the right to use it confidentially. He also insisted that the library must provide a place to find peace for independent exploration. In the same context, the ALA defines a person’s privacy right in libraries as the right to make inquiries on interested topics without monitoring or surveillance from others (ALA, 2002). Caldwell‐Stone (2008), who noted that librarians first began to protect library users’ privacy rights in 1939, insisted that it is indispensable for a sound democratic society that, in this global culture where information becomes a power, library users’ can resolve their curiosity and that their desire to read and learn is protected. He also emphasized that it has become part of the mission of professionals in the ALA and libraries to secure the rights and confidentiality of library users.

In other words, librarians have advocated for the privacy rights of library users since 1939, and they said that ‘Privacy for All: Rallying Americans to Defend Our Freedoms,’ the new initiative of the ALA in preparation for the digital era, would be a tool and strategy for librarians to lead the community in terms of the significance of privacy rights in protecting individuals and democracy in the 21st century.

Some studies examine how librarians and users think about the privacy of library users and the present status of privacy protection.

According to the results of those studies, Korean librarians’ awareness of privacy protection was not consistent (Kim, 1994), most likely because the overall society’s awareness of personal information and privacy infringement was lacking at that time.

Meanwhile, Fifarek (2002), a librarian at LSU (Louisiana State University), a system professional librarian, and a network expert, dealt with privacy problems from the perspective of information technology. She insisted that, as new information technologies had been consistently introduced in university libraries, privacy problems arose. She also examined the examples of ‘failure of privacy’, discussed clear or unclear aspects of relevant laws, and suggested checklists to protect user privacy.

In her study on ethics of librarians and people engaged in information services, Kang (2003) discovered that, while most of them were aware that personal information or book‐borrowing records of users are important, few libraries had regulations or policies for protecting them. In addition, she insisted that it was more likely that the users’ privacy might be infringed by external censorship and the rate of library use would decrease if the privacy protection of library users was ignored. Moreover, research on user awareness of privacy and library records was also conducted by Lee (2006), and she concluded that personal information usage might be allowed to some degree if the library records were kept confidential.

Adams (2002) suggested examples of privacy problems relating to children and teenagers with which people in charge of youth services and school media experts (school librarians) were confronted, and provided a review on state laws and federal laws influencing privacy. Based on this study, he suggested that privacy education had to be provided to all students and library staff. According to this study, students’ library records were not to be disclosed in accordance with the laws of Wisconsin, and parents or library staff were prohibited from accessing student book borrowing records without the student’s consent. However, he insisted that some efforts had to be put in place to decide whether parents might have access to student search records, particularly in cases of troubling subject matters such as suicide.

One study (Lim, 2010) researched study cubicle preference in libraries by analyzing the degree of visual privacy. Assuming that users would prefer to choose a cubicle with higher visual privacy when studying in public cubicles in college libraries, she analyzed the relationship between the degree of visual privacy and seat preference for each seat.

Another study conducted surveys on the library software management companies, librarians, and library users in terms of digital library records and privacy (Sturges et al., 2003). This study discovered that there were significant differences between the users’ expectations and librarians’ actual readiness for protecting privacy in terms of library records. These results indicatea large difference among the perspectives of each social group in terms of privacy.

According to the results of research on library privacy awareness, the librarians and users were not well aware of library privacy. The degree of librarian preparation for privacy problems was low, and the provisions of library‐related laws and regulations were still not sufficient to address users’ privacy. Thus, those studies imply that, in order to improve the awareness of librarians and users in terms of library user privacy and raise the degree of librarian preparation, efforts to educate them must be actively conducted and related laws must be improved.

Customized service, location‐based service, and book recommendation service based on the book borrowing records of users may be helpful to improve the image of libraries because those services may increase user convenience. However, those services may also infringe on library user privacy (Bowers, 2008) and all the information sources used by users, websites visited by users, and persons exchanging email, messages, and chatting with them could be traced and documented (Shuler, 2004). Thus, it is likely that library records may not only be effectively utilized for providing user‐based services but also seriously infringe on user privacy.

Privacy protection in libraries is complicated by the legal and ethical issues of technology development in the digital era. Balas (2001) pointed out that librarians were confronted with the issues of: demands for filtered internet access, copyright‐related problems, and legal disputes raised due to file‐sharing services. Both filtering and copyright issues have extreme influence on libraries and librarians and contribute to the serious problem of privacy issues in the digital era. Johnston (2000) also pointed out that libraries accumulate book‐borrowing information, online search records, internet use data, and electronic reference records, and that those records were collected continuously, often without the knowledge of librarians. This data, in turn, might be leaked to federal agencies.

Butters (2007) examined the risk of RFID (Radio Frequency Identification) in libraries and reviewed current standards of RFID from the perspective of privacy in order to suggest technical possibilities for reducing that risk in reality. As a result, he discovered that the standard of RFID as of that time could not provide a safe system platform, and there were several weak points allowing privacy infringing activities and digital negotiation activities.

Klinefelter (2007) said that library services became more sophisticated thanks to information technology development and user‐based services, provided by tracing users’ reading habits and research tendencies. The libraries provided very convenient services such as providing new information in users’ fields of interest, providing information about newly acquired content related to users’ history, and e‐mails and other messages informing users of book due dates. However, in order to receive these convenient services, the users had to give up anonymity and even their right to control their own information themselves. Klinefelter focuses on dealing with library privacy and its value, construction of laws related to library privacy, and examples of privacy infringement which may occur in libraries. Zimerman (2009) even said that information technology development has reduced the level of privacy in the USA by several degrees. He discovered where and how privacy problems arise during the course of ordinary life, giving concrete examples. In particular, he pointed out that the issues related to vendors and hackers accessing and using collected personal information are complicated and growing. Xiaozhao and Jianhai (2009) discussed various types of user privacy issues arising in the Second Life Library (SSL), i.e. privacy policy of SSL, technology for privacy improvement, protection of avatar privacy, ethical user self‐regulation, education for librarians, and appropriateness between privacy and trust.

Meanwhile, the policy of ‘Self‐Service Holds’ which has been frequently introduced may seriously infringe on user privacy (Bowers, 2008). Libraries are becoming increasingly self‐service, with users able to find and check out their requested materials themselves without interacting with library staff. This system has undoubtedly solved many problems such as lack of space and finances as well as increasing staff and user convenience. However, Bowers argued that this convenient system may infringe on privacy, when, perhaps, other curious users or government agencies can easily access the request bookshelf, and therefore user reading tastes or interests can no longer be protected.

Likewise, this shows that, in the interest of optimized service, libraries record all the details of user activity in the library and provide customized services based on that information, which can cause problems such as loss of users’ right to control their own personal information and exposure to hacking.

Many studies argue that codified policies are absolutely essential to effectively protect the privacy of library users. Falk (2004) observed that many libraries have codified policies referring to user privacy, and a statement of willingness to protect privacy is very important as part of the code of conduct for library staff. However, he also argues that, in libraries providing internet access to users, maintaining computer‐based records, and using technology for tracing library resource usage, the provisions or regulations describing the statement of willingness to protect users from personal information infringement are not yet enough. He also pointed out several privacy problems which may occur in libraries. First, he noted the possibility of privacy infringement due to open the display screens of library computers. The library can legally restrict users from pornographic sites by using site prevention programs or filters. However, these filtering devices are often imperfect and can be triggered by completely legal research such as a user inquiring about diseases of certain body parts. Even in the case of website data accumulation instead of outright website filtering, can a user comfortably conduct his or her research on issues related to the Arab world or other topics of a potentially volatile nature, if his or her screen is monitored? Second, Falk recommends the use of devices for private display screens, i.e. head mounted displays and ‘lightweight hinged hoods’. Besides this, his study deals in depth with the possibility of privacy infringement due to RFID use, privacy of the disabled, and political and legal infringement.

Many studies suggest that it is necessary to review whether policies have been framed well or not, and Enright (2001) suggested detailed checklists on privacy policies. In particular, he emphasized that privacy policies must be established and arranged consistent with other legal or regulatory restrictions.

Sturges (2002) also suggested checklists on privacy policies, and specifically that it is necessary to examine: 1) whether the privacy policy is ethical, lawful, and realistic, 2) whether that policy represents public interests, and 3) whether it represents the interest of the parties most concerned. Other reference articles for developing guidelines include: Swan (1983) “Public Records and Library Privacy”, Coombs (2005) “Protecting USER PRIVACY in the Age of DIGITAL LIBRARIES”, and Coombs (2004) “Walking a Tightrope: Academic Libraries and Privacy.”

In his research advocating the need to establish library policy for personal information protection from an ethical standpoint, Tripathi (2010) argued that ethics are essential in all occupational areas. In particular, he focused on how morals and laws have changed as the legal and social environment changed. Protecting library book borrowing records and confidential user information has been discussed from an ethical standpoint by Kim (1994), Shon (1996), Kim and Nahm (2004), and Kang (2003). In her research on the sense of morality of librarians and persons engaged in information services, Kang (2003) discovered that, while most of them are aware of the need to protect user personal or book borrowing records, few libraries have regulations or policies for protecting that information in reality. She also insists that if libraries ignore privacy protection, it will lower the rate of library usage.

Sturges, Teng, and Iliffe (2001) assert that, when digital resources and systems became more important to libraries, the issue of users’ privacy started to be considered significant, and users and professionals became more concerned about privacy thanks to many examples of privacy infringement. Thus, the Legal and Policy Research Group of Loughborough University monitored user privacy problems in the environments of digital libraries and developed privacy guidelines for information experts.

Jones (2010) refers to several obstacles libraries face when advocating privacy protection in a technological environment. First, online spaces often represent totally different legal or systematic environments. Second, different levels of nation‐wide technology development create difficulties for broad guidelines. Third, different cultural interpretations of the meaning of privacy hamper global efforts. Lastly, the conflict between transparency and the priority and value of privacy rages on. He also suggests several recommendations to resolve these problems.

Among domestic researchers, some scholar shave examined the present status of protection of library user personal information and advocated the need to establish personal information protection policies. Kim (2006) suggested requisites necessary for a policy of privacy protection by identifying privacy protection policies and their present status at domestic and overseas libraries. He suggested several aspects that need to be taken into account when developing a privacy protection policy at a college library, including: management of users’ rights and privacy, records of using library resources and facilities, web services, computer usage, security of third parties, reverse surveillance, and practical measures and management systems. Lee (2005) argued that, in order to strengthen information protection in public libraries, it would be ideal to integrate those computing tasks with the local government structure as a whole by operating local data‐processing centers so that libraries can have access to network management and digital maintenance without taking on the work load involved themselves.

Moreover, he argued that technical security measures, including the installation of security patches and the instant deletion of unnecessary accounts, must be put in place for information protection at public libraries. In terms of management, he also recommended that libraries need to: establish privacy protection guidelines, limit who can access information to prevent physical leakage, insert provisions for confidentiality and privacy protection in the library regulations, establish ethical guidelines to prevent thoughtless collection of information and upload those guidelines to the library website, and designate staff responsible for and in charge of privacy and information protection.

Park (2009) suggested privacy protection guidelines on collection, use, service provision, maintenance, and discarding personal information in order to strengthen the privacy protection of public library users. Based on an investigation of examples of domestic privacy infringement, he set up privacy protection guidelines for public libraries and verified them by conducting interviews with staff in charge of personal information at public libraries or those used to dealing with that information. Based on those interviews, he suggested privacy protection guidelines to be referred to by public libraries.

While the number of previous studies on customized user‐based services and privacy problems is relatively large, I would like to examine those that focus on topics related to this paper in terms of those most useful to library professionals and library and information science society.

Advances in information technology have varied the demands of users for websites and customized services. However, these new services also cause alarm about privacy infringement because technologies for identifying users’ profiles must be used in order to realize such personalized services. Lee, Choi, and Chio (2007) researched how concern about personal privacy infringement influences the acceptability of receiving advantages through personalized services. First, they selected representatives of the six types of services of e‐commerce sites among various personalized services and determined what personal information needed to be provided for each service. Second, they examined the usefulness of services as perceived by the users for each type of service and the degree of concern about privacy infringement in order to determine whether there is correlation between them, i.e., whether those users would accept those services consequently. The researchers found that the degree of privacy concern has a negative effect on the acceptability of services, and service usefulness has positive effects on service acceptability. This shows that there is an offsetting phenomenon between those two variables.

In addition, those researchers discovered that the roles of those two variables change depending upon the types of service and the required personal information. Thus, the researchers argue that e‐commerce sites must collect personal information and provide services to the extent that they do not infringe on personal privacy based on the type site. Likewise, a number of researchers have conducted studies focused on the balance between personalization and privacy that argue that this balance is essential (Piterson, Ebbers, & Dijk, 2007) and experimentally verify balance relations through research on the personalization privacy paradox (Awad & Krishnan, 2006).

In their paper on user information access control for personalized services, Ahn and Kim (2008) said that keeping data analyzing personal behaviors in order to provide personalized services may cause privacy infringement problems. They also suggested a system, as a way of solving these problems, under which users enter into some form of relationship with other users (“friend”) before sharing information with each other so that the interaction among users is still available. However, mutual trust is a prerequisite for allowing a user to access the information of other users, and there are many variables in that trust. Moreover, even though a systematic module controlling unlawful access has been developed, there are still limitations. Similar problems exist in the environment of cloud computing service, and it is necessary to examine the service environment from the perspective of privacy protection (Kim et al., 2011).

Other studies suggest ways of solving the privacy problems arising in the course of providing location‐based services. Jeong and Park (2011) argue that, while various forms of location‐based services appeared for the first time due to the prevalence of smart phones, privacy problems have already been noted due to the exposure of individuals’ location information.

Those researchers suggest a privacy protection framework to be set up for using location‐based services in environments where smart phone use is prevalent. However, it is still doubtful that those frameworks will provide proper privacy protection in situations where present location‐based services directly connect with service providers through app stores and market places and the number of users has also rapidly increased. This situation differs from the past environment when those services were provided under the control of telecommunication companies.

In their research on the use of context information, Lee and Kwon (2009) said that most context aware services are not widely used and the number one reason for that is users’ privacy concerns. They developed an approach to anticipate the degree of users’ privacy concerns about certain services and, in order to verify the appropriateness and feasibility of the methodology, compared that degree of privacy concern (predicted by the data on context awareness and collected social psychology models of privacy concern) to the degree of privacy concern actually examined with statistical methods. Similarly, a number of studies measure predicted privacy concern (Phelps, D’Souza, & Nowak, 2001; Stewart & Segars, 2002; Dinev & Hart, 2006; Slyke et al., 2006). Lee (2012) conducted a study on the applicability of context awareness services to libraries. She introduced the concepts of context awareness computing and examined various examples, surveyed the awareness and demands of users on context awareness computing service, and suggested user‐centered library information service.

Meanwhile, research related to the technology of data encryption for protecting sensitive personal information has been conducted (Noh et al., 2009). These researchers pointed out that, while it is necessary to have an efficient method available for searching coded data without a decoding process, encryption techniques which have been suggested and are available currently are not suitable for dynamic users who have the right to access and share the coded data. They also suggested a keyword search method available to access control for protecting privacy which can solve these problems.

Park and Lee (2008) have written one of the most important papers on personal information in library and information science society. My search and analysis of related literature published between 2000 and 2004 show that academic awareness of personal information in conducting knowledge management was very low during that time. In other words, the number of studies conducted then was very small and a deep approach to personal information was not made. The few papers that do exist observe that scholars have little awareness of privacy issues of that these problems exist, let alone ways to solve them. My examination on the papers of domestic library and information science society shows that there has been almost no research here in Korea dealing with the issue of libraries and privacy. The biggest domestic issue related to library privacy was the complaint in 2004 on the possibility of privacy infringement in cases of CCTV installment in libraries and various library automation equipment into which resident registration numbers had to be entered as well as the correction order of 2005 of the National Human Rights Commission of Korea.

On the other hand, in other countries, examples of library privacy have been seriously discussed by libraries and there have been many efforts by researchers and institutions including the ALA to suggest ways of solving these problems (Noh, 2012).

According to Article 1(1) of the Act (partially revised by public law No.11990 on August 6, 2013), the term “personal information” means information that pertains to a living person, including the full name, resident registration number, image, etc., by which the individual in question can be identified, (including information by which the individual in question cannot be identified but can be identified through simple combination with other information). Likewise, in Article 2(6) of the Act on Promotion of Information and Communications Network Utilization and Information Protection, the term “personal information” means the information pertaining to a living individual which can identify a specific person with a name, a national identification number, or similar in the form of code, letter, voice, sound, image, or any other form (including information that does not, by itself, make it possible to identify a specific person but that enables identifying such person easily if combined with other information).

Accordingly, the IP addresses and cookies collected by internet service providers are not personal information themselves but are information identifying certain individuals through being easily combined with other information. Also, we can see that even internet portal companies define ‘IP address, cookies, date of visit, and service use record’ as personal information and privacy problems may occur if that personal information is used without the consent of the individual concerned (Ahn & Kim, 2008).

Article 2(2) of the Act on the Protection of Personal Information Maintained by Public Institutions says that ‘personal information is the information that pertains to a living person, including the full name, resident registration number etc., by which the individual in question can be identified, (including information by which the individual in question cannot be identified but can be identified through simple combination with other information)’. Article 2(13) of the Digital Signature Act similarly defines personal information.

OECD (Organisation for Economic Co‐operation and Development) guidelines define personal information as ‘all the information of individuals which have been identified or can be identifiable’ (OECD, 2001) and the privacy protection guidelines of the EU define personal data as ‘the information related to identification of a natural person who has been identified or can be identifiable. Person to be identified is the person who can be identifiable by referencing one or more than one elements regarding ID number or physical, physiological, psychological, economic, cultural or social identity, direct or indirect’ (Park, 2001). In addition, in the guidelines of the ALA, privacy is defined as a right which is indispensable for realizing freedom of press, freedom of thoughts, and freedom of assembly, and privacy in libraries as a right under which the library users’ interested topics cannot be censored or examined by another person. In light of these definitions, it can be said that personal information is all the information identifying individuals.

Privacy concerns have a long history as legal or political issues, and, since the concept appeared, it has been deeply discussed (Brunk, 2001). Privacy is a right under which private life or private matters of family of an individual must not be interfered with and the term privacy may be used interchangeably with “private life” (Korean language dictionary, Naver).

While the term of privacy is defined in “Privacy International” or “Article 12 of Universal Declaration of Human Rights” (General Assembly resolution 217 A (III) 1948), those definitions are not enough (Tripathi & Tripathi, 2010). Privacy is a difficult notion to define because it may vary depending on social and national situations (McMenemy, Poulter, & Burton, 2007) and the opinions of individuals. Thus, privacy must be considered as a freedom of individuals to determine the extent that other people can interfere in their own private life (Tripathi & Tripathi, 2010). This freedom of individuals must be protected against power or wealth and is a human right to be protected by the Constitution.

The definition of privacy referred to most is that of Warren and Brandeis (1890), which is the ‘right to be left alone’. They noted that the principle of privacy can be summarized as a protection of personality to be secured in a safe place where that personality cannot be harmed. Meanwhile, in the Encyclopedia of Library and Information Science (Bates & Maack, 2009), privacy is defined as a right under which any information of personal life and professional life cannot be exposed to government agencies or commercial institutions and, in particular, the right to be free from surveillance to the extent it is authorized by laws. The ALA (2012) defines privacy in libraries as ‘the right under which topics and user’s interests cannot be investigated or monitored by others’.

The situations where privacy can be infringed are: when internet service providers collect and use various personal information of internet users; when that information is not collected or used in a lawful manner; or the government or law enforcement agencies acquire that information by searching and seizing (Huh, 2009). Besides those, there have been a number of cases of privacy infringement utilizing collected personal information, and the most controversial issue is that any personal information collected can be exposed to such risk even though that information has been legally obtained. Cases showing this trend include: 1) how frequently Google has provided personal information to the US government (Hopkins, 2010), 2) instances of infringement of personal life by employees of Google through utilizing that information (Chen, 2010), and 3) Google being hacked (Zetter, 2010).

Some scholars believe that the reason why privacy infringement problems have recently become more serious is because the scope of data subject to information protection has been extended and the right to control personal information has been too widely given (Kim & Hong, 2008). Gavison (1980) argued that the first condition to privacy protection is that an individual is able to control the information of himself/herself. In other words, the individual can control the scope, management method, and access time of information. The second condition to privacy protection is an exclusive approach to individuals, i.e, the condition where others are completely prohibited from access to any information of individuals, and this can be acquired by the concepts of confidentiality, anonymity, and isolation (Gavison, 1980).

In summary, privacy is related to personal life or private matters of individuals, and everyone has a privacy right to make inquiries while not being investigated or monitored (ALA, 2012). Privacy rights are enshrined in many laws worldwide in many different cultures, showing that these rights are a basic part of human dignity that we, as people, have come to expect from one another in a fair and compassionate society.

In addition, there is a right to private life as a more comprehensive concept, defined as ‘a right to secure private areas without the interference of others’ (Hahn, 2002). Moreover, the concept of the right to control self‐information means ‘a right to determine or control automatically the flow of information about himself/herself’ (Kwon, 2005). In other words, the right to control self‐information means that: prior to providing information, an individual is clearly aware of who would collect or use it, for what purpose. The individual can access or correct his or her information at any time, and, if the individual does not want to make his or her information available to use, that individual can either cancel consent to the use of information or request for it to be discarded (Korea Information Security Agency of the Ministry of Public Administration and Security, 2008).

Clarke (1996) typified four different kinds of privacy, as follows:

• § Privacy of a person, which deals with the completeness of body;
• § Privacy of personal behavior, which is related to sensitive aspects of personal behaviors;
• § Privacy of personal communications, which means a right to communicate by using various media without being monitored by others; and
• § Privacy of personal data, which is the right of an individual to determine whether to allow other individuals or organizations to use his or her information or whether to control the use of his or her data.

In sum, privacy, as a human right described in the Constitution, may be defined as a freedom of individuals to determine the extent they are willing to share their intellectual, social, and cultural life with others. This right may also be defined as a freedom of individuals to determine the extent other people can interfere in their private lives. Privacy in libraries means the users’ right to enjoy their intellectual freedom so that the topics they are interested in cannot be investigated or monitored by other people or institutions.

“Filter bubble” means different search results are displayed depending on who is doing the internet search. Those search results may vary depending on many personal aspects of the internet search user and the history of documents clicked by them. Thus, in terms of the same keyword ‘Egypt’, a person might get lists of sites on ‘riots in Egypt’ as his or her search result, while another person might get ‘travel information on Egypt’ (Pariser, 2011).

For a representative instance of collecting personal information based on users’ internet activities on Google: first, Google ranks priority information of webpages based on identification of the linking structure of the web by using algorithms of Page Rank, and this utilizes user web history. Second, user information of terms searched, URLs visited, IP addresses, search duration, browsers used, operating systems, and cookie ID are collected. These various data points increase the function of Google’s filtering services, increasing the likelihood of displaying information relevant to the user with minimal effort.

However, in his TED Talk made in 2011, Pariser, who pointed out the problem of filtering services, introduced astonishing examples of the filter bubble. In other words, he, as a progressive thinker, tried to meet and listen to conservative people on purpose, but, in one day, all the comments of those people had disappeared from his Facebook newsfeed, because Pariser had clicked more often on links posted by liberal people.

While everyone has his or her different tastes and tendencies, many people desire to have a neutral worldview or encounter viewpoints outside of their niche interests. However, filter bubbles may block such opportunities through filtering, and this becomes a challenge to librarians who are supposed to provide information without any prejudice to users. While libraries try to provide user‐based service responding to the demand of each individual user, unintended dangerous results may arise. In other words, they may be caught in a filter bubble. Of course, another reason to pay attention to the filter bubble problem is that search results and search history may be collected and shared or sold.

Google has provided a way of turning off functions that provide personalized/social search results (Steven, 2012). A simple click of a button at the top of the search result screen can prevent Google from reflecting search history in the search results. Some people think that this function has removed the filter bubble problem, but it is questionable how many users are aware of that function. Notwithstanding, Google still uses personal information such as language and location information in providing search results.

Accordingly, some search engine companies advertise themselves specifically as not collecting private information. DuckDuckGo insists that it provides information which has not gone through filter bubbles in terms of browser information, identifying location of searchers, computer information, internet history, interests of users which are handed over to advertising companies (Angwin & Mcginty, 2010), and credit‐related search words which allow credit companies or insurance companies to know the financial condition of users (Leslie & Maremont, 2010). ‘Start Page’ of England argues that it is the most private search engine in the world, which does not collect any IP address or data from users. At the top and bottom of the search window of those two sites, the phrase “The search engine that doesn’t track you” is shown.

In Forbes, Holly (2011) argued that users need to see various points of view which have not been processed by a filter bubble. Systems and processes need to be set up for users to be exposed to new and different ways of thinking. In particular, it is necessary to prevent other people from monitoring or controlling our information sources, and, above all, it is necessary to prevent them from controlling our ability to make decisions.

Recently, libraries have begun offering customized services, which may cause privacy infringement, making it necessary to examine the concept of personalization.

Personalization means to provide customized goods and information in response to the individual demands and needs of website visitors (Allen, Kania, & Yaeckel, 1998). In light of this, personalized service can be defined on websites as services which are tailored to individual users through collecting data such as their web history. The merits of personalization are increasing the loyalty of users, saving search time for users, and increasing relevant search results.

Privacy protection of library users is deeply related to intellectual freedom. Censorship cases in the 1930s in the US served as a push to enact the ‘Library Bill of Rights’ which has been continuously revised since. Similarly, IFLA (International Federation of Library Associations) proclaimed the ‘Statement on Libraries and Intellectual Freedom’. Protection of intellectual freedom in libraries is focused on protecting freedom of expression, freedom of thoughts, and users’ right to know; the prerequisites of this are no censorship and protection of users’ privacy.

In the USA, intellectual freedom was actively discussed beginning in the 1930s and continuing most strongly for about 20 years after, into the 1950s. In Korea, that period was from the 1980s into the middle of the 2000s. Afterwards, few papers dealt with censorship or intellectual freedom, and it seems this is because censorship systems in libraries almost disappeared thanks to the efforts of academia and libraries.

However, at present, instead of the old, administration‐controlled censorship system, censorship is done by users themselves. Development of information and communication makes it simple for libraries to record and keep all the activities of library users. This information may be exposed at any time and analyzed or utilized by governments, institutions, or individuals.

Intellectual freedom in the library may be a prerequisite of all other freedoms and, in order to seek it, the following must be guaranteed (Jeong, 2002).

First, all individuals may have his or her own belief on any matter and must have the right to express his or her thoughts in various forms which are considered proper. Second, a civil society must fulfill its responsibility to provide limitless access to all the information and thoughts available to people, and it must not change based on the point of view of people producing and receiving them. In the end, intellectual freedom means a circulation of information, and, if the freedom of expression or freedom to access information is suppressed, such circulation would be cut off.

Under the privacy protection laws of Korea, overall guidelines on privacy protection applicable to the entire society are suggested, and the National Central Library of Korea announced its guidelines on the privacy protection of library users. In those guidelines, basic matters necessary for protecting the privacy information of library users are set forth so that public business is properly carried out and the people’s rights and interests are secured.

In the Ethical Rules for Librarians of the Korean Library Association (KLA), personal information is referred to very briefly, and Article 6 of those rules states that ‘librarians, as persons ultimately responsible for selecting, organizing, and preserving intellectual resources of libraries and allowing library users to freely use them, are to exclude any interference hindering that use’ and its subparagraph (d) says that ‘librarians are to protect personal information related to library users and must not be forced to disclose that information.’

The Code of Ethics of the ALA describes that, in terms of the data each library user searches for, explores, and is able to acquire, his or her privacy must be protected. When it describes the mission of health and science librarians in Goals and Principles for Ethical Conduct, the Medical Library Association (MLA, 1994) argued that both society and individuals must be protected by its ethical standard. In addition, according to the Ethical Principles of the American Association of Law Libraries (AALL, 1999), individuals can only fully participate in the affairs of government when they can access legal information. This is based on their belief that, by allowing library users to collect, organize, preserve, and search legal information, the members of AALL can help citizens realize genuine democracy.

Since the laws and policies related to privacy provide the grounds to protect privacy of individuals and allow them to have a right to control their own information, it is necessary for individuals to have an accurate understanding of them.

The OECD summarized the agreed upon opinions of member states in terms of data distribution and management of multinational corporations in their ‘OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data’ which sets forth eight general principles to be complied with by member countries for privacy protection (OECD, 2002). Moreover, in the USA, the ALA has set up representative privacy policies for libraries and supports each library’s attempts to apply them.

However, in Korea, the Korean Library Association (KLA) has not proposed any policy related to the privacy of library users and each library has its own standards in for such policies. The ‘Declaration of Ethical Standards for Librarians’ on the KLA website states that ‘librarians, who are ultimately responsible for selecting, organizing, and preserving intellectual resources in order to allow library users to freely use them, exclude any interference hindering that.’ Its subparagraph (d) says only that ‘librarians shall protect personal information related to library users and shall not be coerced to disclose that information.’

On the other hand, the most cited standard in terms of privacy protection of library users is the personal information processing policy of the National Central Library (NCL) of Korea. This policy was established under the name of ‘Privacy Protection Guide’ in 2005, and, at present, a number of libraries have set up their policies for protecting library users based on this guide.

The greatest difference between the ALA guidelines and the NCL guide is that the former suggests the directions of policies to be the basis for developing privacy policies for library users for each library, but the latter is only a guide on personal information processing. In other words, the guidelines of the ALA amount to one of various library privacy guidelines suggested as samples.

In this chapter, I would like to select institutions that have established privacy protection policies, analyze instances, and draw implications from them.

In this chapter, I examine the literature related to privacy protection of library users and select literature to become the basis for guidelines protecting the personal information of library users. Most prominently, there are the Declaration of Ethics of Librarians in Korea and the ALA’ Library Bill of Rights in the USA. In addition, I examine the RFID Guidelines, which have been developed with the advent of new technologies and could be referred to in developing privacy protection policies.

We cannot approach privacy protection issues simply from the point of view of personal information protection because they is so deeply related to protecting user intellectual freedom as a basic human right. Accordingly, the issue of library users’ privacy has been of interest for more than 100 years. Recently, privacy issues have been hotly debated again due to personal information leaks because libraries deal with user information and information technologies have become essential elements of the library.

Thus, in this paper, I would like to comprehensively examine relevant studies related to library privacy and progress the discussion on their essential issues.

RQ1: Why should librarians be concerned about the privacy of library users?

One of the most fundamental reasons for libraries is to attempt to guarantee intellectual freedom for users. Library users have the right to research and study without any investigation or monitoring of their interests by other people, including library staff or other users in the library. Library users may not consider their book borrowing records to be a personal secret, but if book borrowing records for certain periods of time are collected and analyzed, the thoughts, beliefs, and personality of the borrower may be inferred through identifying reading tendencies or tastes, which may lead to the possibility of serious privacy infringement (Kim, 2011).

Moreover, libraries maintain personal information of their users and provide various services based on that information, which may cause the problem of personal information leakage. Furthermore, as information technologies have been introduced to libraries to provide personalized services based on them, filter bubbles, the collection of personal information through RFID technologies, confirmation of user locations, and traces of reading habits may lead to a high possibility of infringing user privacy. In order to secure intellectual freedom for library users, librarians are expected to actively guarantee users’ privacy based on an accurate understanding of it.

RQ2: Are there any examples of infringement of library user privacy rights?

Research shows that there have been considerable possibilities for privacy infringement and many infringement examples. First, infringement may arise in the process of law enforcement, and it has occurred when the prosecutor requested book borrowing records of library users or various use records of libraries in the course of tracking down suspects. Second, privacy protection becomes more and more difficult due to the development of digital information technologies (Johnston, 2000; Klinefelter, 2007), i.e., all the information sources used by users, websites visited by users, and the information of people exchanging email, messages, and chatting may be traced and documented by technologies (Shuler, 2004). The personal information of users is utilized while they are unaware of it. Third, despite their merits, even various convenience services including personalized service, location‐based services, book recommendation service based on book borrowing records, and self‐service holds raise the possibility of infringement on library user privacy (Zimerman, 2009; Bowers, 2008).

RQ3: How much research on personal information and privacy of library users has been conducted so far?

As examined in chapter 3, studies related to privacy and personal information of library users have been conducted by a number of researchers, institutions, or organizations from various angles. Previous studies have covered many aspects of privacy: the concept of privacy, librarian and user awareness of privacy, the present status of privacy protection, examples of privacy infringement, privacy policy and guideline development, and analysis of relations between personalized services and privacy. Accordingly, the concepts of personal information and privacy, filter bubbles, and personalization have been sufficiently defined.

RQ4: How much have relevant laws and policies of personal information and privacy of library users been developed and are there any aspects to be improved?

While he summarized concepts of privacy history related to library records and argued that there is no state or federal law for protecting library users and their records, Bowers (2006) referred to two laws influencing the privacy of library records, the ‘Foreign Intelligence Surveillance Act (FISA)’ and USA PATRIOT Act.

However, we can determine that, as the number of instances of infringement on library user privacy thereafter increased, revision of policies or laws have been made for protecting library user records and their privacy.

The protection level of personal information and privacy set forth in the KLA’s DEL and the ALA’s Code of Ethics is highly sophisticated and active. They suggest complete protection of intellectual freedom of library users and a genuine realization of democracy based on it.

If we look at the provisions as described in the Library Act of Korea, the US Constitution, the US Electronic Communication Privacy Act, and the right to information self‐determination, the protection level of personal information and privacy of library users is quite high. The provisions of communication protection, which permit prohibition and punishment against unauthorized access to and leakage of stored data made while transmitting in electronic communication systems, are very strict.

However, FISA or the Patriot Act may allow personal information requested at any time for national security. Thus, library use records in any media including books, records, reports, and documents became an object of investigation and monitoring, and library users may not be aware of the fact that their records are investigated or monitored. National security is important, but the protection of users’ privacy has special significance in libraries and it is a requirement to develop detailed guidelines.

Discussions and studies on whether users are willing to give up their personal information for the convenience of information use must be conducted. According to the results of a study on how the advantages gained by individuals weigh against concerns about privacy infringement when using services, the level of privacy concern negatively influences the level of service enjoyment. This study was conducted in the area of electronic transaction services, and it is necessary to conduct studies suggesting various services provided by the libraries (cloud service, context aware service, location‐based service, and reading taste analysis service) and measuring whether provision of these services justifies users’ abandonment of their personal information.

Studies specially identifying the library services infringing on users’ privacy and studies examining awareness of users also need to be conducted. In other words, I am suggesting that studies specifically analyze RFID service, context aware service, and service connecting book borrowers of the same books and determine in what ways they infringe user privacy.