Confidentiality is Not Privacy, but Privacy May Include Confidentiality

A recent library learning analytics project highlights the wide—if not widening—gap between advocates of the technology and those concerned that the value of student privacy isn’t being fully attended to. The project argues that privacy “hinges” on confidentiality. In this brief post, I will succinctly argue why confidentiality is not privacy, but privacy may include confidentiality.

A Brief Summary of the Project

Connecting Libraries and Learning Analytics for Student Success, or CLLASS, is an Institute of Museum and Library Services (IMLS) funded project led by Megan Oakleaf of Syracuse University supported by corporate (OCLC), organizational (IMS Global Learning Consortium, Unizin), and other higher education partners. In the executive summary, the CLLASS report argues that “in alignment with their long-standing commitment to use assessment to understand and facilitate student learning, librarians should explore opportunities to engage with emergent institutional learning analytics tools, systems, and strategies” (p. 6). Among other outcomes, CLLASS developed “a library profile for Caliper, an interoperability standard used to label learning data and provide the means for capturing, presenting, and conveying learning activities to centralized data stores in order to facilitate the analysis, visualization, and increased awareness of student learning behaviors” (p. 7). Other activities and outcomes are described in the report, but I want to use this time to turn the team’s treatment of privacy before offering up a critique.

The Privacy Foundation for CLLASS

The contributors to CLLASS recognize the longstanding ethical commitments of professional librarians to ensure that library users are provided privacy to support their information seeking and use behaviors. From this position, they quickly transition: “librarians must also consider the ways in which traditional privacy practices limit their ability to serve students and support their learning” (p. 20). Naturally, there is an attempt here to conduct a balancing act between potential benefits of learning analytics technologies and practices with privacy itself.

Privacy is not one thing. So it matters how privacy is being operationalized when conducting such a risk/benefit analysis. They argue that “true” or “perfect” privacy is the conceptualization that professional librarians have espoused, but counter that:

[T]rue privacy, in which no recording takes place, may be impossible to ensure when interconnected institutional and third-party systems are part of an integrated educational ecosystem [….] Given the interconnected nature of technological systems, it is challenging to deliver on a promise of total privacy in which no temporary or long-term recording of engagement with library technology exists and all library interactions are anonymized immediately, completely, and irreversibly. (p. 20)

In some ways this is a perfectly legitimate position. But what is odd is that this statement is set up against a straw man version of professional librarianship that they believe argues for “perfect” privacy. No one argues for so-called “perfect” privacy in a vacuum. Privacy scholars don’t. And library and information professionals don’t. This leads us to question why this conceptualization of privacy and the straw man position plays such an important role in CLLASS, and we’ll return to this later on.

Confidentiality is central to CLLASS’s approach to privacy. In fact, the authors go as far to argue that “library privacy hinges on confidentiality” (p. 20) and that confidentiality is privacy: “A shift in concept from library data as nonexistent to library data as confidential and protected would be significant in the library profession” (p. 20).

In summary, the CLLASS privacy foundation is constructed from these propositions:

  • Professional librarians believe that “true” or “perfect” privacy is the ideal.
  • “True” or “perfect” privacy is intractable because 1) no systems exist that enable such an approach to privacy and 2) non-existent data does not support learning analytics.
  • Confidentiality is conceptually equivalent to privacy.
  • A transition toward confidentiality is key to library learning analytics.

The Straw Man

To start the critique of CLLASS’s approach to privacy, let’s begin by addressing the straw man of “perfect” privacy. When someone argues the “perfect” privacy conceptualization, they are arguing for complete seclusion. This is implausible. Only in situations where individuals are able to completely remove themselves from society and to do so without notice from another person or thing (e.g., sensors), is that possible. Only those with significant resources (and privilege) enjoy this potential path, and even then most individuals would not choose that route. “Perfect” privacy is not the ideal situation for a vast majority of people who want to interact in society and develop social relationships. Is the inverse true, which is that people are ok with complete transparency? Of course not. If it were, you’d openly share your darkest secrets or have sex in the public square, because you’d have nothing to hide. But there are parts of our respective lives that we do not want to disclose to others because of normative reasons (i.e., socially expected reasons) or reasons that are ours alone.

Are professional librarians correctly characterized by the straw man position? No. In fact, it’s degrading as it makes these professionals out to be tin-hat-wearing isolationists and fails to engage in why privacy matters in the first place. Professional librarians espouse privacy as an ethic worth practicing because they recognize that libraries are some of the last bastions of intellectual safety. That is to say that libraries provide places, spaces, and experiences that allow their users to experience intellectual ideas, grapple with concepts, try out social values, and practice heretical thought without observation and without influence. The greater the data gathering, the more the analysis of that data, and the increased intervention in library users’ lives motivated by that data gathering and analysis degrades the library as a safe intellectual space and reduces the university’s ability to achieve its overarching mission. That mission is to engage students in learning that helps them develop their identity, establish knowledge for personal and professional success, and prepare them to participate in a liberal democracy.

About Confidentiality

We understand confidentiality as a secondary party holding or possessing information about the primary subject. This information may directly identify the primary subject. This information may indirectly identify the primary subject. This information may be a derived analytic (e.g., predictive measure) from the primary’s information. In any case, the possessed information, if disclosed, could cause harm to the individual in a social, emotional, physical, financial, or other sense. With confidentiality, individuals entrust some other party to hold information about them securely and use it in alignment with their expectations. Confidentiality is usually employed to limit others’ access to one’s self or to express some sort of control over information about one’s self. With the former, the subject discloses information only if the entrusted party promises not to further disclose the information to other non-acceptable parties. With the latter, the subject uses confidentiality as one tool to control the information flow. Naturally, there can be overlap. I want to point out here that these conceptualizations, access and control, are subject-centric; the subject of the identifying information chooses for themselves to express their right to limit access or express agency over identifying information.

Confidentiality is a process, a procedure, a tactic—one of many—that helps achieve the overall conditions the information subject requires to feel confident in their privacy. CLLASS argues that confidentiality is privacy. It is not. The CLLASS approach to confidentiality is not subject-centric. It is technology-centric. It argues that since the data may exist, it should be collected. And when the data is collected, privacy is achieved if held in confidence. But none of this truly addresses the subject, which in the case of academic librarianship is the student. If a library-led data gathering and analytic project—learning analytics or otherwise—does not facilitate a trust-making agreement with the student, you cannot say that you are holding data in confidence. And if you do not engage students about the particulars regarding the data and the analytics, then you are bypassing their right to express their privacy preferences. Again, confidentiality is not privacy, but an expressed privacy preference may include confidentiality as an agreed-upon condition to establish workable information conditions. Since CLLASS’s use of confidentiality is technology-centric, it is more accurate to use data security language—but not as rhetorically powerful.

“Confidentiality” as a Library Learning Analytics Linchpin

The argument behind “confidentiality” (data security) is this: If the data exists and is protected, then it could—and arguably should—be used. The authors say as much in the following:

A shift in concept from library data as nonexistent to library data as confidential and protected would be significant in the library profession. At the same time, an acknowledgment that library data is often captured and retained for some period of time may be necessary to motivate and empower librarians to update their awareness and knowledge of privacy, revise policies and practices to reflect current realities, and build safeguards and governance to better protect user data. (p. 20)

The authors are attempting to convince the reader that data existence and data security nullifies any outstanding professional ethic to limit use of user information, which is why “revise policies and practices to reflect current realities” is a key phrase in this particular quote. But what is problematic about this approach, and is what is systemic throughout all of learning analytics, is that there is a belief among its advocates that only good can come of analyzing and acting on student data—so let the data flow.

I find it ironic that the scientific method is often forgotten about when it comes to learning analytics, within or outside of the library context, given that all of this work is situated within higher education. With the scientific method…

  • we would sample,
  • we would conduct rigorous experiments,
  • we would hold our work up to strenuous peer review,
  • and we would not be advocating for major shifts in resources, changes to pedagogy, or complete administrative overhauls to university systems without the evidence to support such claims.

Yet, here we are. The library learning analytics advocates, and learning analytics advocates more widely, continue to push the idea that if the data is made accessible then the findings will surely be positive. The CLLASS authors state, “it is worth considering what librarians might do better or differently for students if they knew more about their academic needs and environment” (p. 21). And it is a worthy question, but it does not require creating new data infrastructures that expose students to immense risk and ignore valid reasons to support student privacy. Qualitative and quantitative methods already exist for addressing the very questions library learning analytics advocates think they’ll find answers to in a deluge of data.

Kyle M. L. Jones

Dr. Kyle M. L. Jones is an associate professor in the Department of Library and Information Science within the School of Informatics and Computing at Indiana University-Indianapolis (IUPUI). Get in touch with Dr. Jones here.