Skip to Content

Government Surveillance, Privacy & Data

Reader Privacy Issues Remain Following Google Books Settlement Rejection

With the long-awaited decision on the Google Books settlement behind us, it would be easy to think that the privacy concerns CDT raised over the proposed expansions of the service are no longer an issue. The settlement has been rejected, and Google won’t be rolling out expanded book previews, full-text access, and institutional subscriptions, so we needn’t worry about the new tracking risks and potential chilling effects of those services, right?

Not exactly. While the rejection of the settlement means Google won’t be adding these services for the out-of-print works scanned from the collections of participating libraries, the company is moving right along with its project to digitize and offer books licensed through its Partner program. Last fall, Google launched a cloud-based, multi-platform electronic bookstore offering hundreds of thousands of current releases and millions of public domain books.

And Google is (obviously) not alone. Amazon, Barnes and Noble, Apple, and others are vigorously competing to lead the e-book revolution. Today, books (broadly speaking) are more accessible than ever before: the lower printing costs, increased consumer choice, improved portability, and instantaneous delivery are positive developments for many a bibliophile. Not surprisingly, the market for e-books and e-readers is growing rapidly, with net sales doubling between January 2010 and January 2011. Both Amazon and Barnes & Noble recently reported that online e-book sales have surpassed paperback sales.

But all these services present new challenges for protecting reader privacy. Limiting customer previews, facilitate lending among friends, and sync “bookmarks” across devices all require fine-grained tracking of not just what books a person buys or browses, but also what pages she’s read, what passages she’s highlighted, and with whom she’s shared which books. In the offline world, such data collection is either impossible or widely distributed among disconnected libraries and bookstores. But in the online e-book world, such data in not only collected, but relatively centralized at a handful of massive booksellers. Such a cache presents new opportunities for tracking and data mining, as well as a tempting honeypot for government or third-party litigants. Our friends at the ACLU of Northern California described these risks in a report issued last year.

As argued in that report, and in CDT’s recommendations for the Google Books settlement, readers have long enjoyed a high level of privacy and anonymity with respect to their reading habits. Rooted in First-Amendment protections, this tradition is reflected in libraries’ commitment to patron privacy, and bolstered by library privacy laws in 48 states and DC. But there is a significant risk that these protections will erode as we turn increasingly toward online books.

Ensuring that these protections endure, both with respect to companies’ use of their customers’ data and with respect to government access to such data, is one of the reasons CDT supports comprehensive consumer privacy legislation (to ensure proper limitations on commercial use of reader information) and reform of the Electronic Communications Privacy Act, (to ensure proper limitations on government access to reader information).

It’s also why CDT sent a letter last week in support of the Reader Privacy Act in California, which passed through the Judiciary Committee yesterday. The bill, first proposed by the ACLU and EFF, would protect electronic reading records from disclosure absent proper justification. Proper justification means a warrant in a criminal case or a court order in a civil case, following a showing that there is a compelling need for the data and that disclosure from the bookseller is the least intrusive means to get the information. The bill would also require notice and opportunity to contest the order to the bookseller, and in some cases, to the individual reader.

Under the Reader Privacy Act, consumers would be able to feel comfortable reading e-books without worrying that their personal information will be unprotected. It is heartening to see California working to establish such strong safeguards for readers everywhere.