Surveillance or Service? AI Privacy for Vulnerable Patrons

Libraries serve vulnerable populations. That's our actual mission. Not recommendations. Not personalization. Not vendor revenue. People who come to us because they have no other safe place to ask their questions.

When you implement an AI recommendation engine, a chatbot, or search analytics, vendors tell you it's "privacy-preserving." They use phrases like "aggregated, anonymized data." It sounds safe. It's not.

Here's what happens in practice: Your vendor collects search queries, reading history, and conversation logs. Then, six months later, the vendor gets hacked. Data leaks. Real people's searches are now exposed.

For the affluent patron searching for book club recommendations, it's annoying. For the immigrant patron who searched "asylum petition timeline," it's ICE showing up at their door. For the domestic violence survivor who searched "confidential shelter near me," it's an abuser finding their location. For the LGBTQ+ youth who searched "transgender healthcare," it's a family or religious institution weaponizing that data against them.

I know this sounds dramatic. I've cleaned up the fallout. I've notified a survivor that her search history was exposed. The risk isn't theoretical - it's what I watch happen when libraries collect vulnerable people's information without understanding who could weaponize it.

What AI Tools Actually Collect (And What Vendors Know About It)

Here's what your vendor is collecting, even when they claim it's "privacy-preserving":

• Recommendation engines: Every book/resource clicked, every search term entered, rating/review patterns, reading history - linked to patron accounts or session identifiers
• Chatbots: Every question asked, every conversation thread, all personal details shared in conversation - stored on vendor servers
• Search analytics: Query logs showing information needs (medical conditions, legal situations, personal crises, sensitive life events)
• Discovery systems: Facet clicks, refine patterns, what materials attract interest - timestamped and linked to individuals
• Usage analytics: IP addresses, device information, session data - potentially re-identifiable even when "anonymized"

Vendors claim they "de-identify" this data. That's a marketing statement, not a technical guarantee. Researchers have repeatedly shown that "anonymized" datasets can be re-identified by correlating multiple data points. An IP address + search timestamp + library location is often enough to pinpoint an individual.

But here's what vendors are counting on you not asking: Why does the algorithm need to keep individual-level data at all? If they're truly just improving recommendations, they could aggregate patterns without storing who searched for what. They don't, because retention creates value. Your patron data is an asset they can sell, license, or exploit.

Breaches happen. Every vendor gets breached eventually. And when they do, vulnerable people who trusted your library suddenly have their information in the hands of people who want to harm them.

Real Harms (Not Hypothetical)

Immigration Enforcement

An undocumented patron comes to your library because it's the only place they can ask questions without fear. They search "How to apply for asylum" or "Are undocumented immigrants eligible for services?" or "What happens if I get pulled over without papers?" If your AI tool logs these searches and the vendor gets breached, ICE now has a targeting list they didn't have before.

This isn't speculative. ICE agents have used library browsing records, checkout histories, and digital footprints to identify and track immigrants. Your recommendation engine data, if breached, becomes another data source they can use. You're not just documenting information need - you're creating a breadcrumb trail to vulnerable people.

Law Enforcement Targeting

A patron searches for information about bail, criminal defense, protest tactics, or their own arrest. If that data is breached and accessed by law enforcement, it becomes evidence or targeting information.

Librarians have faced subpoenas for patron records. If you have detailed behavior logs, those subpoenas get a lot of useful data.

Domestic Violence

A survivor comes to your library to plan their escape. They search for shelter locations, legal aid for protective orders, child custody resources, and how to safely leave. They use the library because they can't search at home - the abuser controls the devices and accounts. If your AI system logs these searches and the vendor gets breached, the abuser now has a roadmap: shelter names, legal strategies, timing. A data breach becomes a hunting guide.

Survivors choose libraries because we're supposed to be safe. Implementing surveillance systems - even well-intentioned ones - breaks that safety. It sends a message: your research here might be exposed. And for someone running from violence, that risk is lethal.

Sexual Orientation/Gender Identity

A teenager from a conservative religious household uses your library to explore who they are. They search for "Is it normal to be trans?" and "LGBTQ+-friendly therapists near me" and look at the library's digital collection of books about gender identity. They trust your library because librarians protect privacy. If your AI system logs these searches and the vendor gets breached - or if a parent demands the data through a legal request - that teenager's parents now know they're exploring their identity before they're ready to come out.

Outing is dangerous. Conversion therapy is still happening. Religious institutions and parents use any information they can find to intervene. When you implement surveillance systems in libraries, you're telling LGBTQ+ youth: this isn't a safe place to explore. You're forcing them to choose between the library and their safety.

Medical/Mental Health

A patron searches for HIV treatment, mental health resources, or specific medical conditions. If that data is breached, it becomes identifiable health information that insurers, employers, or others could misuse.

Vulnerable Populations Matrix

How to Protect Your Mission (3-Step Template)

Before you implement any AI tool - and I mean before you sign anything - run this assessment. This isn't a box to check. This is protecting the vulnerable people who depend on your library.

Step 1: Demand Truth About Data Collection

Don't ask the vendor's sales rep. Ask the vendor's privacy officer or data engineer: What data does your tool collect? How long is it retained? Who has access? Can it be tied back to individual patrons? If they hedge, push back. "Eventually de-identified" is not a commitment. "May be accessed by" is not acceptable.

Document what they tell you - everything:

• Search queries and reading history: YES/NO
• Conversation logs: YES/NO
• Personal information shared: YES/NO
• Timestamps and session data: YES/NO
• Device/IP information: YES/NO
• De-identified or individually identifiable: ______
• Retention period: ______
• Who at vendor has access: ______

Step 2: Assess Harm by Population (Be Specific)

For each vulnerable population your library serves, ask: If this data is breached tomorrow, what happens to them? Don't be abstract. Get specific. Get angry about it.

Example: Recommendation Engine + Immigrant Community in Your Area

• Data collected: Book searches, reading history, queries about visas/asylum/immigration law, resource access patterns
• Who could access a breach: ICE agents, private data brokers, vigilante groups, state immigration enforcement
• Real harm scenario: A family searching for visa information has their search history correlated with their home address through a data broker. ICE uses that to prioritize enforcement. Someone gets deported.
• Severity: CRITICAL (could lead to deportation, family separation, death)
• Your decision: Accept risk? YES / NO / ONLY IF [specific safeguards]

Step 3: Make a Real Decision

You have three options. Pick one. Own it.

Option A: Don't Implement

If the harm is severe and can't be mitigated, don't use the tool. This is a legitimate decision. More than legitimate - it's the right decision if the risk to vulnerable people is too high. Not every vendor feature is worth the risk. A recommendation engine is nice. Protecting your community's safety is essential.

Option B: Proceed with Aggressive Safeguards

If the tool serves a genuine need, demand contractual safeguards. Don't ask nicely. Demand them. Here's what you require:

Option C: Proceed with Informed Consent

If you think transparency is enough, require informed consent where patrons understand exactly what's collected, who might access it, and can opt out without losing core services. Be clear: "Opting out means you don't use the recommendation engine, but you can still search, check out books, and use all other library services." (Note: This is often insufficient for vulnerable populations, but it's better than collecting data without asking. Many vulnerable people will opt out once they understand the real risk.)

Vendor Contract Language (Copy-Paste Ready)

Add these clauses to your vendor contracts:

Implementation Checklist

Before going live with any AI tool:

• [ ] Conduct privacy impact assessment for each vulnerable population you serve
• [ ] Review vendor contracts for data retention, encryption, breach notification
• [ ] Negotiate safeguards based on harm assessment
• [ ] Brief reference and circulation staff on what data is collected
• [ ] Create patron notification explaining what is collected and why
• [ ] Establish data deletion schedule (monthly, quarterly)
• [ ] Plan breach notification process (who do we contact? in what order?)
• [ ] Document decision rationale (why we chose this tool despite risks)
• [ ] Audit annually (is vendor still following contract terms?)

Talking Points for Your Board

"One data breach could put vulnerable patrons at risk. Not someday - now."

Concrete example: "If our recommendation engine data is breached, every undocumented patron who searched 'visa petition' or 'asylum' is now identifiable. ICE agents have used library data to target deportations. We would be giving them a targeting list. This isn't theoretical - it's what happened with ICE and library records."

"Our core obligation is patron safety. AI tools create new risks to that."

Libraries have always protected patron privacy. It's in the ALA Code of Ethics. It's in our intellectual freedom principles. AI tools force us to choose: Do we serve vendor profit or patron safety? We can't do both.

"Privacy is the foundation of access. Vulnerable people won't use a library that surveils them."

Immigrants won't search for visa information if they fear the data will be used against them. Domestic violence survivors won't seek shelter information if they're afraid their searches will be exposed. LGBTQ+ youth won't explore their identity if they fear outing. A library without privacy is not a safe place. It's a trap.

The Question You Have to Answer

Stop for a second. Here's what you're actually deciding when you implement AI tools with patron behavior tracking:

"Is the vendor's profit more important than vulnerable people's safety?"

I know that sounds harsh. Vendors aren't evil. Your sales rep probably is a decent person. But the system they work for is designed to extract value from your institution. They collect data because data has value. They don't care if that data puts vulnerable people at risk.

Sometimes - maybe - the answer is: yes, we'll accept this risk because the tool is worth it. But make that decision with full knowledge of what you're risking. Not by assuming privacy safeguards exist when the vendor won't commit to them in writing.

And if the answer is no? Be honest about that. A recommendation engine is not worth the safety of domestic violence survivors, undocumented immigrants, or anyone else you serve.