A story broke yesterday involving eBooks, libraries, and the privacy of user data. Reporter Nate Hoffelder exposed some serious privacy violations on the part of Adobe, specifically within their Digital Editions 4 product.
Adobe Digital Editions, which most eBook platforms in libraries use (including OverDrive, 3M Cloud Library, Axis 360, and Enki), has been secretly spying on users. No one hacked anything–this is the company itself collecting this data on the sly. Adobe is gathering data on the eBooks that have been opened, which pages were read, and in what order–including consumer-subscription eBooks and eBooks borrowed through a library. Equally disturbing, Adobe is also tracking user activity outside of Digital Editions—gathering metadata from non-Adobe eBooks on the user’s hard disk. All of this data is being kept and transmitted in clear text (plain text that is easily intercepted and duplicated by intermediaries, such as library eBook vendors).
The collection of such data is quite possibly a violation of the California Reader Privacy Act as well as the California Student Online Personal Information Protection Act. Working in California as a Library Director means I have to address this with my community.
As a library customer, I have contacted our eBook vendors and asked for information or comment. So far, nothing.
While not surprised that a big company that can make money off of user data is collecting that user data, I am outraged on behalf of my library users–whose data we strive to keep secure and safe. By offering eBooks platforms with Adobe Digital Rights Management software, we have been unknowingly violating our very own privacy policies.
I am hopeful that the American Library Association, state libraries, and other organizations will publicly decry this gross violation of user privacy.