Perspectives on the Framework

Kevin Adams

Surveillance and Privacy

How Can the Framework Support Privacy Literacy?

Kevin Adams is information literacy librarian at Alfred University, email: adamska@alfred.edu.

© 2025 Kevin Adams

Scholars have proposed a variety of ways to approach privacy literacy in the library classroom.1 Privacy is a core value of librarianship, but personal privacy is being eroded at a rapid rate. Students leave data tracks all over the internet; their personal information is constantly collected outside of the classroom. This alone is enough for privacy literacy to be on the librarian’s radar. Alarmingly, recent studies show that publisher platforms may be harvesting student personal information inside of the library classroom as well.2 This article explores current critical perspectives on privacy literacy, the urgency of privacy literacy, and how the ACRL Framework for Information Literacy can and cannot support privacy literacy initiatives.

The Urgency of Privacy Literacy

“Privacy is about respect for persons, not about protecting data.”3 This is the guiding philosophy of the privacy literacy library pedagogues Sarah Hartman-Caverly and Alexandria Chisholm. Much like information literacy as defined by the Framework, Hartman-Caverly and Chisholm define privacy literacy as “a suite of knowledge, behaviors, and critical dispositions regarding the information constructs of selfhood, expressive activities, and relationships.”4 Privacy literacy at its heart is connected to human identity. Privacy knowledge, behaviors, and critical dispositions enable users to protect their privacy.

Under what Soshana Zuboff terms surveillance capitalism, people’s personal information is collected for commercial purposes and used by corporations to predict and dictate the direction of the market. Zuboff draws out the ways this introduces “epistemic chaos.” Corporations harvest personal and behavioral data from individuals and plug that data into profit-driven algorithms. With total disregard for corrupt data and disinformation, these algorithms drive new market and information creation. This disregard for truth in favor of profit generation bombards people with information and advertisements that are not based in reality. This move away from truth fundamentally undermines democratic control of society in favor of corporate control.5

Hartman-Caverly and Chisholm build on Zuboff’s work extending this existential crisis to the individual. Seeking to restore privacy norms, their proposed framework, The Six Private I’s, provides insight into the effects of violations of personal privacy on the individual. The framework explores how loss of privacy impacts identity, intellect, integrity, intimacy, interaction, and isolation. Ultimately, they argue “ubiquitous surveillance undermines personhood itself.”6

Complicity in the Library

Libraries have started to play an active role in the corporate and institutional collection of personal information. In Data Cartels, Sarah Lamdan helpfully breaks personal information into two types: information used for commercial purposes and information used for institutional purposes. Corporations that use personal information for commercial purposes operate in ways illustrated by Zuboff, to sell consumers commodities and dictate the market. Corporations that use personal information for institutional purposes collect personal information, compiling it into data dossiers, and selling it to interested parties like government agencies, law enforcement, and banks.

Lamden writes from an academic library perspective, focusing on institutional usage of personal information.7 Corporations that collect, package, and sell personal information for institutional purposes are commonly referred to as data brokers, but could be more accurately referred to using Lamdan’s language: data cartels. Academic libraries work closely with a couple of these data cartels. Thomson Reuters and RELX (Reed, Elsevier, LexisNexis) in addition to being database vendors, collect personal information from internet (and library database) users to create data dossiers that are sold to government agencies, law enforcement, banks, and other interested buyers like Immigration and Customs Enforcement (ICE).8 This has implications reaching far beyond the walls of the library. Scholars like Safiya Noble and Virginia Eubanks have written about how algorithms and technologies that use data dossiers negatively impact people with marginalized identities.9 Policing through data has not led to decreases in crime but has “embedded the discriminatory policing problems . . . into digital policing infrastructure.”10

According to a 2023 SPARC Report that analyzes the privacy practices of RELX, publisher platforms regularly track user behavior and information. One Elsevier database, ScienceDirect, can collect and track patron personal information on and beyond the ScienceDirect website. The report goes into great detail, but suffice to say, this type of data collection violates the ALA Code of Ethics, Library Bill of Rights, and the IFLA Statement on Privacy in the Library Environment.11

Andrew Weiss identifies academia’s relationship to various invasive information technologies as a looming problem.12 Academic librarians find themselves promoting the tools that extract personal information from patrons, while at the same time teaching patrons privacy literacy, putting the onus for digital hygiene on the user. Librarians are forced to pit core values of privacy and access to information against one another by corporations like RELX that have monopolized access to academic information. Libraries’ continued participation with these database providers enables the companies to continue their extractive practices, but many libraries do not feel that they have a choice because the database provider may be the only provider of content required for academic programs.

How Can the Framework for Information Literacy Address Privacy Literacy?

The ACRL Framework for Information Literacy focuses on helping people, primarily students, conduct research by way of understanding how information works. The Framework can be used to address privacy literacy, but it is not tailor-made for this purpose. The frame Research as Inquiry encourages learners to ask critical questions as they go through an iterative research process. Librarians often encourage students to ask new questions as they develop research questions and ask questions about which research strategies to implement. This frame creates an opportunity for librarians to encourage students to ask questions about the platforms and databases that they are selecting to conduct their research. Understanding platforms, search engines, websites, and databases is a vital first step for learners to start to interrogate how their personal information and data is generated, harvested, and sold; the value of their personal information; and the impact of data harvesting on society.

The Value of Personal Information

The frame Information Has Value guides learners toward a broad understanding of the value of information, including as commodity and as influence. These two ways of understanding information are vital for privacy literacy. The frame explicitly mentions “the commodification of personal information” and can be applied to help learners understand how aggregated personal information is used by institutions and corporations to exert influence. As Zuboff argues, corporations and institutions influence information creation and market creation, with impacts on people such as purchasing decisions, personal life decisions, and even voting decisions.13 The frame states that experts will understand how to make deliberate and informed decisions about their participation with information creation. While the frame is primarily talking about participation in scholarship, learners can also use this disposition to identify ways they might choose to protect their personal information or allow their information to be used.

Personal Information as Created Information

The frame Information Creation as a Process encourages information users to think about the way that information is created, packaged, and disseminated. This frame can be helpful for learners to explore the way their personal information is harvested, compiled, and used, but it requires some reframing. The frame argues that “information in any format is produced to convey a message.”14 This assigns intention to the information production process and assumes some agency for the producer. Internet users are not intentionally generating behavioral or personal information while using websites, rather trackers acting as digital eavesdroppers are used to harvest data. However, once the data is harvested, packaged, and disseminated by data brokers or commercial enterprises, it takes a form that this frame allows learners to analyze. An important element of privacy literacy is understanding how personal information and the life cycle of personal data are connected. Learners can start to ask how data extraction processes impact their privacy.

The frame Scholarship as Conversation, frequently used to teach about citations, emphasizes the importance of transparency in understanding the evolution and complexities of scholarly ideas. The life cycle of personal information looks quite different from that of scholarship, and there is not the same transparency around personal information generation, harvesting, or usage. While this data is put into conversation with other data, it is not done in a transparent way. Without the transparency that comes with scholarship, it is far more difficult to engage with what is being done with the data. Paralleling the disposition learners “see themselves as contributors to scholarship rather than only consumers of it,” privacy literacy learners may apply this frame to critique data collecting practices and reclaim their agency by learning about and protecting their personal information.

Impact on Searching

Susan Archambault argues for expanding the Framework to include algorithmic literacy, illustrating that the current iteration of Searching as Strategic Exploration falls short of teaching learners the impact that algorithms have on their search results. The frame “hints at but fails to explicitly include the idea that search results are personalized through both invisible digital profiling and the collective actions of other users (e.g., popularity ranking) in endless dynamic feedback loops.”15 Personal information influences the ways that different search engines respond to a prompt, and learners could benefit from an understanding of the way that their digital profiles shift search results.

Privilege and Bias

The frame Authority is Constructed and Contextual looks at how researchers evaluate the authority of a piece of information, suggesting that information users should be skeptical of information sources’ authority and evaluate the context that is lending it authority. This frame is particularly helpful for encouraging students to critically evaluate privilege and bias when looking for authoritative sources and can be used to better understand how marginalized voices are often left out of the conversation. This line of critical thinking can be applied to personal data collectors by encouraging learners to ask questions like, how does collecting personal data reinforce traditional forms of knowledge privilege?

Librarians may also use this frame to begin to question the authority of databases that harvest data from their users. What does it mean for the largest academic database providers to be transitioning their profit models away from knowledge dissemination to data brokering?

Conclusion

The Framework can be helpful for understanding the way that personal information is created, harvested, sold, and used, but it was not created with privacy literacy in mind. Ultimately, shoehorning privacy literacy into the Framework is awkward. This could be helped by an expansion of the frames to address privacy literacy, as Archambault suggests they should be for algorithmic literacy.16 Librarians and learners can also look to frameworks established outside of the Framework for Information Literacy, like Chisholm and Hartman-Caverly’s Six Private I’s.17 However privacy literacy is addressed in the classroom, libraries urgently need to address the ways they are complicit in personal information collection to better uphold the profession’s core value of privacy.

Acknowledgment

Thanks to Samantha Dannick, Engineering and Scholarly Communications Librarian, Alfred University.

Notes

1. Alexandria Chisholm and Sarah Hartman-Caverly, eds., Practicing Privacy Literacy in Academic Libraries: Theories, Methods, and Cases (Chicago: ALA, 2023).
2. Becky Yoose and Nick Shockey, “Navigating Risk in Vendor Data Privacy Practices: An Analysis of Elsevier’s ScienceDirect” (SPARC, November 7, 2023), https://doi.org/10.5281/zenodo.10078610.
3. Chisholm and Hartman-Caverly, Practicing Privacy Literacy in Academic Libraries.
4. Sarah Hartman-Caverly and Alexandria Chisholm, “Privacy Literacy,” ScholarSphere, June 12, 2020, https://scholarsphere.psu.edu/resources/7b120743-5f28-4a5d-954b-90856130a722.
5. Shoshana Zuboff, “The Coup We Are Not Talking About,” The New York Times, January 29, 2021, https://www.nytimes.com/2021/01/29/opinion/sunday/facebook-surveillance-society-technology.html.
6. Alexandria Chisholm and Sarah Hartman-Caverly, “Privacy as Respect for Persons: Reimagining Privacy Literacy with the Six Private I’s Privacy Conceptual Framework,” in Practicing Privacy Literacy in Academic Libraries: Theories, Methods, and Cases (Chicago: ALA, 2023), 15.
7. Sarah Lamdan, Data Cartels: The Companies That Control and Monopolize Our Information (Stanford, CA: Stanford University Press, 2023), 28.
8. Lamdan, Data Cartels, 2.
9. Safiya Umoja Noble, Algorithms of Oppression: How Search Engines Reinforce Racism (New York: New York University Press, 2018); Virginia Eubanks, Automating Inequality: How High-Tech Tools Profile, Police, and Punish the Poor (New York: St. Martin’s, 2018).
10. Lamdan, Data Cartels, 30.
11. Yoose and Shockey, “Navigating Risk in Vendor Data Privacy Practices.”
12. Andrew Weiss, “Libraries, Privacy, and Surveillance Capitalism: The Looming Trouble with Academia and Invasive Information Technology,” in Practicing Privacy Literacy in Academic Libraries: Theories, Methods, and Cases, ed. Alexandria Chisholm and Sarah Hartman-Caverly (Chicago: ALA, 2023).
13. Zuboff, “The Coup We Are Not Talking About.”
14. “Framework for Information Literacy for Higher Education,” Association of College and Research Libraries, January 11, 2016, https://www.ala.org/acrl/standards/ilframework.
15. Susan Archambault, “Expanding on the Frames: Making a Case for Algorithmic Literacy,” Communications in Information Literacy 17, no. 2 (December 14, 2023): 542–43, https://doilorg/10.15760/comminfolit.2023.17.2.11.
16. Archambault, “Expanding on the Frames.”
17. Chisholm and Hartman-Caverly, “Privacy as Respect for Persons.”