Privacy Policy Analysis for Compliance and Readability of Library Vendors in India

Abstract

ABSTRACT Privacy policy is crucial in educating librarians about how vendors handle patron's data and what are their current privacy practices? Fewer have studied the content of library vendors’ privacy policies for their readability score and privacy compliance. With this background, the study performed a comprehensive keyword-based, content analysis of 64 privacy policies from three category of library vendors (1) IT vendors (2) E-resource vendors (3) Publisher's cum bookseller's vendors. The study used the Flesch-Kinkaid grade level for readability score and evaluate their privacy compliance with the 11 privacy principles articulated from the India's Personal Data Protection Bill, 2019 (Referred to as “PDPB” in this study). The results indicate low availability of privacy policies (n = 64, 41.29%) out of 155 library vendors. Overall, the average reading grade level on all categories of vendors are similar; they are written for readers above 12 grades and are suitable for college readers. Their privacy compliance is low in all categories, with average compliance of 3∼4 out of the 11 privacy principles. Similarly, the privacy compliance in each vendor's category is the highest for data collection, processing, and sharing principles. In contrast, it is the lowest for accountability, data retention, safeguarding children's data, users’ consent and transparency. The article concludes with specific recommendations for vendors to overcome their readability and privacy compliance deficiency, thereby providing librarians with corrective measures when negotiating with vendors to protect patrons’ privacy.