The age of AI necessitates that libraries develop policy and procedure governing the use of the technology by our institutions. As someone who has written a good deal of policy around emerging tech, two of my building blocks have always been federal/state/local law and the manufacturer or developer’s own terms of service. Any discussion of the law should include the significant disclaimer that I am no lawyer and that nothing I write should constitute legal advice! Now that that’s out of the way…
What does the law say?
Simply put, not much! Indeed one of the frustrations with AI is that the legal landscape is largely unsettled, with the American Bar Association noting
“the regulation of AI in the United States is still in its early stages, and there is no comprehensive federal legislation dedicated solely to AI regulation.”
While there may be little in the way of AI-specific guidelines, there are library-specific laws and regulations that we must consider, many at the state level, which address the confidentiality of patron records. In New York, for example, New York State Civil Practice Law & Rules (CPLR) 4509 states:
“Library records, which contain names or other personally identifying details regarding the users of public, free association, school, college and university libraries and library systems of this state, including but not limited to records related to the circulation of library materials, computer database searches, interlibrary loan transactions, reference queries, requests for photocopies of library materials, title reserve requests, or the use of audio-visual materials, films or records, shall be confidential and shall not be disclosed except that such records may be disclosed to the extent necessary for the proper operation of such library and shall be disclosed upon request or consent of the user or pursuant to subpoena, court order or where otherwise required by statute.”
When we contrast this confidentiality/nondisclosure requirement of reference queries against an AI tool such as ChatGPT’s propensity to record and retain all interactions/user content, it’s harvesting of personally identifiable information, and it’s wide use of 3rd-party services, we can see how it poses a data-security headache. While policy/procedure banning the use of such a tool may not be necessary, you must define appropriate use cases that will not compromise patron privacy and contravene existing law! Essentially, steps must be taken to ensure our interactions with such systems do not include personally identifiable information or anything that might constitute patron records.
What do the terms of service say?
Until next time!
While we may be operating in an AI regulatory vacuum, it is clear that there are established library rules and regulations that we can apply to this emerging technology. So get out there and do the important, necessary work of policy and procedure development, then experiment–safely!
Lastly, a few news items:
- As always, I speak a lot about the intersection of libraries and technology. If you’re look for a speaker, let’s talk!
- Previously, I assembled some AI resources for librarians. Check it out, if you haven’t already!
- For my New York-based audience, I’ll be at the 32nd Annual Conference on Libraries and the Future to give the talk “Into the Unknown: Media Literacy, Intellectual Freedom, & the Dawn of AI”. You can learn more and register for the in-person event here.
- I’ll be presenting “Fostering Tech-Savvy Staff” at the Internet Librarian Connect virtual conference. Register by September 15 with code SOC-SINGLE or SOC-TEAM to save $100!