"The Chesterburgh Public Library's contract renewal contains a clause granting third-party data analytics firm Axion Metrics unfettered access to patron usage records, including reading histories and digital resource interactions." — Excerpt, Chesterburgh Library Board Meeting Minutes, April 9, 2024

 On April 9, the Chesterburgh Library Board approved a controversial renewal of its digital services contract with vendor BookStream, a major provider of e-books and online databases. Embedded deep within the 83-page contract is a clause permitting Axion Metrics, a lesser-known data analytics firm, full rights to collect, analyze, and store extensive patron data. This information includes specific titles borrowed, time spent with digital content, and even metadata tied to library cardholders' interactions.

 Chesterburgh residents rely heavily on the public library not only for books but also as a gateway to free digital resources, including access to academic journals, job training modules, and children’s literacy programs. The idea that personal reading habits—considered among the most private of data—are now subject to external corporate scrutiny has raised alarms among privacy advocates, librarians, and regular patrons alike.

 The contract language, obtained through an open records request filed by this reporter, was buried in the dense technical appendix labeled “Data Analytics and Reporting Services.” The provision fails to specify limitations on data use, retention periods, or even the scope of anonymization. More concerning, it grants Axion Metrics exclusive rights to sublicensing any aggregated data without prior approval by Chesterburgh authorities or the library board.

 Library Director Melinda Rhodes defended the agreement in a statement: “This partnership enhances our ability to understand how our digital offerings are utilized, allowing us to better serve Chesterburgh residents with tailored programs and services.” However, when pressed about the absence of explicit privacy protections, Rhodes deferred to the legal department, which had no immediate comment.

 While the advertised goal is to improve library resource allocation and user experience, experts warn that such open-ended data access can lead to unintended consequences. Dr. Leonard Cruikshank, a digital privacy scholar at Penn Valley University, noted, “When libraries allow third parties broad access to patron data without robust safeguards, it jeopardizes the fundamental right of intellectual privacy. Users might self-censor their reading or search habits if they fear surveillance.”

 Chesterburgh’s own town ordinance 2021-17, passed three years ago, underscores the municipality's commitment to data privacy by requiring public vendors to implement “reasonable and transparent protections for personally identifiable information.” The current contract, however, raises questions about compliance since it neither defines “reasonable” standards nor mandates public disclosures related to data use.

 An in-depth review of the procurement process, revealed through a series of FOIA requests, shows that the contract was expedited, with minimal public discussion or consultation with the citizens most likely to be affected, including local libraries’ oversight committees and privacy advocacy groups. The decision was finalized during a closed session of the library board, limiting transparency.

 Written correspondence between the library and BookStream, dated February and March 2024, suggests that introducing Axion Metrics was a last-minute addition. Internal emails from the library’s contract manager express concern over the absence of privacy clauses but acknowledge pressure from BookStream executives to sign the agreement “as-is” to avoid disruption of digital services.

 It is essential to note that Axion Metrics holds contracts for analytics services in at least 15 other municipalities nationwide, several of which have faced data breaches and public backlash. Notably, in 2022, the nearby city of Marlow Hills terminated its agreement with Axion after sensitive patron data was exposed through a misconfigured cloud server. That incident is referenced in a recent audit report obtained by this publication but was not disclosed during the Chesterburgh contract negotiations.

 Community response to the revelations has been swift. The Chesterburgh Privacy Coalition released a statement calling for an immediate suspension of the contract renewal and a public forum. “Transparency and accountability are non-negotiable when dealing with the sacred trust between a library and its patrons,” the group wrote.

 Local librarian and union representative Carla Jenkins expressed frustration. “Our job is to create a safe space for intellectual exploration. Allowing a corporate analytics firm free rein over our patrons' choices undermines that space. We deserve better safeguards and to be part of the decision-making process.”

 As Chesterburgh grapples with balancing technological innovation and privacy rights, this case highlights the broader challenge confronting small towns nationwide. Public institutions are often caught between the lure of data-driven efficiencies and the imperative to protect their constituents’ privacy.

 This story is part one of a three-part series examining surveillance and data privacy in Chesterburgh’s public institutions. Upcoming installments will analyze the town’s broader digital contracts, including surveillance camera networks and school district data policies, and propose policy recommendations based on best practices observed elsewhere.

 In the meantime, concerned residents are encouraged to review the full contract documents, available through the town’s open records portal, and submit comments to the Chesterburgh Library Board ahead of its next scheduled meeting on May 3, 2024.

 As always, facts laid bare—without spin—remain our greatest tool in protecting public interest.