"VII. All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information."
In support of the right to privacy, the American Library Association asserts "A lack of privacy in what one reads and views in the library can have a significant chilling effect upon library users’ willingness to exercise their First Amendment right to read, thereby impairing free access to ideas."
Field Guide Book for Digital Security is written with a target audience of librarians and some of the basics around digital security, which can be a prerequisite for digital privacy. To use a common analogy, if you don't securely lock your door to your house, then someone can easily walk in and snoop through your personal belongings. If you don't secure your digital life, hackers can do the same.
They publish a series of these field guides in on an interactive website to work through a series of topics related to privacy in libraries.
This is where things get much trickier. Because the vendors that libraries subscribe to aren't beholden to the ALA's Library Bill of Rights, the companies who run the databases that libraries subscribe decide how to handle user data that is created when users interact with their services. As a near worst case scenario, The Intercept recently reported "LexusNexus is selling your data so ICE so it can try to predict crimes", where LexusNexus is selling user data to Immigration and Customs Enforcement so they can surveil the data to look for patterns that might lead to arrests.
Library Freedom Project published this table in 2018 showing where different library vendors stand on different user privacy practices. (Click through to better read the questions across the top)