Public libraries, who provided patron email addresses (supposedly collected to send overdue and renewal notices, etc.) to municipality "newsletter" spam lists.
I assume they'd also happily hand over a list of all the books you've checked out and whether any of them were overdue.
I don't disagree that some library systems are pretty tech illiterate and might share email addresses without understanding the consequences.
However, I feel the need to assert my opinion that librarians are generally pretty fierce defenders of privacy in the specific context of lending/reading history, so your assumption does not ring true at all to me. Libraries/librarians have been consistent defenders of lending history privacy in the face of the Patriot Act[1][2] and I would be shocked to see a pattern of libraries anywhere in the US giving out lending history data in the context of anything but the most direct of legal requirements.
I was employed by a public library once upon a time and received specific training on when to share lending data ("never, and if asked, lock the computer and go get the Director, even if the person asking has a badge").
I assume they'd also happily hand over a list of all the books you've checked out and whether any of them were overdue.