Today, SPARC released Navigating Risk in Vendor Data Privacy Practices: An Analysis of Elsevier’s ScienceDirect. Produced in collaboration with Becky Yoose of LDH Consulting Services, the report documents a variety of data privacy practices that directly conflict with library privacy standards, and raises important questions regarding the potential for personal data collected from academic products to be used in the data brokering and surveillance products of RELX’s LexisNexis subsidiary.
By analyzing the privacy practices of the world’s largest publisher, the report describes how user tracking that would be unthinkable in a physical library setting now happens routinely through publisher platforms. The analysis underlines the concerns this tracking should raise, particularly when the same company is involved in surveillance and data brokering activities. Elsevier is a subsidiary of RELX, a leading data broker and provider of “risk” products that offer expansive databases of personal information to corporations, governments, and law enforcement agencies.
As much of the research lifecycle shifts to online platforms owned by a small number of companies, the report highlights why users and institutions should actively evaluate and address the potential privacy risks as this transition occurs rather than after it is complete.
SPARC’s work in this area seeks to ensure that privacy is foundational to systems for open research. To build on this report and advance this goal, SPARC plans to provide several types of support:
- Model Contract Language for Privacy: SPARC is in the process of developing model contract language for libraries to consider when negotiating for stronger privacy protections. Currently in draft form, we expect this language to be available for a pilot in the coming months, with wider distribution afterward along with a companion explainer document.
- Talking Points for Key Campus Constituencies: The Resource Library Working Group of our Privacy & Surveillance Community of Practice is producing talking points documents for addressing privacy concerns with key campus constituencies. The first set of these documents will be made available on the SPARC site in the coming weeks.
- Additional Vendor Privacy Analysis: SPARC has begun a privacy analysis of another leading publisher that will detail similar concerns regarding user tracking. This second report will be ready by early next year.
- SPARC’s Privacy & Surveillance Community of Practice: As libraries take action based on the report—and in response to privacy concerns more broadly—our community of practice will evolve to support these efforts. If your institution would like to participate in this community (or if you have ideas for what additional types of support would be most helpful), please submit this interest form.
- Related Support through SPARC’s Negotiation Community of Practice: Through this parallel community of practice, SPARC will continue to offer vendor-specific negotiation discussions and support for institutions considering unbundling from Big Deal journal packages (whether for reasons related to budget or concerns related to equity and privacy).
While the ScienceDirect report raises serious concerns, libraries have the power to shift the marketplace to reflect libraries’ commitment to patron privacy. Concerted action during this period of transition can greatly impact the future, and the report closes with suggested actions that libraries can take over both the short and long term to mitigate vendor privacy risks.
If you have suggestions for advancing SPARC’s work in this area or would like to make SPARC aware of specific vendor privacy concerns, please contact Nick Shockey.