Today, SPARC released our second vendor privacy analysis: Navigating Risk in Vendor Data Privacy Practices: An Analysis of Springer Nature’s SpringerLink. Produced in collaboration with Becky Yoose of LDH Consulting Services, this analysis builds on our ScienceDirect report published last year and documents a variety of practices that undermine library privacy standards.
SpringerLink provides a case study in the encroachment of the broader surveillance-based data brokering economy into academic systems. Among other findings, the report documents risks related to the 200 named third parties that are allowed to collect information from users of the site (along with what appear to be additional unlisted companies found only in our public website analysis). While the specific privacy concerns posed by SpringerLink are different, our analysis reiterates the findings from our ScienceDirect report: that user tracking that would be unthinkable in a physical library setting now happens routinely through publisher platforms.
To fully understand how data may be used, librarians would need to read the 200 additional privacy policies from third parties that would likely stretch into the thousands of pages, a task complicated by numerous broken links to these policies at the time of publication. Significant expertise and capacity are required to understand these policies and the potential downstream uses of data that may be collected. Few libraries, if any, are likely to have such resources available to closely review even a single vendor and its associated third parties, further exacerbating the power asymmetry between vendors and libraries.
The goal of SPARC’s work in this area is to ensure that privacy is foundational to systems for open research. Toward this end, the report closes with suggested actions that libraries can take over both the short and long term to address vendor privacy risks. SPARC will continue to support these actions through additional forthcoming resources and our Privacy & Surveillance Community of Practice, which you can join through our interest form.
If you have suggestions for advancing SPARC’s work in this area or would like to make SPARC aware of specific vendor privacy concerns, please contact Nick Shockey.