Navigating Risk in Vendor Data Privacy Practices: An Analysis of Elsevier\u27s ScienceDirect

Executive Summary As libraries transitioned from buying materials to licensing content, serious threats to privacy followed. This change shifted more control over library user data (and whether it is collected or kept at all) from the local library to third-party vendors, including personal data about what people search for and what they read. This transition has further reinforced the move by some of the largest academic publishers to move beyond content and become data analytics businesses that provide platforms of tools used throughout the research lifecycle that can collect user data at each stage. These companies have an increasing incentive to collect and monetize the rich streams of data that these platforms can generate from users. As a result, user privacy depends on the strength of privacy protections guaranteed by vendors (e.g., negotiated for in contracts), and a growing body of evidence indicates that this should be a source of concern. User tracking that would be unthinkable in a physical library setting now happens routinely through such platforms. The potential integration of this tracking with other lines of business, including research analytics tools and data brokering services, raises pressing questions for users and institutions. Elsevier provides an important case study in this dynamic. Elsevier is many academic libraries’ largest vendor for collections, and its platforms span the knowledge production process, from discovery and idea generation to publication to evaluation. Furthermore, Elsevier’s parent company, RELX, is a leading data broker. Its “risk” business, which provides services to corporations, governments, and law enforcement agencies based on expansive databases of personal data, has surpassed its Elsevier division in revenue and profitability. For these reasons, it is important to carefully consider Elsevier’s privacy practices, the risks they may pose, and proactive steps to protect users. This analysis focuses on ScienceDirect due to its position as a leading discovery platform for research as well as the Elsevier product that researchers are most likely to interact with regularly. Based on our findings, many of ScienceDirect\u27s data privacy practices directly conflict with library privacy standards and guidelines. The data privacy practices identified in our analysis are like the practices found in many businesses and organizations that track and harvest user data to sustain privacy-intrusive data-driven business models. The widespread data collection, user tracking and surveillance, and disclosure of user data inherent to these business models run counter to the library\u27s commitment to user privacy as specified in the ALA Code of Ethics, Library Bill of Rights, and the IFLA Statement on Privacy in the Library Environment. Examples of current ScienceDirect practices found in our analysis that conflict with these standards include: • Use of web beacons, cookies, and other invasive web surveillance methods to track user behavior outside and beyond the ScienceDirect website • Extensive collection of a broad range of personal data (e.g., behavioral and location data) from ScienceDirect combined with personal data harvested from sources beyond ScienceDirect (i.e., third parties in and outside of RELX and data brokers as stated in Elsevier’s Privacy Policy and U.S. Consumer Privacy Notice) • Collection of personal data by third parties, including search engines, social media platforms, and other personal-data aggregators and profilers such as Google, Adobe, Cloudflare, and New Relic, through extensive use of third-party trackers on the ScienceDirect site • Disclosure of personal data to other Elsevier products and the potential for disclosure of personal data to other business units within RELX, including risk products and services sold to corporations, governments, and law enforcement agencies • Processing and disclosure of personal data (and personal data inferred from personal data) for targeted, personalized advertising and marketing In particular, ScienceDirect’s U.S. Consumer Privacy Notice, posted and updated in 2023, raises important concerns. The notice describes the disclosure of detailed user data—including geolocation data, sensitive personal information, and inference data used to create profiles on individuals—both for wide-ranging internal use and to external third parties, including “affiliates” and “business and joint venture partners.” The collection and disclosure of data about who someone is, where they are, and what they search for and read by the same overarching company that provides sophisticated surveillance and data brokering products to corporations, governments, and law enforcement should be alarming. These practices raise the question of whether simultaneous ownership of key academic infrastructure alongside sophisticated surveillance and data brokering businesses should be permitted at all—by users, by institutions, or by policymakers and regulatory authorities. Our analysis cannot definitively confirm whether personal data derived from academic products is currently being used in data brokering or “risk” products. Nevertheless, ScienceDirect’s privacy practices highlight the need to be aware of this risk, which is not mitigated by privacy policy revisions or potential verbal assurances concerning specific data uses. Privacy policies can be changed unilaterally, and denials are not legally binding. To be meaningful, any privacy guarantee a vendor makes must be durable, verifiable, and not limited to a particular jurisdiction. As many of the largest publishers reinvent themselves as platform businesses, users and institutions should actively evaluate and address the potential privacy risks as this transition occurs rather than after it is complete. In closely analyzing the privacy practices of the leading vendor in this transition, this report highlights the need for institutions to be proactive in responding to these risks and provides initial steps for doing so. This report underscores the significant expertise and capacity required for any institution to understand even one vendor’s privacy practices—and the power asymmetry this creates between vendors and libraries. Collaborative efforts, such as SPARC’s Privacy & Surveillance Community of Practice, can plan a key role in supporting future action to address the real privacy risks posed by vendors’ platforms. This report closes with options that institutions may consider to mitigate these risks over the short and longer term

Taming the Communication Beast: Using LibGuides for Intra-Library Communication

Presentation given at the Library Technology Conference on March 16, 2011. Using LibGuides for communication between technical services and other library departments

Technical Services Transparency: Using a LibGuide to Expose the Mysteries of Technical Services

Technical services departments in academic libraries have long struggled to communicate effectively with other library departments, particularly public services departments. As academic libraries acquire large numbers of digital resources, technical services departments are increasingly responsible for providing current information about those resources to public services staff. The authors of this paper describe the process of creating, testing, and implementing LibGuides (proprietary software for building library portals and facilitating information sharing in libraries) as a new way of communicating much-needed information between technical services and public services staff at Miami University Libraries

A tale of two communities

Presentation at Open Repositories 2014, Helsinki, Finland, June 9-13, 2014General Track, "Repository Rants" 24x7 PresentationsThe session was recorded and is available for watching (this presentation starts at 1:26:57).This rant focuses on the issues faced by many GLAM organizations who do not feel represented in the mainstream open source repository community, and calls on the leaders of that community to consider what can be done to make the community more inclusive. There are examples of smaller organizations gathering resources to create a supportive community around specific open repository products, one of which will be highlighted in the talk. In general, however, there is very limited support from the greater open repository community for smaller institutions in terms of participating in the community, and the main goal of this rant is to get those who are in a position in the community to consider what can be done to make the community more inclusive and sustainable to all organizations.Yoose, Becky (Grinnell College, United States of America

LDH CS Projects

Resources and publications created by LDH Consulting Service

Taming the communication beast: Using LibGuides for intra-library communication

Black box. The back room. Behind closed doors. Such is the life of a Technical Services department. The literal and figurative disconnect between TS and the rest of the library can cause confusion and misinformation among library staff which, in turn, decreases the quality of service the library provides to its patrons. How can we use technology to overcome this disconnect? Many librarians have been successful using LibGuides as a tool to disseminate information from librarians to students and researchers. At Miami University, the TS department decided to experiment by creating a LibGuide to exchange information between TS and other library staff. By incorporating the department s WordPress blog, Google forms and spreadsheets, and RSS feeds into the LibGuide, we have created a place for dynamic interchange of essential information among library staff. The TS department uses the LibGuide to distribute information about our departmental policies and procedures, as well as e-resource issues and statistics. All library staff can access this information as well as interact with TS staff by using the LibGuide to submit OPAC error reports, e-resource access problems, and report requests. This presentation will explore the planning, building, and implementation of the LibGuide and its evolution since its launch. There will be discussion on the pros and cons of the approaches tried, and on the considerations a department must take into account before building an online presence for intra-library communications. ABOUT THE PRESENTERS: Jennifer Bazeley is the E-Resources & Serials Librarian and Becky Yoose is Bibliographic Systems Librarian at Miami University (Ohio)

Navigating Risk in Vendor Data Privacy Practices: An Analysis of Elsevier's ScienceDirect

<p><i>Navigating Risk in Vendor Data Privacy Practices: An Analysis of Elsevier's ScienceDirect</i> documents a variety of data privacy practices that directly conflict with library privacy standards, and raises important questions regarding the potential for personal data collected from academic products to be used in the data brokering and surveillance products of RELX's LexisNexis subsidiary.</p><p>By analyzing the privacy practices of the world's largest publisher, the report describes how user tracking that would be unthinkable in a physical library setting now happens routinely through publisher platforms. The analysis underlines the concerns this tracking should raise, particularly when the same company is involved in surveillance and data brokering activities. Elsevier is a subsidiary of RELX, a leading data broker and provider of "risk" products that offer expansive databases of personal information to corporations, governments, and law enforcement agencies. </p><p>As much of the research lifecycle shifts to online platforms owned by a small number of companies, the report highlights why users and institutions should actively evaluate and address the potential privacy risks <i>as this transition occurs</i> rather than after it is complete.</p&gt

Clusters: A Study of a Non-traditional Academic Library Organizational Model

Organizational structure and culture affect all aspects of a library, from the practical daily operations to the overall effectiveness of the library to meet its users' needs. Many academic libraries have explored different organizational structures to meet changes in user needs and the information environment as well as studied their organizational culture in an effort to diagnose deficiencies or strengths. This article explores one non-traditional organizational model at a small academic library. This model - the Cluster structure - is a modified version of the traditional team structure, but tries to address some of the pitfalls inherent in a team-based organization. The article covers a case study on the formation and evolution of the cluster structure, and then turns its attention to the effect the structure has had on organizational culture using the Competing Values Framework (CVF)

TechKNOW Volume 16, Issue 2

https://kent-islandora.s3.us-east-2.amazonaws.com/techknow/2/thumbnail.jp