Yoose, B., & Shockey, N. (2024). Navigating Risk in Vendor Data Privacy Practices: An Analysis of Springer Nature's SpringerLink (Version v1). SPARC. https://doi.org/10.5281/zenodo.13886473

Abstract

Navigating Risk in Vendor Data Privacy Practices: An Analysis of Springer Nature's SpringerLink documents a variety of practices that undermine library privacy standards. SpringerLink provides a case study in the encroachment of the broader surveillance-based data brokering economy into academic systems. Combined with our 2023 report on Elsevier’s ScienceDirect platform, this analysis illustrates the wide range of privacy risks inherent in the business models and practices in the academic scholarship marketplace.

Among other findings, the report documents risks related to the 200 named third parties that are allowed to collect information from users of the site (along with what appear to be additional unlisted companies found only in our public website analysis). While the specific privacy concerns posed by SpringerLink are different, our analysis reiterates the findings from our ScienceDirect report: that user tracking that would be unthinkable in a physical library setting now happens routinely through publisher platforms.

While this analysis and recommended actions are grounded in the library context, these findings will raise pressing issues for faculty, administrators, and policymakers to consider as well. The report closes with suggested actions that libraries can take over both the short and long term to address vendor privacy risks.

Dorothea Salo (2021) Physical-Equivalent Privacy, The Serials Librarian, DOI: 10.1080/0361526X.2021.1875962

Permanent Link: http://digital.library.wisc.edu/1793/81297

Abstract

This article introduces and applies the concept of “physical-equivalent privacy” to evaluate the appropriateness of data collection about library patrons’ use of library-provided e‑resources. It posits that as a matter of service equity, any data collection practice that causes e‑resource users to enjoy less information privacy than users of an information-equivalent print resource is to be avoided. Analysis is grounded in real-world e‑resource-related phenomena: secure (HTTPS) library websites and catalogs, the Adobe Digital Editions data-leak incident of 2014, and use of web trackers on e‑resource websites. Implications of physical-equivalent privacy for the SeamlessAccess single-sign-on proposal will be discussed.

An example of how a library in Vermont stood up to a warrantless request from the FBI to seize and search public library computers. This could have impacted the library's budget when the issue was brought to a town meeting, but a library patron was a passionate advocate for the 4th amendment.