Navigating Risk in Vendor Data Privacy Practices: An Analysis of Elsevier's ScienceDirect

Navigating Risk in Vendor Data Privacy Practices: An Analysis of Elsevier's ScienceDirect documents a variety of data privacy practices that directly conflict with library privacy standards, and raises important questions regarding the potential for personal data collected from academic products to be used in the data brokering and surveillance products of RELX's LexisNexis subsidiary.

By analyzing the privacy practices of the world's largest publisher, the report describes how user tracking that would be unthinkable in a physical library setting now happens routinely through publisher platforms. The analysis underlines the concerns this tracking should raise, particularly when the same company is involved in surveillance and data brokering activities. Elsevier is a subsidiary of RELX, a leading data broker and provider of "risk" products that offer expansive databases of personal information to corporations, governments, and law enforcement agencies. 

As much of the research lifecycle shifts to online platforms owned by a small number of companies, the report highlights why users and institutions should actively evaluate and address the potential privacy risks as this transition occurs rather than after it is complete.