User data, trust, and scientific publishing: DEAL and Elsevier are addressing privacy challenges

As digitization and AI reshape scientific publishing, concerns over data use, governance and privacy have become more prominent in the academic community. A series of workshops between Elsevier and the German DEAL Consortium allowed for an open discussion and improvement of data privacy aspects related to scientific publishing. This article summarizes the discussion.

In an increasingly digital research environment, data privacy is a cornerstone of trust between researchers, institutions, and the solutions they rely on. Digitalization has brought significant benefits to researchers – streamlined workflows, faster access to research results and data, and deeper analysis – but it has also intensified concerns that scientific publishers are “tracking personal data”, namely collecting, storing and analyzing personal and usage data within digital information products. With the growing complexity of data processing in a digital and AI world, ensuring compliance with privacy standards and fostering transparency is essential.

Strengthening Data Privacy and Transparency

Data privacy concerns raised by researchers, libraries and institutions were an integral part of the negotiations between the German DEAL Consortium and Elsevier. When both parties signed a transformative agreement in 2023, they made a commitment to address data privacy concerns – and included a provision to establish a dedicated workshop format to discuss, evaluate and improve privacy practices on Elsevier’s ScienceDirect platform. This workshop format is part of DEAL’s broader effort to engage with major academic publishers in a structured in-depth dialogue about data and user privacy.

Christian Agi, managing director of DEAL Open Access Services (DEAS) gGmbH, explains:

“This is the first time a major academic publisher and a national consortium have agreed to sit down and discuss data privacy in such a comprehensive manner. In advance of the workshop, we agreed to expand its initial scope to include a broader range of privacy-related topics, to foster greater transparency and trust. Importantly, we agreed that the workshop should be outcome-focused, not merely a discussion, while recognizing that this is part of an ongoing process. For DEAL, a key objective was to better understand how data is processed in practice and to assess how Elsevier’s approaches align with the expectations of the academic community. This includes both increasing transparency and identifying areas where further clarification and adjustments may be helpful.”

An in-person meeting in Frankfurt, followed by two virtual sessions, brought together representatives from both DEAL and Elsevier, including experts in data privacy, technology and legal counsel. The discussions focused specifically on Elsevier’s ScienceDirect solution and explored expectations around data privacy, operational needs, and security considerations.

DEAL provided valuable input and recommendations to Elsevier on what institutions in Germany expect from a solution such as ScienceDirect. Key issues discussed included cookie management, the use of third-party analytics services, and international data processing. Afterwards, DEAL member institutions were provided with a detailed overview of the workshop’s results to enhance transparency for institutions and researchers.

Towards Greater Transparency

The workshop provided a constructive setting for an open, structured dialogue between a national consortium of academic institutions and a global publisher. It provided DEAL with the opportunity to raise concerns and questions on behalf of its member institutions, while giving Elsevier a chance to explain, review and clarify its privacy practices.

Christian Agi, concluded:

“For both DEAL and Elsevier, this process underscores the importance of continuing to refine privacy practices not only to meet legal requirements, but to align with the expectations of the academic community. At the same time, it is clear that this is an ongoing process that will require continuous adjustment and dialogue.”

Importantly, the workshop did not remain at the level of general principles. Participants systematically reviewed ScienceDirect’s handling of IP-based access data for security and COUNTER reporting, cookie consent design and cookie classifications, selected third-party analytics tools, and the international processing of user data. Elsevier clarified that personal data processed on the ScienceDirect platform is not shared with or collected by any other business area of its parent company RELX, that it does not use “spyware” (tracking installed on a user’s device to gather personal data) or sell personal usage data to any third parties.

The process also led to concrete follow-up steps and changes, including revisions to cookie descriptions and defaults, a commitment to add a reject option for non-essential cookies, the removal of Google Analytics cookies, and clarification that ScienceDirect data is not shared with other RELX business areas. While some questions remained open, the discussions demonstrated that privacy concerns can be examined in a detailed, operational way rather than only at the level of policy statements.

DEAL and Elsevier are committed to further discussions on user data and privacy, and will continue to keep the German and wider research community up to date on their progress.

Elsevier’s User Data and Privacy Resource Centre is available here, which includes FAQs and further information.