9 Association of Research Libraries Research Library Issues 297 — 2019 Finally, it’s important to recognize that taking an absolutist approach to information collection, as opposed to more nuanced, transparent, and opt-in collection of data about user activities and interests, has meant that library systems appear to the user as far inferior to commercial offerings they are unable to make recommendations to users, or to remind them of past history. I believe that re-assessing these choices is long overdue, but doing so will further demand that libraries carry out a much more complex and subtle risk assessment it will also challenge them to convey the implications and risks of various choices to their patrons. Collection by Third Parties Third-party platforms offer access to various databases or collections of content such as journal articles. The platform providers know a tremendous amount of information about what is being read, and the patterns of reading. Particularly to the extent that they can associate this information with who is doing the reading, they have frighteningly detailed data. Even if they can’t associate it with a given individual by name, there is still potential power in knowing that someone at a specific institution, or perhaps in a specific department within that institution, is following a specific trail of information over time. These platform operators can do various things with the information they collect, potentially: in addition to using it for their own purposes, they could share it with others, or resell it. Furthermore, it is subject to disclosure—by legal means, by hacking, or by human error. There are no a priori limits to how long this data can be retained, and normally, if control of a company changes (through acquisition or bankruptcy, for example), the data is just one more corporate asset. I am less confident that library systems are subjected to the same kind of periodic and rigorous security requirements and audits that are now commonplace for various kinds of enterprise administrative systems.