12 nations urge social media giants to combat data scraping.

12 nations urge social media giants to combat data scraping.

Nations Issue Joint Statement Warning Against Data Scraping Technologies

Personal data that is publicly accessible is still subject to data protection and privacy regulations in most jurisdictions

A band of 12 nations, including Australia, Canada, the UK, Hong Kong, and Switzerland, have come together to issue a joint statement warning against the use of data scraping technologies to collect personal data from social media platforms and other online sites. These nations emphasize the importance of safeguarding users’ information, as required by local laws.

Data scraping involves gathering and processing vast amounts of individuals’ personal information from the internet. While this practice has various potential uses, it also raises significant privacy concerns. The statement highlights that data scraping can be exploited for purposes such as monetization through reselling the data to third-party websites, identity fraud, and even facilitating malicious cyber attacks.

The Office of the Australian Information Commissioner (OAIC) has observed an increase in reports of mass data scraping from social media applications and other websites hosting publicly accessible personal information. In a notable 2020 case, the OAIC and the UK Information Commissioner’s Office found that the US facial recognition platform Clearview AI had breached Australia’s privacy laws.

Under Australia’s Privacy Act 1988, organizations are required to take “reasonable steps” to protect the personal data they hold from misuse, interference, loss, unauthorized access, and modification. The OAIC emphasizes that organizations must also take action in response to unlawful data scraping, including notifying affected individuals when a data breach involving scraped information is likely to result in serious harm.

The joint statement emphasizes that personal data that is publicly accessible is still subject to data protection and privacy regulations in most jurisdictions. Social media companies and website operators hosting publicly accessible personal data have obligations under data protection and privacy laws to protect this information from unlawful data scraping. Mass data scraping incidents that harvest personal information can constitute reportable data breaches in many jurisdictions.

The 12 nations expect companies operating social media platforms to provide feedback on how they are complying or planning to comply with the “expectations and principles” outlined in the joint statement. The statement encompasses common global data protection practices aimed at safeguarding personal data against data scraping and mitigating the impact on personal privacy. While these practices are presented as recommendations, many of them are explicit statutory requirements in specific jurisdictions.

The joint statement has been sent directly to several websites, including Alphabet’s YouTube, ByteDance’s TikTok, Meta-owned platforms such as Facebook and Threads, Sina’s Weibo, X (formerly called Twitter), and Microsoft’s LinkedIn. The 12 nations expect these sites to take measures such as “rate limiting” the number of visits per hour or day by a single account to other account profiles. They also recommend designating specific teams or roles within organizations to identify and implement controls in response to scraping activities.

To detect scrapers, social media platforms and websites that own personal data should take steps to identify patterns in bot activities and take appropriate legal action, such as sending “cease and desist” letters and requiring the removal of scraped data when illegal scraping activities are identified. The joint statement also suggests implementing multi-layered technical and procedural controls to mitigate risks. It emphasizes the need for continuous monitoring and agile responses to new security risks and threats from unauthorized actors. Controls should be routinely stress-tested and updated to remain effective and keep pace with changing technologies.

The 12 nations also recommend that websites collect and analyze metrics on scraping incidents to identify areas for improvement in their security control approach.

In conclusion, the joint statement issued by 12 nations serves as a warning against the use of data scraping technologies to collect personal data. It emphasizes the importance of protecting users’ information and complying with data protection and privacy laws. The statement outlines various measures and practices that social media platforms and websites should adopt to safeguard personal data against data scraping and mitigate privacy risks. By working together, these nations aim to create a safer online environment for individuals and ensure that their personal information is adequately protected.