Privacy regulators from a dozen countries have issued a joint statement clarifying that personal information that is publicly accessible, such as that published on social media, is still subject to data privacy laws, and that web platforms hosting the data have a responsibility to protect it from unlawful data scraping. Signatories include regulators from Australia, Canada, United Kingdom, Hong Kong, Switzerland, Norway, New Zealand, Colombia, Jersey (a British Crown Dependency), Morocco, Argentina, and Mexico.
The statement acknowledges the increasing incidents of mass data scraping, especially from social media and other publicly accessible websites. Concerns have been raised regarding the potential misuse of scraped data for targeted cyberattacks, identity fraud, unauthorized surveillance, and political or intelligence gathering. Individuals are at risk of losing control over their personal information, as scraped data can be used without their knowledge or consent, leading to detrimental impacts on personal reputation and trust in the platforms.
The statement also notably highlighted the use of scraped data in the construction of facial recognition databases. This may be an oblique reference to companies like Clearview AI, a firm notorious for crawling the web to build a facial recognition tool that has been embraced by a range of law enforcement agencies.
To mitigate the risks outlined in the statement, “SMCs” (social media companies) and website operators are urged to implement multi-layered technical and procedural controls. This includes designating teams for implementing controls against scraping activities, rate limiting account visits to prevent unusual activity, and using technologies like CAPTCHAs to detect bots. The joint statement also encourages individuals to be cautious about sharing personal information online, to understand and manage privacy settings, and to consider the long-term implications of their online data sharing.
The statement aims to establish common global data protection principles and practices to protect against data scraping and its privacy impacts. It emphasizes the importance of compliance with applicable data protection laws and regulations and encourages ongoing vigilance against evolving security risks associated with data scraping. The joint statement is intended to guide SMCs, website operators, and individuals in safeguarding personal privacy and building trust in digital platforms.
Source: Office of the Privacy Commissioner of Canada, TechCrunch
–
August 24, 2023 – by the FindBiometrics Editorial Team
Related News
Thoma Bravo’s Marketplace Merger and an IR Imaging Breakthrough – Identity News Digest
Biometric Home Security, Armed with Paintballs – Identity News Digest
BNSF Settles Landmark BIPA Case for $75M- Chinese Government Issues Draft Rules On Facial Recognition
AI Update: Funding Flows into AI Development and Security
Ryanair Faces Privacy Complaint Over Biometric IDV
Follow Us