They build on last year's guidance, offering clearer directions for social media companies
The Privacy Commissioner of Canada, Philippe Dufresne, joined with 16 global data protection authorities to issue a follow-up joint statement addressing data scraping on social media platforms.
This follows an initial statement released in 2023 that underscored the risks posed by automated data collection from public online sources, often used for artificial intelligence and other technologies.
Commissioner Dufresne highlighted the significant risks associated with mass data scraping, emphasizing that personal information remains protected under privacy laws even when publicly accessible. He called for stronger safeguards to prevent the unauthorized collection and misuse of such data.
The new statement built on last year’s guidance, offering clearer directions for social media companies and other website operators. It stressed that public data must still be protected under relevant data protection laws and that platforms have a duty to ensure compliance when using this data in the development of AI and other systems. The statement outlined that organizations should adopt and update various technical and procedural measures to address the fast-evolving landscape of data scraping. This includes maintaining lawful processes for any permissible data scraping to ensure it aligns with strict contractual and regulatory requirements.
After the 2023 statement, which was sent to major platforms like YouTube, TikTok, Instagram, Facebook, LinkedIn, and X (formerly Twitter), global data protection authorities engaged in discussions with these companies and the Mitigating Unauthorized Scraping Alliance. These talks revealed the complexities that platforms face in countering sophisticated data-scraping techniques and distinguishing between authorized users and scrapers.
Social media companies reported implementing various measures outlined in the original statement. These include integrating platform design features that deter automated data collection and utilizing AI-based tools for detecting and responding to suspicious activities. They also explored cost-effective solutions to aid smaller enterprises in fulfilling their safeguarding responsibilities.
Despite progress, data scraping continues to present significant challenges. Authorities noted that unlawfully collected personal data can be exploited for cyberattacks, identity theft, unauthorized surveillance, and other harmful purposes. The statement urged platforms to remain proactive, regularly review security measures, and educate users on protecting their information using available privacy settings.
