Privacy watchdogs from twelve countries, including the UK’s ICO, Canada’s OPC, and Hong Kong’s OPCPD, have issued a joint statement urging major social media platforms to safeguard users’ public posts from data scraping. The regulators emphasize that these platforms have a legal responsibility to protect such information in most markets, as publicly available personal data on the internet falls under data protection laws.
The statement highlights the rising concern of data scraping, which involves the extraction of information from online platforms without proper consent. Privacy regulators from Australia, Switzerland, Norway, New Zealand, Colombia, Jersey, Morocco, Argentina, and Mexico also signed the statement. This coincides with the ongoing excitement around generative AI models that require significant data for training, potentially driving more entities to engage in data scraping to obtain datasets for AI development.
The regulators pinpoint several privacy risks associated with data scraping. These include targeted cyberattacks, identity fraud, surveillance, unauthorized political or intelligence gathering, and unwanted direct marketing. Notably, the regulators don’t explicitly mention AI model training as a key concern, but they do note that AI tools trained on individuals’ data without consent could be misused for malicious purposes.
While the statement underlines the need for platforms to consider the legality of data scraping and implement protective measures, it lacks a clear warning of potential enforcement actions. The regulators recommend platforms to implement multi-layered technical and procedural controls to mitigate data scraping risks. Measures such as rate limiting account visits, detecting bot activity, and legal actions against scrapers are suggested.
The joint statement has been sent directly to major social media companies, including YouTube‘s Alphabet, TikTok‘s ByteDance, Meta (owner of Instagram, Facebook, and Threads), Microsoft (LinkedIn), Sina Corp (Weibo), and X (formerly known as Twitter). The regulators call for these platforms to respond within a month, demonstrating their plans to meet privacy expectations.
Individuals are also advised to take steps to protect themselves from data scraping risks by being cautious about what they share online and utilizing privacy settings. The regulators encourage users to consider the long-term implications of their online activities, as indexed or scraped information can persist on the web.
This joint statement signifies growing international attention to the issue of data scraping and its potential privacy implications. It’s important for social media platforms to prioritize user data protection and implement effective measures to curb data scraping activities.
Near the start of this month, TikTok announced its testing of its new offering called PrivacyGo– which will enable advertisers to match their CRM info with the audience’s insights, in a way that their privacy is protected.