Joint Statement on Data Scraping and Privacy Protection

On August 24, 2023, during the Global Privacy Assembly (GPA), the Agency of Access to Public Information (AAIP)—together with data protection authorities from Australia, Canada, Colombia, Jersey, Hong Kong, Morocco, Mexico, Norway, New Zealand, the United Kingdom, and Switzerland—issued a joint statement about extracting and automatically processing personal data on social media and websites (data scraping). This statement is directed to both individuals and companies.

The global expansion of data scraping techniques and the massive collection of personal information pose risks that can threaten the rights of data subjects. The joint statement specifically emphasized that this information could be used, among others, in targeted cyberattacks, identity fraud, unauthorized tracking, and profiling.

On one hand, the statement highlights that social media companies and websites are responsible for safeguarding users’ personal information against illegal data scraping. It also outlines a range of multi-level technical and procedural controls to mitigate risks.

On the other hand, it provides guidelines for users to protect their personal information including: limiting the personal data they disclose, effectively managing privacy settings, and reviewing privacy policies and terms of use before accepting them.

The press release AAIP published can be found here, and the Joint Statement, here.