Urgent plea for social media giants to combat data-scraping privacy dangers

Growing global concerns over data-scraping

Growing concerns over data scraping trigger a plea addressed to social media platforms

Twelve global privacy watchdogs, including well-known organizations like the U.K.'s ICO, Canada's OPC, and Hong Kong's OPCPD, have released a united statement^[1] in an unprecedented step that delivers a loud and clear message to social media giants. Their demand is unequivocal: take swift action to prevent data scraping from jeopardizing users' public posts. The regulators stress that popular social media companies have a legal duty to safeguard users' information, a duty that holds true in the majority of markets and jurisdictions.

The regulators emphasize that any personal information deemed “publicly available” or “publicly accessible” on the internet is covered by data protection and privacy rules in an effort to draw attention to the increasingly hazy boundaries between public information and data protection. This means that those who scrape data and the businesses that hold personally identifiable information that is available to the public both have compliance responsibilities. The regulators further emphasize that widespread data scraping can be considered a reportable data breach in many jurisdictions.

Privacy dangers amid technological shifts

The timing of the joint statement, which coincides with the increased interest in generative AI models, which have a ravenous appetite for large datasets, is intentional. Online data was used by these models, such OpenAI's ChatGPT, to train their algorithms. When OpenAI was threatened with a class-action lawsuit earlier this year over the alleged covert scraping of substantial amounts of personal data from the internet, this issue was brought to light.

The regulators draw attention to the wide range of dangers associated with data scraping, especially its role in facilitating specialized cyberattacks like phishing and social engineering. They also draw attention to issues with identity theft and indiscriminate surveillance and profiling of people, which can lead to the development of facial recognition databases used without permission. The statement makes reference to Clearview AI's contentious methods,^[2] which include using data that has been scraped to power a facial recognition ID service that is sold to law enforcement.

The regulators also stress the risk for foreign groups to use scraped data for illegal intelligence gathering. They advise against using it for unwanted direct marketing or spam, as well as political manipulation. Although the use of generative AI models trained on stolen data could increase several of the concerns mentioned, including identity fraud and cyberattacks, the statement does not specifically mention AI model training as a major privacy problem.

Actionable solutions and the road ahead

While the regulators call for social media titans to take a proactive approach to protecting users' data, they refrain from issuing explicit enforcement warnings. Instead, they advise platforms to build strong safeguards against unauthorized scraping and take into account the legality of various data-scraping techniques in relevant areas.

The joint statement provides a thorough list of suggestions to reduce the risks associated with data scraping. These include establishing internal teams to handle scrape threats, putting rate limits in place for account visits, and keeping an eye out for and reacting to unusual activity. To distinguish between genuine users and bots, detection tactics include spotting trends in bot behavior and implementing CAPTCHAs.^[3] It is also recommended to use legal means to stop scrapers, such as cease-and-desist letters and legal action.

The letter urges readers to take action and has been forwarded to significant social media businesses. Within a month, regulators anticipate statements from these titans describing their plans to uphold privacy requirements. The letter urges readers to exert control over post visibility and to be cautious when sharing information online in an effort to empower users.

The joint statement emphasizes the need for constant vigilance in protecting user data, with an emphasis on constantly changing data security procedures. As the globe struggles with technological advancements, privacy regulators' collective voice reverberates across the digital landscape, pleading with users and business decision-makers to support data protection and reduce the hazards of data scraping.