Safeguarding personal information has become a paramount concern for both individuals and governments. A joint statement signed by the Office of the Australian Information Commissioner (OAIC) alongside 11 counterparts in the Global Privacy Authority’s International Enforcement Cooperation Working Group highlights the global expectations placed on social media platforms and other websites to protect against unlawful data scraping.
Data scraping is the automated extraction of data from websites. This can have profound implications for privacy and security. While scraping can serve legitimate purposes, such as aggregating news articles, it can also be exploited for malicious activities, including identity theft, spamming, and phishing attacks. As such, the expectations for websites to guard against unlawful scraping are both reasonable and necessary.
The joint statement underscores the importance of transparency and clear data usage policies. Users should have a clear understanding of how their data is collected, used, and protected when interacting with online platforms. This transparency empowers individuals to make informed decisions about sharing their information, creating a sense of trust between users and websites.
Furthermore, global standards and expectations for data protection are evolving. Governments and regulatory bodies worldwide are enacting and enforcing stricter data protection laws, such as the European Union’s General Data Protection Regulation and California’s Consumer Privacy Act. These laws impose legal obligations on websites to protect user data and report data breaches promptly. Accordingly, the joint statement sets key steps for social media platforms to follow to build trust in their users and limit data scraping. This includes:
- Designating a team within the organisation to identify and implement controls to protect against, monitor, and respond to scraping
- ‘Rate limiting’ the number of visits per day of one account to other profiles
- Monitoring how quickly new accounts start targeting other users
- Creating detection tools for ‘bot’ activity, particularly through CAPTCHAs and blocking associated IP addresses
- Taking legal action against data scraping
- Notifying affected individuals of the data scraping.
For a full reading of the OAIC media release, see here.