A group of 12 countries has just published a joint statement warning against the mass illegal collection of personal data from social media platforms and other online sites, which are nevertheless obliged to protect their users’ information. The 12 countries concerned are Australia, Canada, the United Kingdom, Hong Kong and Switzerland, whose respective data protection agencies have been cited in the declaration.
According to these organizations, data scraping, this way of recovering data with an automated tool, is increasingly used to collect large amounts of personal information on the internet. This raises important privacy concerns, as this information can then be resold or used for identity theft purposes.
According to the Australian Information Commissioner’s Office (OAIC), in recent years there has been an increase in reports of massive data recovery from social media applications and other websites hosting publicly accessible personal information. For example, he cited a case dating from 2020 involving the American facial recognition site Clearview AI.
We can also cite the case of the professional social network LinkedIn, victim of a severe data leak two years ago affecting 500 million users. A start-up from Station F had also been condemned in France a little less than two years ago for a wild scraping, but on the basis of fraudulent access to an internal directory of a large Parisian business school.
The operators of social networks or these sites hosting personal data accessible to the public, however, have an obligation, in particular with the general data protection regulation, to “protect personal information on their platforms against illegal data scraping,” the statement said. The 12 countries have indicated that they intend to collect, “in the coming weeks”, the reactions of social media operators about how they comply or plan to comply with the “expectations and principles” set out in this joint declaration.
This document was sent in particular to YouTube (Alphabet), TikTok (ByteDance), to the platforms belonging to Meta (Facebook and Threads), Weibo (Sina), X (formerly called Twitter) and LinkedIn (Microsoft). The declaration recalls the practices to protect personal data against scraping and to mitigate its impact on privacy. For example, limiting the number of visits per hour or per day from a single account to other account profiles, or appointing a specific team in charge of detecting scraping are all good practices.
In view of the risks posed by scraping, “the controls must be regularly tested and updated to ensure that they remain effective and that they adapt to the evolution of technologies,” added the group of twelve countries. They also called on the CITES operators concerned to collect and analyze data relating to scraping incidents in order to identify ways to improve their safety.
Source: “ZDNet.com “