ICO and other regulators issue joint statement on data scraping

Together with eleven other data protection authorities, the ICO has released a joint statement in relation to data scraping and the protection of privacy. The key takeaways are listed as follows:

  • Personal information that is publicly accessible is still subject to data protection and privacy laws in most jurisdictions.
  • Social media companies and the operators of websites that host publicly accessible personal data have obligations under data protection and privacy laws to protect personal information on their platforms from unlawful data scraping.
  • Mass data scraping incidents that harvest personal information can constitute reportable data breaches in many jurisdictions.
  • Individuals can also take steps to protect their personal information from data scraping, and social media companies have a role to play in enabling users to engage with their services in a privacy protective manner.

The statement has a range of recommendations for those publicly hosting data, including designating individuals within the organisation to be responsible for setting up controls, monitoring and responding to scraping, implementing technical measures to prevent scraping on the site, identifying activity by “bots”, taking appropriate legal action and reporting data breaches where necessary.

The full statement can be found here.


Don't just take our word for it