16 global DPAs tell social media companies to be mindful of unlawful scraping



The DPAs from 16 jurisdictions including Australia, Canada, China, Spain and the UK stress that organisations need to comply with privacy and data protection laws when using personal information, including from their own platforms, when developing AI Large Language Models (LLMs).

Their joint statement, issued on 28 October lays out further expectations, including that organisations:

  • Deploy a combination of safeguarding measures and regularly review and update them to keep pace with advances in scraping techniques and technologies; and
  • Ensure that permissible data scraping for commercial or socially beneficial purposes is done lawfully and in accordance with strict contractual terms.

This statement follows engagement with industry in the past year. The DPAs invited several companies to comment on how they would comply with the requirements outlined in an August 2023 paper. The companies in question were Alphabet Inc. (YouTube), ByteDance Ltd. (TikTok), Meta Platforms, Inc. (Instagram, Facebook and Threads), Microsoft Corporation (LinkedIn), Sina Corp (Weibo), and X Corp. (X, previously Twitter).

The DPAs say that thanks to industry’s cooperation, no formal enforcement action is now needed, but that data scraping will stay on the radar of Data Protection Authorities.

The topic was discussed earlier this week in a side event to the Global Privacy Assembly in Jersey, where Google’s Research Scientist, Sergei Vassilvitskii, explained that there is no single solution for privacy, but many privacy enhancing tools, for example differential privacy, federated learning and synthetic data need to be used together.

See: 

The Global Privacy Assembly, GPA, convenes this week in Jersey.
Jersey’s DPA is one of the signatories of the statement. PL&B will report more from the conference in a future issue of PL&B International Report.