Connect with us

Hi, what are you looking for?

Investing

‘Scraping’ the barrel? The risks of publicly available data

Facebook privacy

The social media giants have found themselves in the news again, and not for positive reasons.

Earlier this month, it was widely reported that details of more than 530 million Facebook users worldwide have been made available online, including phone numbers and some email addresses. The data supposedly even included CEO Mark Zuckerberg’s own mobile number. And just days later, the data of up to 500 million LinkedIn users was alleged to have been put up for sale online.

The companies’ reactions were similar. Both denied any wrongdoing on their part or even that there had been any breach of their security. Instead, they argued that the data came from publicly available sources. Nevertheless, a number of regulators around the world have opened investigations into the Facebook incident. So what exactly is going on?

In a detailed response, Facebook argued that this data had been ‘scraped’ from publicly available information, saying:

Scraping is a common tactic that often relies on automated software to lift public information from the internet … We believe the data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer prior to September 2019. This feature was designed to help people easily find their friends to connect with on our services using their contact lists.”

Facebook’s contact importer tool has now been fixed to prevent further scraping of this data. LinkedIn’s statementalso included reference to the scraping of publicly available data, which was aggregated with data from other sources to create the database now supposedly on sale online. Both companies blame the data scrapers for breaching the websites’ terms and conditions.

In legal terms, the social media companies, the (as yet unidentified) data scrapers and any potential buyers of the data each have responsibilities. As ‘controllers’ for personal data that is created and posted on their websites, the social media companies must comply with relevant data protection law. In the UK and the EU, this means they must take ‘appropriate technical and organisational measures’ to ensure appropriate security of personal data, including protection against unauthorised or unlawful processing.

Clearly, there is very little that these companies can do to prevent information being copied from public-facing websites, particularly when the data has been actively published by users on their own individual profiles. However, if Facebook’s own contact importer tool was being manipulated to enable the data to be scraped, then it is legitimate to ask whether Facebook had really taken all appropriate steps to prevent such unauthorised processing. This may well be the focus of any future investigation by regulators.

Even if the data scrapers are only gathering publicly available information, this does not give them a completely free pass. Data protection law applies to all ‘personal data’, regardless of whether or not it is already in the public domain. Once the data is in their hands, the data scrapers would become controllers themselves and would be responsible for compliance with all aspects of data protection law. They would need to comply with the data protection principles, provide appropriate privacy notices and have a lawful basis for their processing of the data. Given that we don’t even know their identities, it is very unlikely that the data scrapers will be meeting these requirements.

It is also a criminal offence under section 170 of the Data Protection Act 2018 to knowingly or recklessly obtain personal data without the consent of the controller, or to sell or offer to sell personal data obtained in these circumstances. Finally, any breaches of social media companies’ website terms and conditions could give rise to civil claims, which Facebook and LinkedIn and their expensive lawyers may be keen to pursue.

Finally, anyone tempted to purchase this data would be very wise to decline the offer. As well as the criminal offence outlined above, it would be very difficult for a purchaser to use the data lawfully without themselves breaching data protection law. Although personal data can be a valuable business asset, reputable purchasers should always undertake appropriate due diligence on the sellers to ensure data was collected lawfully and can be used for the purposes which the purchaser intends. That’s very unlikely in these cases, even if the data is purely derived from publicly available sources.

Read more:
‘Scraping’ the barrel? The risks of publicly available data

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the daily email that makes reading the news actually enjoyable. Stay informed and entertained, for free.
Your information is secure and your privacy is protected. By opting in you agree to receive emails from us and our affiliates. Remember that you can opt-out any time, we hate spam too!

Latest

Economy

MORE than half of students in the Philippines consider temporarily dropping out of school until the coronavirus pandemic ends mainly due to difficulties in...

Economy

The Public Works department has ramped up the completion of projects such as the Sta. Monica-Lawton Bridge also known as the Kalayaan Bridge. —...

Economy

THE BUREAU of the Treasury (BTr) raised its planned borrowings from the local market to P235 billion in July, as it seeks to offer...

Economy

By Jenina P. Ibañez, Reporter MANILA is the 78th most expensive city for expatriates to live in according to Mercer’s 2021 Cost of Living...

Economy

LOCAL GOVERNMENT UNITS (LGUs) could boost their real property tax (RPT) collection by P113.4 billion with the implementation of a project that will digitize...

Economy

THE Department of Energy (DoE) has ordered National Grid Corp. of the Philippines (NGCP) to speed up the acquisition of the required ancillary services...

You May Also Like

Investing

Having a good Instagram marketing agency to back up your Instagram account is an absolute must going into the new year. With competition stronger...

Investing

As a traditionally rigid insurance industry becomes bogged down by antiquated processes and operations, a handful of industry leaders are seeking to shake things...

Economy

US President Joseph R. Biden, Jr., will rely on ally countries to supply the bulk of the metals needed to build electric vehicles and focus on...

Economy

THE Securities and Exchange Commission (SEC) has warned the public from investing or to stop any investment in a group named Maxxprofit Computer Trading...

Disclaimer: SmartRetirementReport.com, its managers, its employees, and assigns (collectively "The Company") do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2021 SmartRetirementReport. All Rights Reserved.

Get the daily email that makes reading the news actually enjoyable. Stay informed and entertained, for free.



Your information is secure and your privacy is protected. By opting in you agree to receive emails from us and our affiliates. Remember that you can opt-out any time, we hate spam too!