ARTICLE
13 November 2024

Navigating The Intersection Of Data Scraping And Artificial Intelligence–A Global Data Protection Authorities Take

KG
K&L Gates LLP

Contributor

At K&L Gates, we foster an inclusive and collaborative environment across our fully integrated global platform that enables us to diligently combine the knowledge and expertise of our lawyers and policy professionals to create teams that provide exceptional client solutions. With offices spanning across five continents, we represent leading global corporations in every major industry, capital markets participants, and ambitious middle-market and emerging growth companies. Our lawyers also serve public sector entities, educational institutions, philanthropic organizations, and individuals. We are leaders in legal issues related to industries critical to the economies of both the developed and developing worlds—including technology, manufacturing, financial services, health care, energy, and more.
In alignment with the ongoing concerns from several European data protection authorities publishing guidelines on data scrapping (i.e., the Dutch DPA, the Italian DPA...
Worldwide Privacy

In alignment with the ongoing concerns from several European data protection authorities publishing guidelines on data scrapping (i.e., the Dutch DPA, the Italian DPA and the UK Information Commissioner's Office), the Global Privacy Assembly (GPA)'s International Enforcement Cooperation Working Group (IEWG) recently published a Joint statement on data scraping and the protection of privacy (signed by the Canadian, British, Australian, Swiss, Norwegian, Moroccan, Mexican, and Jersey data protection authorities) to provide further input for businesses when considering data.

The statement emphasizes that:

Even publicly accessible data is subject to privacy laws across most jurisdictions – meaning that scraping activities must comply with data protection regulations requiring a (i) lawful basis for data collection and, (ii) transparency with individuals, including obtaining consent where necessary.

Collecting mass data can constitute a reportable data breach if it includes unauthorized access to personal data.

Relying on platform terms (e.g., Instagram) for data scraping does not automatically ensure compliance as (i) this contractually authorized use of scraped personal data is not automatically compliant with data protection and artificial intelligence (AI) laws, and (ii) it is difficult to determine whether scraped data is used solely for purposes allowed by the contract terms.

When training AI models, it is critical to adhere not only to privacy regulations but also to emerging AI laws as ensuring AI model transparency and data processing limitations is now increasingly expected by privacy regulators.

The sensitivity of this topic underscores the close relationship between data protection and the ever-data-hungry artificial intelligence industry.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More