International Privacy Authorities Issue Joint Statement on Data Scraping
Learn about the joint statement issued by global privacy authorities on August 24, 2023, addressing the risks of data scraping to privacy. Discover its implications for businesses and mitigation strategies
On August 24, 2023, a group of international privacy authorities issued a joint statement on data scraping and the protection of privacy. The statement was issued by the data protection authorities of New Zealand, Canada, Australia, the United Kingdom, Hong Kong, Switzerland, Norway, Columbia, Morocco, Argentina, Mexico, and Jersey.
What was the statement?
The statement highlights the significant privacy concerns raised by data scraping technologies, which can collect and process personal information from the internet. The statement clarifies that the operators of websites that host publicly accessible personal information also have data protection obligations with respect to third-party scraping from their websites.
The statement identifies a number of specific privacy risks from data scraping, including:
- Targeted cyber-attacks
- Identity fraud
- Monitoring, profiling, and surveilling individuals
- Unauthorized political or intelligence gathering purposes
- Unwanted direct marketing or spam
The statement stipulates that social media companies and other websites are responsible for protecting individuals' personal information from unlawful data scraping. The statement provides a number of mitigation controls that can be used to protect against data scraping, including:
- Designating a team to identify and implement controls protecting against data scraping activities
- "Rate limiting" the number of visits per hour or day to specific accounts or profiles
- Monitoring how quickly or aggressively a new account starts looking for other users
- Taking steps to identify "bot" activity through the identification of suspicious IP addresses and CAPTCHAs
The statement also notes that entities should inform users of the steps taken to protect users against data scraping. The statement also elaborates on what steps individuals can take to minimize the privacy risks from data scraping, such as managing privacy settings and limiting the amount of personal information shared.
What does it mean for businesses?
It should be noted that the joint statement does not prohibit ordinary businesses from scraping data, as long as it is legal. However, businesses should be aware of the privacy risks associated with data scraping and take steps to mitigate those risks.
Some of the things that businesses can do to mitigate the privacy risks of data scraping include:
- Only scraping data that is publicly available.
- Limiting the amount of data that is scraped.
- Notify users that their data is being scraped.
- Take steps to protect the data from unauthorized access or use.
Here are some additional things that businesses should consider when scraping data:
- The purpose of the scraping. Is the data being scraped for legitimate business purposes, such as market research or competitive analysis? Or is it being scraped for more nefarious purposes, such as identity theft or spam?
- The type of data being scraped. Some types of data, such as financial information or health data, are more sensitive than others. Businesses should be careful not to scrape sensitive data unless they have a legitimate reason to do so.
- The laws and regulations that apply. The laws and regulations that apply to data scraping vary from country to country. Businesses should make sure that they are complying with all applicable laws and regulations.
How can Secure Privacy help?
Secure Privacy is committed to helping businesses protect their customers' personal information from data scraping. We offer a comprehensive range of data privacy solutions, including:
- Data protection training courses
- Data privacy compliance software
- Data privacy consulting services
Secure Privacy can help you assess your data privacy risks, implement appropriate controls, and comply with all applicable data privacy laws and regulations.
Contact us today to learn more about how we can help you protect your customers' personal information from data scraping.
Get Started For Free with the
#1 Cookie Consent Platform.
No credit card required
Best Consent Management Platforms in 2025: Feature-by-Feature Comparison
Privacy enforcement has intensified dramatically in 2025, with regulators issuing record fines and consumers demanding transparent data practices. The best consent management platforms 2025 offer more than basic cookie banners—they provide comprehensive privacy automation, real-time compliance monitoring, and seamless user experiences across global regulations.

How Agencies Can Offer Privacy-as-a-Service
Your clients are drowning in privacy compliance requirements, and you're missing out on a $2 billion revenue opportunity. Privacy-as-a-Service is transforming how digital agencies generate recurring revenue while solving their clients' most pressing legal challenges.
- Legal & News
- Data Protection

CCPA Privacy Policy Requirements 2025: Complete Compliance Guide
California privacy law isn't optional anymore. With enforcement penalties reaching $7,988 per intentional violation and the California Privacy Protection Agency actively pursuing non-compliant businesses, getting your privacy policy right has become a critical legal obligation.
- Legal & News
- Data Protection