International Privacy Authorities Issue Joint Statement on Data Scraping
Learn about the joint statement issued by global privacy authorities on August 24, 2023, addressing the risks of data scraping to privacy. Discover its implications for businesses and mitigation strategies
On August 24, 2023, a group of international privacy authorities issued a joint statement on data scraping and the protection of privacy. The statement was issued by the data protection authorities of New Zealand, Canada, Australia, the United Kingdom, Hong Kong, Switzerland, Norway, Columbia, Morocco, Argentina, Mexico, and Jersey.
What was the statement?
The statement highlights the significant privacy concerns raised by data scraping technologies, which can collect and process personal information from the internet. The statement clarifies that the operators of websites that host publicly accessible personal information also have data protection obligations with respect to third-party scraping from their websites.
The statement identifies a number of specific privacy risks from data scraping, including:
- Targeted cyber-attacks
- Identity fraud
- Monitoring, profiling, and surveilling individuals
- Unauthorized political or intelligence gathering purposes
- Unwanted direct marketing or spam
The statement stipulates that social media companies and other websites are responsible for protecting individuals' personal information from unlawful data scraping. The statement provides a number of mitigation controls that can be used to protect against data scraping, including:
- Designating a team to identify and implement controls protecting against data scraping activities
- "Rate limiting" the number of visits per hour or day to specific accounts or profiles
- Monitoring how quickly or aggressively a new account starts looking for other users
- Taking steps to identify "bot" activity through the identification of suspicious IP addresses and CAPTCHAs
The statement also notes that entities should inform users of the steps taken to protect users against data scraping. The statement also elaborates on what steps individuals can take to minimize the privacy risks from data scraping, such as managing privacy settings and limiting the amount of personal information shared.
What does it mean for businesses?
It should be noted that the joint statement does not prohibit ordinary businesses from scraping data, as long as it is legal. However, businesses should be aware of the privacy risks associated with data scraping and take steps to mitigate those risks.
Some of the things that businesses can do to mitigate the privacy risks of data scraping include:
- Only scraping data that is publicly available.
- Limiting the amount of data that is scraped.
- Notify users that their data is being scraped.
- Take steps to protect the data from unauthorized access or use.
Here are some additional things that businesses should consider when scraping data:
- The purpose of the scraping. Is the data being scraped for legitimate business purposes, such as market research or competitive analysis? Or is it being scraped for more nefarious purposes, such as identity theft or spam?
- The type of data being scraped. Some types of data, such as financial information or health data, are more sensitive than others. Businesses should be careful not to scrape sensitive data unless they have a legitimate reason to do so.
- The laws and regulations that apply. The laws and regulations that apply to data scraping vary from country to country. Businesses should make sure that they are complying with all applicable laws and regulations.
How can Secure Privacy help?
Secure Privacy is committed to helping businesses protect their customers' personal information from data scraping. We offer a comprehensive range of data privacy solutions, including:
- Data protection training courses
- Data privacy compliance software
- Data privacy consulting services
Secure Privacy can help you assess your data privacy risks, implement appropriate controls, and comply with all applicable data privacy laws and regulations.
Contact us today to learn more about how we can help you protect your customers' personal information from data scraping.
Get Started For Free with the
#1 Cookie Consent Platform.
No credit card required

First-Party Data Collection & Compliance: Best Practices for GDPR & CCPA in 2025
Your marketing strategy depends on first-party data collection compliance, but navigating the complex web of privacy regulations can feel overwhelming. With GDPR fines reaching €20 million, CCPA penalties expanding under CPRA, and 20+ US states enacting comprehensive privacy laws by 2025, collecting customer data legally has never been more critical—or complicated.
- Legal & News
- Data Protection
- GDPR
- CCPA

Customer Journey Mapping Under GDPR & CCPA: How to Embed Privacy at Every Touchpoint
Your customer journey maps are exposing you to massive privacy violations and regulatory penalties — and you might not even realize it. Most organizations approach customer journey mapping GDPR compliance as an afterthought, failing to integrate privacy requirements into each touchpoint where personal data flows through their customer experience.
- Legal & News
- Data Protection
- GDPR

California Privacy Law for Marketing Agencies: What's Changed in 2025 & How to Stay Compliant
California privacy law for marketing agencies has reached peak complexity in 2025, with enforcement actions targeting mainstream businesses and technical configuration failures resulting in substantial financial penalties. The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) now require comprehensive operational changes that affect every aspect of digital marketing campaigns.
- Legal & News
- Data Protection
- CCPA