International Privacy Authorities Issue Joint Statement on Data Scraping
Learn about the joint statement issued by global privacy authorities on August 24, 2023, addressing the risks of data scraping to privacy. Discover its implications for businesses and mitigation strategies
On August 24, 2023, a group of international privacy authorities issued a joint statement on data scraping and the protection of privacy. The statement was issued by the data protection authorities of New Zealand, Canada, Australia, the United Kingdom, Hong Kong, Switzerland, Norway, Columbia, Morocco, Argentina, Mexico, and Jersey.
What was the statement?
The statement highlights the significant privacy concerns raised by data scraping technologies, which can collect and process personal information from the internet. The statement clarifies that the operators of websites that host publicly accessible personal information also have data protection obligations with respect to third-party scraping from their websites.
The statement identifies a number of specific privacy risks from data scraping, including:
- Targeted cyber-attacks
- Identity fraud
- Monitoring, profiling, and surveilling individuals
- Unauthorized political or intelligence gathering purposes
- Unwanted direct marketing or spam
The statement stipulates that social media companies and other websites are responsible for protecting individuals' personal information from unlawful data scraping. The statement provides a number of mitigation controls that can be used to protect against data scraping, including:
- Designating a team to identify and implement controls protecting against data scraping activities
- "Rate limiting" the number of visits per hour or day to specific accounts or profiles
- Monitoring how quickly or aggressively a new account starts looking for other users
- Taking steps to identify "bot" activity through the identification of suspicious IP addresses and CAPTCHAs
The statement also notes that entities should inform users of the steps taken to protect users against data scraping. The statement also elaborates on what steps individuals can take to minimize the privacy risks from data scraping, such as managing privacy settings and limiting the amount of personal information shared.
What does it mean for businesses?
It should be noted that the joint statement does not prohibit ordinary businesses from scraping data, as long as it is legal. However, businesses should be aware of the privacy risks associated with data scraping and take steps to mitigate those risks.
Some of the things that businesses can do to mitigate the privacy risks of data scraping include:
- Only scraping data that is publicly available.
- Limiting the amount of data that is scraped.
- Notify users that their data is being scraped.
- Take steps to protect the data from unauthorized access or use.
Here are some additional things that businesses should consider when scraping data:
- The purpose of the scraping. Is the data being scraped for legitimate business purposes, such as market research or competitive analysis? Or is it being scraped for more nefarious purposes, such as identity theft or spam?
- The type of data being scraped. Some types of data, such as financial information or health data, are more sensitive than others. Businesses should be careful not to scrape sensitive data unless they have a legitimate reason to do so.
- The laws and regulations that apply. The laws and regulations that apply to data scraping vary from country to country. Businesses should make sure that they are complying with all applicable laws and regulations.
How can Secure Privacy help?
Secure Privacy is committed to helping businesses protect their customers' personal information from data scraping. We offer a comprehensive range of data privacy solutions, including:
- Data protection training courses
- Data privacy compliance software
- Data privacy consulting services
Secure Privacy can help you assess your data privacy risks, implement appropriate controls, and comply with all applicable data privacy laws and regulations.
Contact us today to learn more about how we can help you protect your customers' personal information from data scraping.
Get Started For Free with the
#1 Cookie Consent Platform.
No credit card required

Data Privacy Software: Safeguarding Your Business
Your compliance team just discovered personal data scattered across fifty different systems with no clear inventory. A data subject access request arrived yesterday requiring response within thirty days, but manually searching through databases, CRM systems, and cloud storage would take months. Meanwhile, eight new US state privacy laws took effect this year alone, and you're not sure which apply to your business.
- Legal & News
- Data Protection

GDPR Compliance Automation: Complete Guide & Tool Comparison
Your privacy team is drowning in manual GDPR workflows. Data subject access requests pile up for weeks. Data mapping takes months instead of minutes. Your spreadsheet-based consent records can't scale to millions of users. Meanwhile, European regulators issued €1.2 billion in GDPR fines last year alone, and your current compliance approach can't keep pace with enforcement intensity or business growth.

2026 Privacy Compliance Roadmap: Comprehensive Checklist for Your Business
Your compliance team just received another regulatory update notification. This time it's about new CCPA cybersecurity audit requirements, EU AI Act enforcement deadlines, and state privacy laws taking effect January 1st. The regulatory landscape keeps expanding, and falling behind isn't an option when penalties reach millions of dollars.
- Legal & News
- Data Protection