April 08, 2024

MUSA+IEWG Panel at the IAPP Global Privacy Summit 2024 (GPS24)

2 min

The IAPP Panel:

On Wednesday, April 3, 2024, MUSA participated on a panel with the Global Privacy Assembly's International Enforcement Group (IEWG), to discuss the IEWG's Data Scraping Joint Statement. The IAPP GPS24 panel, "A Global Initiative to Elevate Safeguards Against Data Scraping" (description attached), included the following regulators and MUSA representative David Patariu:

  • Moderator: Brent Homan, Data Protection Commissioner, The Office of the Data Protection Authority (Guernsey)
  • Stephen Almond, Executive Director, Regulatory Risk, U.K. Information Commissioner's Office
  • Philippe Dufresne, Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada
  • Carly Kind, Australian Privacy Commissioner, Office of the Australian Information Commissioner
  • David Patariu, CIPP/E, CIPP/US, CIPM, FIP, PLS, Attorney, Venable for the Mitigating Unauthorized Scraping Alliance (MUSA)

Regulator's Perspective:

The "Key Data Scraping Takeaways" pointed out by the regulators included the following (see attached presentation):

  • Publicly accessible personal information is still subject to data protection and privacy laws
  • Social media companies have legal obligations to protect personal information from unlawful data scraping
  • Mass data scraping can constitute reportable data breaches
  • Individuals can take actions to protect themselves and mitigate the harms of data scraping

MUSA's Perspective:

MUSA explained to the audience:

  • What scraping is in an easy-to-understand and engaging way
  • How it is difficult to distinguish end users from scrapers
  • That social media companies are victimized by scrapers
  • That regulatory focus needs to shift from social media companies to the threat actors who scrape, and to the marketplaces for scraped data and
  • That unauthorized scraping is an abuse—and should not be considered a breach

Attendance and Feedback:

About 200 people attended the panel. Feedback and press about the panel were positive and robust. One Canadian regulator remarked that she did not realize it was hard to distinguish an end user from a scraper, and had never thought about the scraping problem in that way.

MUSA was quoted in the news as well (e.g., "…data scraping should be at the top of everyone's lists when it comes to their organization's privacy frameworks").

Please let us know if you have any questions about this event.