Mitigating Unauthorized Scraping Alliance Newsletter

January 17, 2023

Welcome to the Mitigating Unauthorized Scraping Alliance newsletter, where we highlights topics of interest related to unauthorized data scraping. Unauthorized data scraping is the automated collection of user data at scale that violates a platform's Terms of Service.

Featured Event

MUSA International Data Privacy Day Event: The State of Unauthorized Scraping and its Impact on Users & Industry

Tuesday, January 31, 2023

2:00-5:00 p.m. EST – Expert Panel Discussions

5:00-6:00 p.m. EST – Networking Reception

Civiletti Center

600 Massachusetts Avenue, NW, Washington, DC 20001

& Zoom Live Stream

Join the Mitigating Unauthorized Scraping Alliance (MUSA) for a panel discussion featuring industry, legal, and academic experts who will examine the landscape and impacts of unauthorized data scraping. This event will discuss the impacts of unauthorized data scraping for users and industry, the role of policy and regulation in combating unauthorized scraping, the current legal landscape, and the relationship between unauthorized scraping and privacy.

Industry & Scraping In the News

LinkedIn's Data Scraping Battle with HiQ Labs Ends with Proposed Judgment

LinkedIn and HiQ Labs reached a settlement on December 19, 2022 after six years of legal battles. This follows a November 2022 ruling in favor of LinkedIn stating that HiQ consistently violated LinkedIn’s User Agreement by scraping data from the LinkedIn site. Read more on The National Law Review

Majority of Companies Don't Have Strategies to Prevent User Data Scraping:

A new study conducted by research firm NewtonX found that only 42% of organizations surveyed have formal strategies in place to deal with data scraping of private user information, despite 89% reporting that their companies have scraped user data. Read more on Corporate Compliance Insights

Viral TikToks about IUDs portray distrust of doctors, new research shows Researchers at Duke University used a web scraping tool to download videos tagged #IUD on TikTok in violation of the company’s Terms of Service. The goal of the study was to examine the way IUDs are discussed on TikTok and educate healthcare professionals on the information about IUDs circulating online.

Read more on NBC News

A ccount D eta il s o f Ov er 200 M i ll i o n Twi t t e r U se r s L e ake d o n H a c k e r F o r u m

Threat actors posted an ad on a well-known hacker forum claiming to have the data of over 200 million Twitter users. The dataset includes Twitter handles, usernames, email addresses, and phone numbers. This follows the launch of an IDPC investigation into Twitter over a July scraping incident. Read more on Privacy Affairs

Meta’s data scraping: against the rules yet impossible to stop?

Despite implementing measures against unauthorized scraping, companies like Meta continue to face challenges. Meta has taken several steps, including introducing bug bounty programs and pursuing litigation, to reduce unauthorized scraping. However, scrapers continue to avoid detection and Meta has faced a number of large fines for GDPR violations. Read more on Cyber News

Google’s Genius Lyrics Spat Merits DOJ Response, High Court Says

The Supreme Court is expected to hear a multimillion-dollar dispute involving allegations that Google LLC illegally scraped lyrics from the crowd-sourced lyric annotation website Genius in breach of its terms of service. The case has drawn interest from antitrust groups “concerned about the market implications of web scraping conducted by larger firms.” Read more on Bloomberg Law

The viral AI avatar app Lensa undressed me—without my consent

An open-source AI training model based on a large data set of images compiled through scraping raises questions over the use of public facing images to generate non consensual images and content and problematic gender and racial biases within AI visual semantic models. Read more on MIT Technology Review

NY City schools ban access to ChatGPT over fears of cheating and misinformation

The city’s education department has banned access to an AI chatbot built on scraped data on its devices and networks due to disinformation and “amplified prejudices like sexism and racism” concerns. Read more on The Verge

Meta alleges surveillance firm collected data on 600,000 users via fake accounts

Meta has sued to block Voyager Labs from using its platforms, alleging that the company used surveillance software that relied on fake accounts to mass scrape data from Facebook and Instagram, as well as Twitter, YouTube, LinkedIn and Telegram. Read more on The Guardian

Legislation & Regulation In the News

Will Data Privacy Give Digitalization a Black Eye in 2023?

Governments worldwide are continuing to ramp up efforts to increase data privacy in 2023. These efforts include an increase in EU GDPR transgression fees for liable companies and a new privacy enforcement agency created under the California Privacy Rights Act. Read more on CDO Trends

Senator Coons, colleagues introduce legislation to provide public with transparency of social media platforms

Several members on the Senate Judiciary Committee introduced bipartisan legislation entitled the Platform Accountability and Transparency Act (PATA) on December 21, 2022, to increase transparency around social media companies. In particular, the bill seeks to allow independent researchers to access platform data and study social media companies’ actions. The bill protects researchers from any legal liability that may come from scraping a platform’s data if “they comply with various privacy safeguards.” Read more on Senate.gov

Tech companies may have to cough up research data under this bill

The updated Platform Accountability and Transparency Act (PATA) introduced by Senators Christopher Coons and Rob Portman would require digital platforms to provide data for approved research projects. Both platforms and researchers would receive immunity when sharing user data, ameliorating fears of potential legal repercussions. Failure to comply with new data sharing requirements could result in companies losing their liability protections under Section 230 or facing charges of unfair or deceptive trade practices. Read more on The Washington Post

New data privacy laws in various US states: are you ready?

US states, including Virginia, Utah, Colorado, and Connecticut, have privacy laws going into effect in 2023. The patchwork of privacy legislation in the US will pose challenges for tech companies, which need to comply with each individual state law. Read more on Financier World

Vietnam’s Data Protection Regulations: What to Expect in 2023

Vietnam is expected to implement many important changes to data protection laws in 2023. This includes stricter regulation around data collection and data transfer, making it illegal to process personal data without explicit consent; however, the Draft Consumer Protection Law currently does not extend to publicly disclosed data, meaning “scraping of publicly available personal data might be acceptable in Vietnam.” Scraping of non-publicly available personal data is still prohibited and could constitute a crime. Read more on Lexology

New privacy law sees tougher penalties and enforcement powers for serious and repeated privacy breaches

Australia passed the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022. Provisions in the bill include increasing the financial penalty for serious or repeated data privacy incidents, providing the Australian Information Commissioner with additional enforcement powers, and allowing the Australian government to enforce against global companies whose data is processed outside of Australia. Read more on Lexology

About MUSA

The Mitigating Unauthorized Scraping Alliance (MUSA) brings together leading companies committed to protecting data from unauthorized scraping and misuse. In collaboration with industry members, policymakers, and the public, MUSA is generating a global dialogue around unauthorized data scraping focused on protecting user data through education, advocacy, public-private partnerships, and the sharing of reasonable practices to mitigate unauthorized scraping.

Connect with us: