• English
  • Español
Search
Close this search box.

Argentina Signs Joint Statements on Data Scraping and Privacy

At the request of the Danish Data Protection Agency, a group of data protection authorities from multiple countries have released two statements addressing the implications of data scraping on personal data protection. The group includes Data Protection Authorities from Argentina, Spain, the United Kingdom, Canada, Israel, Mexico and Hong Kong. These statements primarily target social media platforms and sites that host publicly accessible content that may include personal data.

The first statement, published in August 2023, underscores that publicly available personal data, which is often subject to scraping, is still governed by data protection and privacy laws in most jurisdictions. This places a legal obligation on social media platforms and website operators to protect their users’ personal data from unauthorized scraping activities that breach these laws.

Recognizing the limitations of isolated security measures, the signatory authorities recommended that social media platforms and website operators implement a combination of technical controls and procedures that are according to the sensitivity of the data they manage. Key recommendations include monitoring user activity, especially new users, to detect patterns or unusual behavior that may indicate scraping. The statement also emphasized the importance of providing users with tools to enable them to make informed and conscious decisions regarding their personal data.

The initial statement was sent to key industry players, including YouTube, TikTok, X and Meta, requesting comments on how they comply with the outlined standards. The platforms confirmed having implemented several of the recommended actions, and mentioned other measures, such as design elements that deter automated data scraping. In addition, a company involved in commercial data scraping contacted the authorities and shared its efforts to comply with data protection regulations when interacting with this type of information.

Building on the first statement and industry feedback, the authorities released a new statement in October 2024. This second statement focused on differentiating between legal data scraping and illegal practices.For instance, the authorities clarified that obtaining permission from a website or platform owner, or demonstrating a socially beneficial purpose, does not automatically legitimize data scraping activities. When personal data is involved, a valid legal basis—such as user consent, legitimate interest, or public interest—is required. The available legal basis shall vary depending on the law and specific situation.

The second statement also underscored that, even with permission from the platform owner and a legal basis, it’s fundamental to specify what personal data can be scraped and for what purpose. Authorities noted that APIs are an useful tool for spotting unauthorized scraping, while artificial intelligence can help detect suspicious behavior patterns.

The statement concluded by acknowledging that no single method can entirely eliminate the risks of illegal scraping. Instead, it recommended adopting dynamic, multi-layered safeguards to mitigate potential harm. The level of protection should correspond to the type of data and its impact. For example, protecting product reviews on e-commerce platforms requires a different level of security than safeguarding photos of minors on social networks.