(416) 916-1387
Team
David Milosevic
Joella Miller
Arad Moslehi
Annelise Do Rio
Jamie Lee Roche
Expertise
Complex Corporate Commercial Litigation
Contract Disputes Debt Collection Enforcement Derivative Claims Enforcement Of Foreign Judgments Oppression Claims Partnership Disputes Shareholder Disputes
Commercial Real Estate Litigation
Mortgage Fraud & Disputes Purchase & Sale Litigation
Professional Liability
Defamation, Libel & Slander Director & Officer Liability Investment Advisor Liability Lawyer Negligence
Civil Fraud
Employee Fraud
Injunctive Relief
Receiverships
Class Action
Class Action Defence For Small & Mid Sized Companies
Investment Loss
Advisor/Broker Fraud Asset Recovery
Appellate Litigation
Appeals to the Divisional Court
Appeals to the Ontario Court of Appeal
Appeals to the Supreme Court of Canada
Media
Careers
Contact
(416) 916-1387

Our Services

We represent clients in complex commercial litigation matters, from contract and partnership disputes, to complex multi-party commercial claims.

Complex Corporate Commercial Litigation

Commercial Real Estate Litigation

Professional Liability

Civil Fraud

Injunctive Relief

Receiverships

Class Action

Investment Loss

Guarding Your Digital Fortress Against Data Scraping

Civil Fraud, Injunctive Relief
Author Milosevic & Associates
Date Posted on August 28, 2023

On August 24, 2023, the Office of the Privacy Commissioner of Canada, in conjunction with 11 other global privacy authorities (“Regulators”), issued a joint statement (the “Joint Statement”) regarding privacy protection and data scraping.

This blog post will provide an overview of data breaches and data scraping and explain the potential consequences of such privacy breaches. It will also outline the key points from the Regulators’ joint statement and highlight the proactive steps businesses can take and potential risks to watch for.

What Is Data Scraping?

Data scraping is an automated technique that occurs when a computer program or application is used to extract, or “scrape,” valuable information from a website’s database or other web source. This data extraction can gather information such as text, images, prices, product details, contact information, and any other publicly available data on the internet.

The individual or company that data scrapes a website often collects and uses the information for a different purpose. Historically, extracted personal data from online databases have been used for unlawful purposes, including:

  • Cyberattacks;
  • Identity fraud;
  • Sale to malicious actors; and
  • Private analysis or intelligence gathering.

Companies are generally prohibited from scraping personal information from websites, as it can potentially infringe upon privacy rights and terms of service agreements of websites and can result in legal consequences.

Data Scraping Legislation & Navigating Privacy Breaches by Artificial Intelligence

Like other countries, Canada has laws and regulations that govern data privacy and protection, which may impact the legality of data scraping activities. A key piece of federal privacy legislation is the Personal Information Protection and Electronic Documents Act (“PIPEDA”), which outlines rules for collecting, using, and disclosing personal information.

Personal information and privacy are often initial considerations for those uploading information online. However, in recent years, data scraping has come into consideration with the emergence and popularity of Artificial Intelligence (“AI”) systems that are trained on the publicly accessible information available on the internet. Several class actions have commenced against large entities, such as Google and ChatGPT, concerning privacy breaches in the United States of America.

Global Privacy Regulators’ Joint Statement

In the recent joint statement made on August 24, 2023, the Regulators assert that social media companies and other website operators “are responsible for protecting individuals’ personal information from unlawful data scraping.” Since the techniques for data scraping continue to evolve and emerge with technology and no single safeguard can protect against “all potential privacy harms associated with data scraping,” it is imperative that data security and vigilance are paramount.

Multi-Layered Controls Used to Mitigate Risk

The Joint Statement went on to note that social media companies and website operators should implement multi-layered technical and procedural controls to mitigate potential privacy breach risks, such as:

  • “Rate limiting” the number of visits per hour or day by one account and limiting access if unusual activity is detected;
  • Taking steps to identify patterns in “bot” activity and detect “bots” by using “CATCHAs” and blocking IP addresses where data scraping activity is identified;
  • Notifying affected individuals and privacy regulators in jurisdictions where data scraping may constitute a data breach; and
  • Taking appropriate legal action when data scraping activity is suspected and/or confirmed.

When it comes to taking legal action, it is essential for companies to obtain legal advice as quickly as possible following a suspected and/or confirmed data breach to address the issue, prevent further violations, and obtain appropriate relief (such as an injunction).

Websites & Social Media Companies to “Proactively Support Their Ssers”

If any implemented data scraping safeguards require processing a user’s personal information, these entities should also ensure that their processing complies with the applicable data protection or privacy law requirements in their jurisdiction.

Social media companies and other websites are encouraged to “proactively support their users so that they can make informed decisions about how they use the platform and what personal information they share.” To support this, the Joint Statement provides that they should increase “user awareness and understanding of the privacy settings they can utilize” when using such platforms and websites.

Key Takeaways for Individuals & Businesses

For individuals and businesses uploading personal information onto the internet, it is crucial to understand that data breaches can happen quickly and at any time. In short, some key takeaways from the Joint Statement include:

  • Data scraping incidents can result in reportable data breaches in certain jurisdictions;
  • Businesses should remain up-to-date with new developments in privacy law and regulations and should update internal procedures and policies accordingly;
  • Personal information which is “publicly available” online is still subject to privacy laws in many jurisdictions. However, individuals and businesses should take proactive action to mitigate the risk of data scraping and be mindful of the information available online; and
  • Social media companies and website operators that host publicly accessible personal data must be clear on their obligations under privacy and data protection laws when protecting personal information on their platforms from unlawful data scraping.

For Advice on Data Breaches, Injunctions and Complex Commercial Litigation, Contact Milosevic & Associates

At Milosevic & Associates, our experienced complex commercial litigation lawyers understand the unique challenges faced by businesses, particularly concerning technology and privacy. When it comes to issues of civil fraud, injunctive relief, data breaches, and employee fraud, our lawyers are ready to assist. Our firm prides itself on guiding clients through the most complex disputes and ensuring they are well-positioned to achieve their goals. To learn how we can help you resolve your commercial dispute, contact us by phone at 416-916-1387 or reach out to us online to schedule a confidential consultation with a member of our team.

© 2024 Milosevic & Associates. All rights reserved. Privacy Policy / Disclaimer. Website designed and managed by Umbrella Legal Marketing