Global Privacy Agencies Urge Social Media to Protect User Data from Scraping – Source: heimdalsecurity.com

In a statement published online, 12 data protection and privacy authorities from around the world urge social media platforms to strengthen their defenses against data scrapers.

The UK, Australia, Canada, Hong Kong/China, Switzerland, Norway, New Zealand, Columbia, Morocco, Argentina, and Mexico are among the countries that are co-signatories of the declaration.

What Is Data Scraping?

Data scraping is the practice of gathering data that users have posted on a platform and obtaining substantial amounts of publicly accessible data from websites using automated technologies like bots.

Even while the information gathered is already public, it can be used by threat actors to launch targeted attacks or commit identity fraud when paired with private or supplementary data from other sources.

Furthermore, data brokers or marketers can use it to develop in-depth user profiles.

Scraping from social media creates privacy risks and potential harms, such as the information people post online being used for reasons they don’t expect, exploited in cyberattacks or used for identity fraud.

ICO.org.uk (Source)

Lately, the issue has gathered frequent attention, resulting in harm to various social media platforms such as Facebook, LinkedIn, and TikTok.

How Social Media Platforms Can Fight Scraping?

The joint statement emphasizes that data privacy and protection rules continue to apply to information that is publicly available or accessible.

As a result, the biggest social media platforms are required to defend it by using anti-scraping mechanisms.

Here are some proposed measures:

• Put in place numerous technical and administrative safeguards for protection.
• Establish a team or specific roles to manage, keep an eye on, and react to scraping activities.
• Utilize “rate limiting” to limit the number of visits per account per hour or day.
• Keep an eye out for any suspiciously quick interactions with new accounts.
• Recognize “bot” patterns, such as frequent accesses made with the same credentials.
• Use CAPTCHAs to identify bots, and if scraping is discovered, block the associated IP addresses.
• Take legal action against recognized scrapers, such as sending “cease and desist” letters.
• In the event of a data breach, notify the affected parties and regulators.
• Help users understand and control their privacy settings proactively.
• Ensure privacy laws are followed if security measures handle personal data.
• Describe the steps done to prevent data scraping to users.
• Keep an eye out for new threats, adapt, and update your controls.
• Analyze scrape event metrics to enhance the security framework.

How Users Can Protect Themselves from Scraping?

Users shouldn’t leave all the security measures in the hands of social media platforms.

Every user can protect personal data from cybercriminals by:

• limiting the amount of information posted online
• reading the privacy policies of the online platforms to understand the risks
• setting the privacy settings on social media to decrease public exposure as much as possible
• thinking long-term because information posted today can live forever online.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube, for more cybersecurity news and topics.