The Dutch supervisory authority (the AP) has issued Guidelines on data scraping. Scraping is the automatic collection and storage of information from the Internet and, according to the guidance, “scraping by private parties and private individuals is almost never allowed”. Rather, “these parties can only use scraping legally if they do so in a very targeted manner”.
In a number of cases, scraping is not allowed anyway. For example:
- scraping the internet to create profiles of people and then resell them;
- scraping information from protected social media accounts or private forums;
- scraping data from public social media profiles, with the aim of determining whether or not those people will receive requested insurance.
The AP’s guidance is not aimed at the government. But scraping by the government also has major privacy risks and is subject to strict rules. The AP is also working on a guideline for scraping by the government.
***
France’s supervisory authority, the CNIL, issued a self-assessment questionnaire allowing “groups wishing to implement BCRs to check the level of maturity of the project in relation to the requirements of the BCR standards adopted by the European Data Protection Board (EDPB).
“At the end of the questionnaire, a compliance score as well as an action plan are proposed. It is therefore recommended to test the level of the project before submitting it to the CNIL. Depending on this level, the project can be reworked based on the gap analysis and action plan generated as a result”.
***
The Council of the European Union has approved a protocol aimed at facilitating the free flow of data between the EU and Japan within their Economic Partnership agreement. This protocol removes data localization requirements, ensuring that data can move freely without being hindered by unnecessary restrictions. It provides greater legal certainty for data flows, reduces administrative burdens for businesses, and respects data protection rules to maintain trust in the digital economy. Once ratified by Japan and having internal procedures completed, the protocol will enter into force.
***
The report for 2023 from the Norwegian Data Protection Authority (Datatilsynet) highlights a year of significant activity and success in enforcing privacy regulations and advancing organizational development. The report outlines a range of important cases and increasing media attention. This includes a legal victory against Meta Inc and Facebook Norway AS, strengthening privacy protections in Norway and across Europe. The authority has also conducted extensive inspections, particularly targeting county municipalities and the Norwegian Labour and Welfare Administration (NAV). Furthermore, the “Kvist” project has facilitated dialogue between the authority and various businesses to enhance understanding and relevance in their work.
Comments are closed.