THE GREAT SCRAPE: THE CLASH BETWEEN SCRAPING AND PRIVACY; SSRN, July 3, 2024

Daniel J. Solove, George Washington University Law School; Woodrow Hartzog, Boston University School of Law; Stanford Law School Center for Internet and Society; THE GREAT SCRAPE: THE CLASH BETWEEN SCRAPING AND PRIVACY

"ABSTRACT

Artificial intelligence (AI) systems depend on massive quantities of data, often gathered by “scraping” – the automated extraction of large amounts of data from the internet. A great deal of scraped data is about people. This personal data provides the grist for AI tools such as facial recognition, deep fakes, and generative AI. Although scraping enables web searching, archival, and meaningful scientific research, scraping for AI can also be objectionable or even harmful to individuals and society.

Organizations are scraping at an escalating pace and scale, even though many privacy laws are seemingly incongruous with the practice. In this Article, we contend that scraping must undergo a serious reckoning with privacy law. Scraping violates nearly all of the key principles in privacy laws, including fairness; individual rights and control; transparency; consent; purpose specification and secondary use restrictions; data minimization; onward transfer; and data security. With scraping, data protection laws built around

these requirements are ignored.

Scraping has evaded a reckoning with privacy law largely because scrapers act as if all publicly available data were free for the taking. But the public availability of scraped data shouldn’t give scrapers a free pass. Privacy law regularly protects publicly available data, and privacy principles are implicated even when personal data is accessible to others.

This Article explores the fundamental tension between scraping and privacy law. With the zealous pursuit and astronomical growth of AI, we are in the midst of what we call the “great scrape.” There must now be a great reconciliation."

An Apparent Cyberattack Hushes the British Library; The New York Times, November 3, 2023

 Alex Marshall, The New York Times; An Apparent Cyberattack Hushes the British Library

"Tasmina Islam, a lecturer in cybersecurity education at King’s College London said in an email that the motivation for attacking a library could be financial.

“Cybercriminals can access a lot of information from a library, including users’ personal data,” she said. Libraries also “store electronic books, research articles and various intellectual properties, all of which cybercriminals can exploit for illegal distribution,” Islam added.

The British Library incident “served as a warning for other libraries and institutions to assess their own security measures thoroughly,” she said."

Data mining: why the EU’s proposed copyright measures get it wrong; The Conversation, May 24, 2018

Martin Kretschmer

Professor of Intellectual Property Law, University of Glasgow and Thomas Margoni

Senior Lecturer in Intellectual Property and Internet Law, University of Glasgow,

The Conversation;  
Data mining: why the EU’s proposed copyright measures get it wrong

"Data that is mined with the help of machine learning techniques has been a rapid area of technological advancement – with good and bad consequences for everyone. And EU copyright law is currently caught in the crossfire.

Cambridge Analytica and Facebook’s recent data scandal, which involved the profiling of users from their online behaviour facilitated by social networks, brought important issues to the surface about web privacy, only after it was reported that millions of people had their data harvested and improperly shared with a political consultancy.

But the same data mining technique also offers great societal benefit in fields such as traffic prediction, natural language processing and the identification of potential cures for diseases.

Many people think that regulating the use of data is a matter of data protection or privacy laws. However, where the raw material subjected to analysis is not “personal data” but material protected under copyright law, such as texts or certain structured databases, another set of legal norms come into play. This has far reaching and little understood consequences."

ABA Webinar: Thursday, March 8, 2018

Webinar | March 8, 2018 | 1:00 PM - 2:00 PM ET‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  Trouble Viewing? View online. AMBAR.ORG     |      CAREER CENTER     |      MEMBERSHIP     |      CALENDAR     |     CLE     |   PUBLISHING GDPR: What Litigators Should Know Webinar | March 8, 2018 1:00 PM — 2:00 PM ET 1.00 General CLE Credit LEARN MORE Join our distinguished panel to learn how the EU's General Data Protection Regulation (GDPR) works and how it will impact: U.S. law firm information governance Contract negotiations relating to the processing of personal data of EU individuals Discovery in litigation in the U.S. Client support to organizations with a footprint in the EU Sponsor(s): Section of Litigation; Tort Trial and Insurance Practice Section; Center for Professional Development Panelist(s): Melia Archie (Legal Counsel, Data Privacy Director, Stryker); David Manek (Director, GDPR Practice Leader, Navigant); and Camila Tobón (Of Counsel, Shook Hardy & Bacon LLP)

WTF is GDPR?; TechCrunch, January 20, 2018

Natasha Lomas, TechCrunch; WTF is GDPR?

"The EC’s theory is that consumer trust is essential to fostering growth in the digital economy. And it thinks trust can be won by giving users of digital services more information and greater control over how their data is used. Which is — frankly speaking — a pretty refreshing idea when you consider the clandestine data brokering that pervades the tech industry. Mass surveillance isn’t just something governments do.

The General Data Protection Regulation (aka GDPR) was agreed after more than three years of negotiations between the EU’s various institutions.

It’s set to apply across the 28-Member State bloc as of May 25, 2018. That means EU countries are busy transposing it into national law via their own legislative updates (such as the UK’s new Data Protection Bill — yes, despite the fact the country is currently in the process of (br)exiting the EU, the government has nonetheless committed to implementing the regulation because it needs to keep EU-UK data flowing freely in the post-brexit future. Which gives an early indication of the pulling power of GDPR.

Meanwhile businesses operating in the EU are being bombarded with ads from a freshly energized cottage industry of ‘privacy consultants’ offering to help them get ready for the new regs — in exchange for a service fee. It’s definitely a good time to be a law firm specializing in data protection."

Data is the new lifeblood of capitalism – don't hand corporate America control; Guardian, February 1, 2018

Ben Tarnoff, Guardian; Data is the new lifeblood of capitalism – don't hand corporate America control

"Over the past year, a growing number of people have come to realize that data has a dark side. The information revolution has turned out to be something less than total liberation. The digital sphere is not intrinsically democratic; rather, what matters is who owns it and how it’s organized.

The digitization of everything has made this abundantly clear. As more of our lives are made into data, the companies that control that data have grown rich and powerful. It’s not merely that they know so much about us, from our favorite type of toilet paper to our favorite type of porn. It’s that they use what they know to inform algorithmic decisions that have a significant impact on society as a whole –decisions like what kind of news (if any) we consume, or how long we go to prison.

But the stakes are even higher. The emphasis on personal data has obscured the fact that data is not just personal – it’s commercial, industrial, financial. The reason that corporations are so concerned about who controls the packets that flow through the world’s fiber-optic cables is because a vast array of profit-making activities now depends on them."