THE GREAT SCRAPE: THE CLASH BETWEEN SCRAPING AND PRIVACY; SSRN, July 3, 2024

Daniel J. Solove, George Washington University Law School; Woodrow Hartzog, Boston University School of Law; Stanford Law School Center for Internet and Society; THE GREAT SCRAPE: THE CLASH BETWEEN SCRAPING AND PRIVACY

"ABSTRACT

Artificial intelligence (AI) systems depend on massive quantities of data, often gathered by “scraping” – the automated extraction of large amounts of data from the internet. A great deal of scraped data is about people. This personal data provides the grist for AI tools such as facial recognition, deep fakes, and generative AI. Although scraping enables web searching, archival, and meaningful scientific research, scraping for AI can also be objectionable or even harmful to individuals and society.

Organizations are scraping at an escalating pace and scale, even though many privacy laws are seemingly incongruous with the practice. In this Article, we contend that scraping must undergo a serious reckoning with privacy law. Scraping violates nearly all of the key principles in privacy laws, including fairness; individual rights and control; transparency; consent; purpose specification and secondary use restrictions; data minimization; onward transfer; and data security. With scraping, data protection laws built around

these requirements are ignored.

Scraping has evaded a reckoning with privacy law largely because scrapers act as if all publicly available data were free for the taking. But the public availability of scraped data shouldn’t give scrapers a free pass. Privacy law regularly protects publicly available data, and privacy principles are implicated even when personal data is accessible to others.

This Article explores the fundamental tension between scraping and privacy law. With the zealous pursuit and astronomical growth of AI, we are in the midst of what we call the “great scrape.” There must now be a great reconciliation."

IoT Devices Becoming More Important in Criminal Investigations; Inside Counsel, June 1, 2017

Amanda Ciccatelli, Inside Counsel; IoT Devices Becoming More Important in Criminal Investigations

"In addition, an area of the law which will evolve because of IoT being utilized in court is privacy law. Fitbit's privacy policies clearly state that they will cooperate with a legal subpoena or warrant. Moreover, they outline that user’s information will be stored unless the account is completely closed, and even then, the information will only be destroyed per the company's regular maintenance schedule. Accordingly, users have consented to this application.

She explained, “Users of IoT need be cognizant of the fact that these very personal devices, worn by us every minute of the day or listening in our homes, come at a very real privacy cost…If IoT is in use, users must balance the risk that their data will be used in court."

Are city surveillance camera regulations being ignored?; Pittsburgh Post-Gazette, 4/14/15

Rich Lord, Pittsburgh Post-Gazette; Are city surveillance camera regulations being ignored? :

"A largely ignored privacy law that Bill Peduto pushed for when he was a Pittsburgh councilman should be enforced but loosened to allow police to look further back in time using surveillance footage, the mayor said last week.

The city’s Privacy Policy for Public Security Camera Systems, hashed out in 2008 between council and then-Mayor Luke Ravenstahl, set rules on where the city can surveil, who may see the footage and how long it should be stored. Mr. Peduto drove that legislation and became mayor 15 months ago — but confirmed Thursday that “we’re not following the rules right now.”"