Unfair Collection: Reclaiming Control of Publicly Available Personal Information from Internet Data Scrapers
43 Pages Posted: 15 Jun 2021
Date Written: May 25, 2021
Abstract
Rising enthusiasm for consumer data protection in the United States has resulted in several states advancing legislation to protect the privacy of their residents’ personal information. But even the newly-enacted California Privacy Rights and Enforcement Act (CPRA)—the most comprehensive data privacy law in the country—leaves wide open a gap for internet data scrapers to scrape, extract, share, and monetize consumers’ personal information while circumventing regulation. Allowing scrapers to evade privacy regulations comes with potentially disastrous consequences for individuals and society at large.
This Note argues that even publicly available personal information should be protected from bulk collection and misappropriation by data scrapers. I recommend that California reform its privacy legislation to align with the European Union’s General Data Privacy Regulation, where data scrapers are required to provide notice to data subjects upon the collection of their personal information whether or not it was publicly available. Such reform could lay the groundwork for future legislation at the federal level.
Keywords: data scraping, scraping, web scraping, data privacy, privacy, California Consumer Privacy Act, CCPA, California Privacy Rights and Enforcement Act, CPRA, GDPR, General Data Privacy Regulation, Computer Fraud and Abuse Act, CFAA, publicly available personal information, personal data
JEL Classification: K00, K10, K19, K20, K29, K30, K39
Suggested Citation: Suggested Citation