Feb. 21, 2024

Scraping Battles: Meta Loses Legal Effort to Halt Harvesting of Personal Profiles

Last month, in a ruling against Meta, a California federal court handed data scrapers a fresh lifeline to argue that they are free to extract publicly available information from social media profiles. The decision sets higher hurdles for websites to succeed on breach of contract claims against scrapers or shield data with anti-bot gates like CAPTCHAs. It is another example of how U.S. scraping case law is diverging from the approach of global regulators, 12 of whom recently issued a joint statement effectively obligating social media companies to use seven safeguards to prevent scraping of personal data. This first article of a two-part series on the latest scraping developments across courts, regulators and privacy engineers discusses the implications of the Meta v. Bright Data decision and the state of anti-scraping litigation. Part two will explain the safeguards that global regulators have prescribed, practical suggestions for minimizing risks from scraping, and the rising pressure on companies to institute a comprehensive governance framework for scraping that echoes earlier ones developed for cybersecurity and privacy. See “Best Practices to Combat Surge of Unwanted Data Scraping” (Mar. 8, 2023).

Tracking Technologies: A 360‑Degree Governance Plan

Organizations should have a comprehensive governance program to adequately address the complex, significant, and growing legal and business risks that tracking technologies present. In this third installment of a four-part guest article series, seasoned privacy attorneys Julie Rubash of Sourcepoint, Michael Hahn of IAB and Leslie Shanklin of Proskauer provide a roadmap for organizations starting out – or working toward – crafting a comprehensive, cross-functional program for managing digital trackers. Part four will focus on digital tracker compliance challenges and solutions, including those specific to the advertising industry. Part one examined legal regulation and use risks around online tracking technologies. Part two took a deep dive into the technical workings and types of digital data collection tools. See “Benchmarking the Impact of State Privacy Laws on Digital Advertising” (Oct. 11, 2023).

Legal and Ethical Issues in Use of Biometrics: Modality Selection, Implementation and State Laws

Use of biometrics for authentication offers both promise and peril. In addition to raising privacy concerns, biometric systems may yield biased outcomes. The long-term prospects of biometrics will depend on its responsible and ethical development, deployment and use, noted Chris Burt, managing editor of Biometric Update, at a recent program the organization sponsored. This first installment of a two-part article series synthesizing insights from the program covers key concerns over use of biometrics, selection of biometric modalities, responsible and ethical implementation and state biometric privacy laws. Part two will discuss fast identity online authentication, issues around identity proofing and why biometrics may be the best alternative for some use cases despite its flaws. See “No End in Sight: Biometrics Litigation Trends” (Mar. 16, 2022).

Jones Day Welcomes Veteran Cybersecurity Partner in Washington, D.C.

Ryan Blaney has joined Jones Day as a partner in the firm’s cybersecurity, privacy & data protection practice in Washington, D.C. He arrives from Proskauer, where he led the privacy and cybersecurity group. For commentary from Blaney, see our two-part series “Data Breaches and the Private Credit Market”: Assessing Borrower Cyber Preparedness (Feb. 1, 2023), and Post-Breach Considerations (Feb. 8, 2023). For insights from Jones Day, see “How CCOs Can Avoid Personal Liability for an Organization’s Compliance Failures” (Dec. 2, 2020).