Viene segnalata dai social la comunicazione 24 agosto u.s. di alcune autorità garanti privacy sul c.d. data scraping : cioè sulla prassi di catturare dati personali pubblicamente presenti nel web (come se questo non richiedesse consenso dell’interessato) [notizia presa dall’ Information Commissioner’s Office inglese ].
Tra di esse non c’è nè l’autorità italiana nè quella europea. trattandosi di solamente di alcune Autorità coordinatesi entro il Global Privacy Assembly.
Non ci sono grosse novità. Riporto solo la sez. privacyrisks:
<<10. In recent years, many data protection authorities have seen increased reports of mass data scraping from SMCs and other websites. The reports raise a number of privacy concerns, including the use of scraped data for:
Targeted cyberattacks – for example, scraped identity and contact information posted on ‘hacking forums’ may be used by malicious actors in targeted social engineering or phishing attacks.
Identity fraud – scraped data may be used to submit fraudulent loan or credit card applications, or to impersonate the individual by creating fake social media accounts.
Monitoring, profiling and surveilling individuals – scraped data may be used to populate facial recognition databases and provide unauthorised access to authorities.
Unauthorised political or intelligence gathering purposes – scraped data may be used by foreign governments or intelligence agencies for unauthorised purposes.
Unwanted direct marketing or spam – scraped data may include contact information that can be used to send bulk unsolicited marketing messages.
11. More broadly, individuals lose control of their personal information when it is scraped without their knowledge and against their expectations. For example, data scrapers may aggregate and combine scraped data from one site with other personal information, and use it for unexpected purposes. This can undermine individuals’ trust in the SMC or other websites, with potentially detrimental impacts on the digital economy. Moreover, even if individuals decide to delete their information from a social media account, data scrapers will likely continue using and sharing>>
Ciò che le azienda titolari dei social dovrebbero fare, allora, è scritto nei segg. §§ 12-17.