The rules around data scraping, and what constitutes legal and illegal use of people’s personal information, as listed within social apps, remains opaque, as Meta drops its latest lawsuit against a company that had been found to be stealing Facebook and Instagram user data.
Though it wasn’t stealing, as such, but merely logging publicly accessible info via user profiles, which those users can hide, if they choose, via their various privacy settings. If they choose not to, the judge evidently decided that such info is then fair game, which saw Meta lose a key judgment in the case last month.
At that time, Meta seemed set to challenge the ruling, in an effort to establish a clearer legal precedent. But now, Meta has opted not to proceed, leaving Bright Data, the company behind the scraping activity, free to continue gathering up web-posted data, and using that to build profiles on users.
Which seems like it shouldn’t be possible, as it’s effectively enabling businesses to utilize people’s personal info without direct consent. But then again, what’s publicly posted is freely accessible, to anyone, and if a business chooses to use such, maybe that is acceptable practice.
LinkedIn ended a similar case recently, after a five year legal back-and-forth against professional services company hiQ Labs, as a result of hiQ using LinkedIn member data to build its own employee information service.
That case demonstrated the various legal interpretations at play.
Despite hiQ Labs winning several early rulings, LinkedIn continued to challenge, which eventually saw LinkedIn win out, enabling them to block hiQ Labs from continuing to scape user data. As a result, and likely also due to rising legal costs, hiQ went out of business, but theoretically, it could have continued to challenge the rulings, and found different interpretations of related laws, for some time yet.
The latest ruling against Meta means that there’s still no firmly established legal precedent for online data scraping, and the direct consent required (or not) for personal data use. The rise of social platforms has led to a new paradigm in the space, which sees much more personal insight shared online, and it does seem like the current laws don’t necessarily cover such use and misuse adequately.
The impact, then, is that the platforms are subsequently forced to hide more of their information behind log-in walls, essentially locking it away to protect it from misuse. Which, in some ways, could be a better approach, but it also means that posts then can’t be indexed by Google, limiting discovery and referral traffic. Such measures also make it more difficult to lure new users, as they limit the access that would enable newcomers to get a feel for the app before signing up.
Even so, with these concerns, along with generative AI training, most social apps are looking to further limit their non logged-in access, with X recently updating its system to significantly limit what non-users can see of its content.
Generative AI scraping may actually be a bigger impetus to enact such changes either way, but there does need to be more legal clarification around data scraping, and what qualifies as misuse in a social media specific context.
Still, the broader rules are not established as yet. Meta’s still pursuing legal recourse against two other companies that scraped Facebook data for use in website browser extensions, and either of those cases could help to clarify the rules around what’s required on this front.
But losing another data scraping case could also swing the gates open a little wider, which will make it easier for third parties to take and use your data.