GDPR and Data Crawling: What Now?
On May 25, the European Union’s (EU) new privacy law, the GDPR (General Data Protection Regulation) came into effect.
This law started being drafted as early as 2014 – and is now in effect in 28 member countries of the EU.
The whole purpose of the law is to make companies more serious about the way they collect, use and keep their users’ data.
In this article, we’ll discuss exactly how the GDPR may affect data crawling services and the way you use it to collect data for your business.
Let’s get started.
Why Will The GDPR Change Data Crawling / Mining?
Before we can start discussing exactly how data scraping services will be affected, let’s start with a brief outline of what the GDPR requirements are.
- Get user’s consent: This law requires companies to obtain consent from the users of whom they are collecting data. This especially includes personally identifiable data such as name, email address and even IP addresses.
- Provide data breach notices quickly: In this day and age, data can be easily hacked and collected. But still, many companies don’t tell or do so after a long time has passed. This isn’t to be the case anymore. Now, companies only have 72 hours or 3 days max to inform users of a data breach.
- Only obtain and use the data you need: Every single piece of data you require from your customer, you need to have a valid reason for doing so. Not having a legal reason for collecting user data can lead to you receiving a hefty fine.
In addition, there are other rules as well. But all of them circle around the same principles of transparency and honesty for the users whose data is being collected.
One important thing to keep in mind is that these rules aren’t just made for European companies. They are made for every single company that provides service and has data on European citizens, which are approx. 508 million people.
That’s why, especially for technology companies, especially those which collect and store data like web scraping services, need to take many precautions when doing data crawling activities.
The Precautions Data Crawling Services Will Have To Take Because of The GDPR
First of all, one thing it’s vital to make clear is that the GDPR only applies to those companies that handle personal data of European customers. Data that cannot help identify a person is OK to collect.
This means scraping data like product names, price lists and other public data is still valid and will not put you in odds with the GDPR.
However, if the data you plan to collect has any personally identifiable information such as names, emails and IP addresses – information found in customer reviews etc., you will have to take precautions before performing data crawling.
Here’s what your data provider will have to do:
They will have to check in advance whether users have provided their consent for their data to be collected by you.
In many places, users are usually asked to agree that their data may be shared with third-party services for marketing purposes. If you find this kind of agreement and can see users have consented to their data being collected, only then you can start the crawling process.
But in many cases, most notably social media sites and other private websites, they usually add a clause in their terms that their data cannot be shared or modified. In this case, your service provider cannot collect user data from that source.
The Precautions You Will Have To Take Before Using Data Crawling Services
While GDPR will definitely affect what kind of data scraping companies can collect, it will also affect how you, as a business person or marketer, use the data you obtained.
For starters, you need to have a valid reason for collecting any kind of data you plan to use – whether for marketing purposes or otherwise. Previously, you could just collect any kind of data you wanted and then use the one that you needed at that time.
Now you have to consciously plan ahead what kind of data makes sense for you to collect for your business.
The biggest reason why this pre-planning is important is that it doesn’t matter if your users have provided consent for you to collect their data. If you, yourself, don’t have a valid and legal reason for collecting it, you will be fined.
Now, you might be wondering what data constitutes as being relevant and valid for collection?
According to the European Union, there are three situations where data collection of EU citizens is permitted under GDPR law:
- You have a legitimate reason for collecting data which comes within the context of your client-business relationship.
- You need to collect data to prevent fraud and/or ensure the security of your IT system.
- You want to collect data for direct marketing purposes.
It’s worth noting that in the first point i.e. collecting data within the context of your client relationship, will not hold if your self-interests violate the rights, interests, and freedom of your users. If that happens, you legitimate reason for collecting data becomes null.
How Will Data Crawling Companies Proceed With Web Scraping Under GDPR
Under the GDPR, there are no loopholes you can take advantage of that will make data collection legal unless you have a very good reason for doing so.
Your service provider isn’t responsible if you ask them to collect data you have no legitimate reason for collecting.
This is something you must do your research in before collecting any data.
However, as long as your users know you are collecting their data – and have obtained their consent as proof – you should be safe from the GDPR.
Keep these points in mind when starting your next data crawling process. And don’t forget to ask your web scraping service provider any questions you might have regarding whether it’s safe to collect data from them or not for further clarification. They’ll be sure to change their practices to become compliant with the GDPR but still, it never hurts to ask!