I’m currently doing a bit of research on the issues surrounding web-scraping for B2B contacts.
We’re talking here data that’d be available via a search engine, nothing like exporting data out of a closed environment, etc.
To summarise topics I’ve picked up so far:
– Verify nature and origin of data
– Minimise data collection to what is needed
– Inform data subjects of the data processing
– Contracts with sub processors
– If necessary ROPA
– Allow opt-out
– Processing is in line with purpose for which it was made public in the first place
Anything else I’m missing?
Establish your lawful basis for processing, and a legitimate interests assessment if you need one?
fair enough, that’s part of the plan indeed 🙂
I would check the services or sources of the information that may be web-scraped. For example, it’s against the terms of service for LinkedIn to scrap data, so if we break the T&Cs of the service then I can’t see how LI would be a good lawful basis, but we’ve gone against terms that the individual B2B contact has signed up to.
In your assessment/research, I would suggest that there are two things to consider here; 1) Privacy and 2) Data protection.
1) Privacy – Someone’s privacy is not reduced or void if someone has published their information in a specific place, for a specific purpose.
2) Data Protection – is the protection from unwarranted use of the data, and therefore is different from privacy but works hand in hand *with* privacy.
Hope that helps.