Data scraping is a collection method that is capable of automatically collecting large volumes of data in a short space of time. As such, if the collection effort falls under the purview of the GDPR, the Collector must implement the principle of data minimisation in the programming of the data scraping tool (see BP 2).1 This involves instructing the data scraper to collect only that data which is necessary to achieve the aims of the collection effort, for example data relating to a particular date or place.
If the GDPR does not apply to the collection effort, Collectors should still adhere to data minimisation as a best practice as this increases the chances that any infringement on privacy in the data collection effort will be considered proportionate and therefore justified. The automated characteristics of data scraping makes this particularly advisable, as privacy protections tend to be more stringent when applied to automated processes.
Legal Framework
See section 4.2.2.C. on the role that the principle of data minimisation plays in protecting the right to privacy. Observing data minimisation increases the chances that a data collection effort’s infringement on privacy will be considered proportionate and therefore justified.
See also Big Brother Watch and Others v. United Kingdom, Judgment, para. 330, where the Court found that ‘the need for safeguards will be all the greater where the protection of personal data undergoing automatic processing is concerned’.
See section 4.2.4.B on ‘Scope of the GDPR’ and ‘Data Protection Measures’.
Applicable Ethical Principles Legal Awareness