Meta, the American multinational technology conglomerate that owns Facebook, Instagram, and WhatsApp, has recently announced that it is suing the US subsidiary of a Chinese tech company Shenzhen Vision Information Technology Co., on the grounds of data-scraping from Facebook and Instagram.
Legal actions are being taken against Octopus Data, the US offshoot of a Chinese national high-tech enterprise Shenzhen Vision, which the parent website claims to have launched in 2016.
Meta also revealed that it is suing a Turkish individual identified as Ekrem Ateş, who allegedly set up automated accounts on Instagram to scrape data from about 350,000 Instagram profiles. The social media giant alleges that Ateş published the scraped data to their own websites, or so-called ‘clone sites’.
In its most general form, data scraping refers to a technique in which a computer program extracts data from the output generated from another program. Data scraping commonly manifests itself in the form of web scraping, which is the process of using an application or automated tool to extract valuable information en-masse from a website.
Social media giants and internet companies such as Meta are common victims of web-scraping. Despite a potential threat to sensitive private information, data scraping or, in this case, web scraping is, to one’s surprise, legalized in the US.
Almost three months earlier, a US court reaffirmed in a ruling that web-scraping is legal, which came as a verdict of a long-standing legal battle between LinkedIn, a Microsoft-owned platform, and Hiq Labs, a data science company. The latter had scraped private information from LinkedIn to assist its customers in predicting employee attrition. The court ruled that the action of scraping publicly accessible information does not infringe the Computer Fraud and Abuse Act (CFAA). CFAA is a cybersecurity law governing computer hacking in the US.
The decision by the US court came as a relief for professionals and amateurs across the industrial sectors, including journalists, researchers, and archivists whose jobs regularly involve scraping publicly available data. However, it sparked legitimate privacy and security concerns among users about how their publicly accessible data is harnessed without their permission.
It seems that in lieu of the decision for the ‘LinkedIn vs. Hiq Labs’ case, Meta is pursuing matters against Octopus Data through the Digital Millennium Copyright Act (DMCA) instead of targeting the entities under the Computer Fraud and Abuse Act (CFAA). The DMCA is more focused on intellectual property and copyright infringements than hacking.
In its accusations, Meta affirms that Octopus Data charges a fee to its customers to grant access to a software product named ‘Octoparse,’ which can launch scraping attacks. Besides, the customers can pay Octopus Data to scrape websites directly. For the software to work, the customers are required to give access to their accounts, which allows the software to scrape data that is usually only available to logged-in users. The personal data includes email addresses, phone numbers, birthdates, Facebook friends, Instagram followers, and more.
In a blog post, Jessica Romero, director of platform enforcement and litigation at Meta, wrote that their lawsuit alleges Octopus Data violated Meta’s Terms of Service and the Digital Millennium Copyright Act. She added that the accused did so by engaging in unauthorized automated scraping of data and by attempting to conceal their scraping to avoid being detected and blocked from Instagram and Facebook.
In its court filing, Meta specifically points toward certain parts of Section 3 of its Terms of Service, which state that users own the intellectual property rights such as copyrights and trademarks in any content they may create and share on any Meta company platforms. The terms of service also state that users have rights to their content and are free to share it with anyone or wherever they want.
Further down the section, it also mentions that the user cannot collect other users’ content or information. It also forbids users from accessing Facebook using automated means such as harvesting bots without Meta’s prior permission.
Web-scraping, or in broad terms, data scraping, is a practice as old as the internet itself, and the possibility of getting rid of web-scrapers seems almost impossible, considering its prevalence. However, considering the potential threat it poses to the users’ private data, actions are being taken in favor of the victims. By targeting some of the top data scraping offenders at an individual and corporate level, Meta seems to be warning others from following suit. In light of Meta’s recent victory, it is likely that the outcome of the ‘Meta vs. Octopus Data’ case would be in the social media giant’s favor.