Treasury has published a discussion paper on options for regulating screen scraping practices that involve consumers sharing login details with third parties to access their accounts to collect data to support the provision of products and services.

The Treasury consultation focuses on screen scraping practices relating to loans or financial management products, including the sharing of internet banking login details.

Screen scraping is currently widely used in the lending sector to assess a consumer’s financial position, including for responsible lending credit assessment.

The discussion paper seeks views on the nature of the screen scraping market, risks to consumers, the broader regulatory context and the comparability of data accessed through screen scraping with the Consumer Data Right (CDR).

It also seeks views on the recommendation of the Statutory Review of the CDR that screen scraping be banned where the CDR is a viable alternative.

CDR has been discussed as a safer way for consumers to digitally share their data to receive a service compared to screen scraping, as it does not require consumers to share their login details and can offer protections around what data is collected and how this data can be used and disclosed.

Privacy issues

Separately the Privacy Commissioner has highlighted significant privacy concerns as screen scraping technologies can be exploited for purposes including monetisation through reselling data to third-party websites, including to malicious actors, private analysis or intelligence gathering.

With respect to the issue of data scraping on social media platforms and other publicly accessible sites, the Privacy Commissioner has observed that:
• Personal information that is publicly accessible is still subject to data protection and privacy laws in most jurisdictions.
• Social media companies and the operators of websites that host publicly accessible personal data have obligations under data protection and privacy laws to protect personal information on their platforms from unlawful data scraping.
• Mass data scraping incidents that harvest personal information can constitute reportable data breaches in many jurisdictions.
• Individuals can also take steps to protect their personal information from data scraping, and social media companies have a role to play in enabling users to engage with their services in a privacy protective manner.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.