Italy: Adopted DPA guidance on protecting personal data from web scraping

On 30 May 2024, the Italian Data Protection Authority (DPA) released guidance addressed to public and private entities on safeguarding personal data against web scraping. The guidance advises on measures to prevent the indiscriminate collection of data online by third parties for training generative artificial intelligence models. Recommended measures include creating private areas on websites, incorporating anti-scraping clauses in terms of service, monitoring web traffic for unusual data flows, and implementing bot-specific countermeasures. While these measures are advisory, data controllers are encouraged to consider them based on the principle of accountability, technological advancements, and implementation costs, especially for SMEs.