How to legally process scraped or enriched contact data?

Scraped and enriched data presents significant legal challenges under modern privacy frameworks.

Public doesn't mean freely usable: Data being publicly available (LinkedIn profiles, company websites) doesn't automatically provide legal basis to process it for marketing. GDPR requires lawful basis regardless of data source.

• Scraping risks:
• May violate website terms of service
• Could breach Computer Fraud and Abuse Act (US) or similar laws
• Violates robots.txt directives in many cases
• Platforms actively pursue scrapers legally
• Enrichment considerations:
• Combining data from multiple sources creates new processing
• Each data element needs lawful basis
• Aggregated profiles may reveal more than individuals intended
• Documentation requirements:
• Document where each data element came from
• Conduct legitimate interest assessment
• Prepare to explain and justify your basis if challenged
• Transparency obligations:
• Under GDPR, individuals have right to know how you obtained their data
• Scraping LinkedIn may not satisfy recipient expectations
• Be prepared to answer and potentially delete data on request
• Consult legal counsel before building programs on scraped data.