Balancing Security and Privacy: Web Bot Detection, Privacy Challenges, and Regulatory Compliance under the GDPR and AI Act [version 1; peer review: 2 approved]
This paper presents a comprehensive analysis of web bot activity, exploring both offensive and defensive perspectives within the context of modern web infrastructure. As bots play a dual role—enabling malicious activities like credential stuffing and scraping while also facilitating benign automatio...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
F1000 Research Ltd
2025-03-01
|
| Series: | Open Research Europe |
| Subjects: | |
| Online Access: | https://open-research-europe.ec.europa.eu/articles/5-76/v1 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849767591940194304 |
|---|---|
| author | Javier Martínez Llamas Davy Preuveneers Koen Vranckaert Wouter Joosen |
| author_facet | Javier Martínez Llamas Davy Preuveneers Koen Vranckaert Wouter Joosen |
| author_sort | Javier Martínez Llamas |
| collection | DOAJ |
| description | This paper presents a comprehensive analysis of web bot activity, exploring both offensive and defensive perspectives within the context of modern web infrastructure. As bots play a dual role—enabling malicious activities like credential stuffing and scraping while also facilitating benign automation—distinguishing between humans, good bots, and bad bots has become increasingly critical. We examine the technical challenges of detecting web bots amidst large volumes of benign traffic, highlighting the privacy risks involved in monitoring users at scale. Additionally, the study dives into the use of Privacy Enhancing Technologies (PETs) to strike a balance between bot detection and user privacy. These technologies provide innovative approaches to minimising data exposure while maintaining the effectiveness of bot-detection mechanisms. Furthermore, we explore the legal and ethical considerations associated with bot detection, mapping the technical solutions to the regulatory frameworks set forth by the EU General Data Protection Regulation (GDPR) and the Artificial Intelligence Act (AI Act). By analysing these regulatory constraints, we provide insights into how organisations can ensure compliance while maintaining robust bot defence strategies, fostering a responsible approach to cybersecurity in a privacy-conscious world. |
| format | Article |
| id | doaj-art-c116eb178aee4fab9259062de7afb677 |
| institution | DOAJ |
| issn | 2732-5121 |
| language | English |
| publishDate | 2025-03-01 |
| publisher | F1000 Research Ltd |
| record_format | Article |
| series | Open Research Europe |
| spelling | doaj-art-c116eb178aee4fab9259062de7afb6772025-08-20T03:04:07ZengF1000 Research LtdOpen Research Europe2732-51212025-03-01510.12688/openreseurope.19347.120938Balancing Security and Privacy: Web Bot Detection, Privacy Challenges, and Regulatory Compliance under the GDPR and AI Act [version 1; peer review: 2 approved]Javier Martínez Llamas0https://orcid.org/0000-0002-1946-4660Davy Preuveneers1https://orcid.org/0000-0002-1946-4660Koen Vranckaert2Wouter Joosen3DistriNet, KU Leuven, Celestijnenlaan 200A, 3001 Heverlee, BelgiumDistriNet, KU Leuven, Celestijnenlaan 200A, 3001 Heverlee, BelgiumCiTiP, KU Leuven, Sint-Michielsstraat 6 box 3443, 3000 Leuven, BelgiumDistriNet, KU Leuven, Celestijnenlaan 200A, 3001 Heverlee, BelgiumThis paper presents a comprehensive analysis of web bot activity, exploring both offensive and defensive perspectives within the context of modern web infrastructure. As bots play a dual role—enabling malicious activities like credential stuffing and scraping while also facilitating benign automation—distinguishing between humans, good bots, and bad bots has become increasingly critical. We examine the technical challenges of detecting web bots amidst large volumes of benign traffic, highlighting the privacy risks involved in monitoring users at scale. Additionally, the study dives into the use of Privacy Enhancing Technologies (PETs) to strike a balance between bot detection and user privacy. These technologies provide innovative approaches to minimising data exposure while maintaining the effectiveness of bot-detection mechanisms. Furthermore, we explore the legal and ethical considerations associated with bot detection, mapping the technical solutions to the regulatory frameworks set forth by the EU General Data Protection Regulation (GDPR) and the Artificial Intelligence Act (AI Act). By analysing these regulatory constraints, we provide insights into how organisations can ensure compliance while maintaining robust bot defence strategies, fostering a responsible approach to cybersecurity in a privacy-conscious world.https://open-research-europe.ec.europa.eu/articles/5-76/v1web bots; attacks; defences; privacy enhancing technologies; complianceeng |
| spellingShingle | Javier Martínez Llamas Davy Preuveneers Koen Vranckaert Wouter Joosen Balancing Security and Privacy: Web Bot Detection, Privacy Challenges, and Regulatory Compliance under the GDPR and AI Act [version 1; peer review: 2 approved] Open Research Europe web bots; attacks; defences; privacy enhancing technologies; compliance eng |
| title | Balancing Security and Privacy: Web Bot Detection, Privacy Challenges, and Regulatory Compliance under the GDPR and AI Act [version 1; peer review: 2 approved] |
| title_full | Balancing Security and Privacy: Web Bot Detection, Privacy Challenges, and Regulatory Compliance under the GDPR and AI Act [version 1; peer review: 2 approved] |
| title_fullStr | Balancing Security and Privacy: Web Bot Detection, Privacy Challenges, and Regulatory Compliance under the GDPR and AI Act [version 1; peer review: 2 approved] |
| title_full_unstemmed | Balancing Security and Privacy: Web Bot Detection, Privacy Challenges, and Regulatory Compliance under the GDPR and AI Act [version 1; peer review: 2 approved] |
| title_short | Balancing Security and Privacy: Web Bot Detection, Privacy Challenges, and Regulatory Compliance under the GDPR and AI Act [version 1; peer review: 2 approved] |
| title_sort | balancing security and privacy web bot detection privacy challenges and regulatory compliance under the gdpr and ai act version 1 peer review 2 approved |
| topic | web bots; attacks; defences; privacy enhancing technologies; compliance eng |
| url | https://open-research-europe.ec.europa.eu/articles/5-76/v1 |
| work_keys_str_mv | AT javiermartinezllamas balancingsecurityandprivacywebbotdetectionprivacychallengesandregulatorycomplianceunderthegdprandaiactversion1peerreview2approved AT davypreuveneers balancingsecurityandprivacywebbotdetectionprivacychallengesandregulatorycomplianceunderthegdprandaiactversion1peerreview2approved AT koenvranckaert balancingsecurityandprivacywebbotdetectionprivacychallengesandregulatorycomplianceunderthegdprandaiactversion1peerreview2approved AT wouterjoosen balancingsecurityandprivacywebbotdetectionprivacychallengesandregulatorycomplianceunderthegdprandaiactversion1peerreview2approved |