
The legality of web scraping is a complex issue, and it's essential to understand the laws in the United States and abroad.
In the United States, the Computer Fraud and Abuse Act (CFAA) prohibits accessing a computer without authorization or in excess of authorization. This law has been interpreted to apply to web scraping, but the specifics can be murky.
The CFAA does not explicitly mention web scraping, so courts have had to decide on a case-by-case basis whether scraping is allowed.
Myths and Misconceptions
Web scraping is often misunderstood, and it's essential to separate fact from fiction. Web scraping is not inherently illegal, but it's a matter of what you scrape and how you scrape it.
Just like taking pictures with your phone, web scraping is legal in most cases, but scraping confidential documents or an army base might get you in trouble.
Web scraping companies are regular businesses that follow the same rules and regulations as everyone else. They're not operating in a grey area of law.
Take a look at this: Google Sheets Scrape Website
Web scrapers don't exploit vulnerabilities or access data through unauthorized means, unlike traditional hacking. They access websites just like a legitimate human user would.
You're not stealing data when you collect publicly available information online. Imagine taking a note of a shirt's brand and price in a store – you wouldn't think you stole the information.
An ethical scraper respects the original author's work and business model. They don't re-publish or sell original works for their own profit, which is piracy, not scraping.
Legality by Region
Web scraping laws can be complex and vary by region. In the EU, scraping publicly available data from the internet is generally legal, but be cautious when scraping data behind a login, personal data, intellectual property, or confidential data.
You should also check if your scraping violates any EU or national regulations such as the General Data Protection Regulation (GDPR), the Database Directive, or the Digital Single Market Directive.
In the UK, the rules are similar, but you should consider if your conduct doesn't violate any laws, especially when scraping data behind a login, personal data, intellectual property, or confidential data. The most important regulations for web scrapers include the Data Protection Act, the Copyright, Designs and Patents Act, and the Computer Misuse Act.
In the US, the fair use doctrine permits scraping of copyrighted content, but the rules are not clear-cut. The Google Books case established that making virtual copies of copyrighted content can be permitted under fair use, but only if you meet certain conditions.
To apply the fair use doctrine to your scraping, check if you meet these conditions:
- The original content is transformed in a meaningful way. For example, a webpage's HTML is transformed into a list of product names and prices.
- Do not create a competing product. Scraping real estate offers for quantitative analysis is most likely okay, but scraping the same to publish them on your own website is not.
- If you can, do not copy a substantial portion of the original work. If you don't need certain data, don't scrape it.
Guidelines and Best Practices
If you're considering web scraping, it's essential to be mindful of the rules and regulations surrounding it.
Web scraping is not inherently bad, but you should be careful when doing business of any kind. Amber Zamora suggests that an ethical scraper should act as a good citizen of the web, not seeking to overburden the targeted website.
You should check if the website permits bots and automated tools before scraping, as outlined in the best practices for ethical scraping. This involves respecting robots.txt and Terms of Service.
If you're scraping for personal or commercial purposes, you should be aware that personal data and intellectual property are sensitive areas to consider. It's best to consult with a lawyer before scraping in these cases.
To scrape responsibly, developers and organizations should adhere to the following principles: Respect robots.txt and Terms of ServiceRate LimitingAvoid Scraping Personal or Sensitive DataUse APIs When AvailableCite Sources and Use Data TransparentlyBe Transparent with Your Intent
Remember, an ethical scraper does not re-publish or sell original works for its own profit, which is a key factor in permissible scraping in the EU or the US.
Readers also liked: Ethical Web Scraping
Copyright and Fair Use
In the US, the fair use doctrine permits scraping of copyrighted content, but it's not a clear-cut distinction between scientific research and for-profit scraping.
The fundamental case law for applying fair use to scraping is the Authors Guild v. Google (Google Books case), where the court found that making virtual copies of copyrighted content was permitted under fair use.
To apply the fair use doctrine to your scraping, you should check if you meet these conditions:
- The original content is transformed in a meaningful way. For example, a webpage's HTML is transformed into a list of product names and prices.
- Do not create a competing product. Scraping real estate offers for quantitative analysis is most likely okay.
- If you can, do not copy a substantial portion of the original work. If you don't need certain data, don't scrape it.
You should avoid republishing original content, as this can be considered a competing product.
Regulations and Laws
Web scraping is a complex issue, and understanding the regulations and laws surrounding it is crucial. The US has a fair use doctrine that permits scraping of copyrighted content, as seen in the Authors Guild v. Google case.
In the US, the scraping of copyrighted content is permitted by the fair use doctrine, but it's essential to check if you meet the conditions, such as transforming the original content in a meaningful way and not creating a competing product.
The CFAA, a law enacted in 1986, was once a concern for web scrapers in the US, but the Ninth Circuit has conclusively confirmed that scraping publicly available data is not capable of violating the CFAA.
Here's a quick rundown of the key takeaways:
- US fair use doctrine permits scraping of copyrighted content, but check if you meet the conditions.
- CFAA does not apply to public websites, so scraping publicly available data is generally fine.
The GDPR and CCPA are data privacy laws that restrict what businesses can do with contact data they extract, but they don't state that web scraping is illegal.
DSM Directive and Terms
The DSM Directive brings a new level of clarity to web scraping in the EU.
Website owners can opt-out of scraping by expressing a reservation in a machine-readable format, such as using the Disallow command in robots.txt.
This means that scrapers can automatically detect and respect website owners' wishes, without needing to review complex terms and conditions.
However, if a website owner wants to limit scraping through their terms of use, they can do so, but the enforceability of those provisions is uncertain.
The key thing to check is how the contract was created, as this can impact its validity.
CFAA and US Criminal Liability
The Computer Fraud and Abuse Act (CFAA) is a US law that has been a point of contention for web scrapers. It was enacted in 1986, long before the modern Internet existed.
In the US, courts have been debating what "without authorization" means under the CFAA. The law makes accessing a computer system without authorization a criminal offense.
The US Supreme Court has provided some guidance on this issue. In the Van Buren v United States case, the Court held that the CFAA's "exceeds authorized access" provision only applies to those who obtain information from computer networks or databases to which their access does not extend.
The Ninth Circuit Court of Appeals has also weighed in on this issue. In the HiQ v LinkedIn judgment, the Court confirmed that scraping publicly available data is not capable of violating the CFAA.
The Ninth Circuit based its decision on the fact that public websites typically have no limitations on access. Using the "gates-up-or-down inquiry" analogy, the Court noted that there are no gates to lift or lower in the first place.
GDPR and CCPA
The GDPR and CCPA are two significant regulations that aim to protect individuals' personal data. The GDPR, enforced by the European Union, gives EU citizens control over their personally identifiable information by limiting what organizations can do with it.
The GDPR restricts businesses from collecting and using personal data without explicit consent from the data subjects. For instance, in some cases, businesses need to receive explicit consent to gather personal data and use it for various purposes.
The California Consumer Privacy Act (CCPA) also puts businesses collecting personal data under similar strict requirements. Consumers have the right to delete their personal information and opt-out of the sale of their data, as well as receive a right to non-discrimination for exercising their CCPA rights.
The GDPR doesn't explicitly state that web scraping is illegal, but it does put limitations on what businesses can do with the contact data they wish to extract.
Case Studies and Controversies
Web scraping has been at the center of several high-profile cases that have sparked intense debates around its legality.
Ryanair's case against PR Aviation in 2018 is a notable example. The Dutch court ruled that no valid contract had been formed between the companies, as Ryanair's terms of use were presented in a browsewrap, which is not generally accepted as legally binding.
Ryanair's website explicitly prohibits scraping, but the court found that the company's terms of use were not enforceable in this case. This ruling suggests that companies may struggle to enforce their terms of use when it comes to web scraping.
The HiQ Labs v. LinkedIn case in 2019 had a different outcome. The court ruled in favor of HiQ Labs, stating that scraping public data from LinkedIn profiles was not a breach of the CFAA. The court argued that companies should not be able to revoke authorization where one is not needed in the first place.
However, in a later development in 2022, the court found that HiQ Labs' creation of fake accounts to scrape LinkedIn's data violated the platform's user agreement. This led to a settlement between HiQ Labs and LinkedIn, with HiQ Labs agreeing to stop scraping LinkedIn's data.
Ethics and Concerns
Web scraping is a complex topic, and while it's not inherently bad, there are certain concerns to be aware of.
Most websites have clauses in their Terms of Service that prohibit automated data collection, and ignoring these terms can be considered unethical.
Some common ethical issues surrounding web scraping include violating website terms of service, overburdening website servers, and scraping personally identifiable information (PII).
Here are some of the most pressing ethical concerns:
- Violation of Website Terms of Service
- Overburdening Website Servers
- Privacy and Personal Data
- Intellectual Property Rights
- Data Misuse
- Bypassing Access Controls
It's essential to note that web scrapers only collect data that's publicly available on the internet, and public data can't be stolen in the same way that private data can.
Ethical Web Scraping Guidelines
Ethical web scraping is all about being a good citizen of the web. According to Amber Zamora, an ethical scraper should act as a good citizen, not overburdening the targeted website.
The data you scrape should be publicly available, not behind a password authentication barrier. You should also make sure the information is primarily factual in nature and doesn't infringe on the rights of others, including copyrights.
To be confident that your scrapers are ethical, follow these guidelines: The data scraper acts as a good citizen of the web, and does not seek to overburden the targeted website;The information copied was publicly available and not behind a password authentication barrier;The information copied was primarily factual in nature, and the taking did not infringe on the rights — including copyrights — of another; andThe information was used to create a transformative product and was not used to steal market share from the target website by luring away users or creating a substantially similar product.
Remember, an ethical scraper doesn't re-publish or sell original works for its own profit, as that's piracy, not scraping.
Take a look at this: Web Scraping Is Used to Extract What Type of Data
Social Media Platforms' Fight Against Disinformation

Social media platforms are taking a stand against web scraping, but their efforts haven't been entirely successful. Meta Platforms sued Bright Data Ltd. after discovering they were scraping data from its platforms, but the court ruled in favor of Bright Data.
The court found that Meta failed to prove Bright Data scraped non-public data, which is data behind a login screen or password-protected. Meta's evidence didn't show that Bright Data's collection of Facebook or Instagram user data involved unauthorized access.
Using automated programs to bypass CAPTCHAs is different from accessing a password-protected website, according to the court. This nuance highlights the challenges in proving unauthorized data scraping.
Twitter, now known as X Corp., has also sued unknown defendants for web scraping, alleging they taxed Twitter's servers and breached terms of use. However, the court dismissed X's claims related to scraping and selling information, ruling that such activities are permissible under copyright law.
A Digital Economy
In a digital economy, data is considered the most valuable asset, often referred to as the "oil of the digital era." This data is becoming increasingly accessible to the general public due to the emergence of global-scale technology platforms that lower the hosting costs.
The proliferation of web scraping technologies is a significant contributor to the availability of data. These automated technologies collect massive amounts of data on the web, which is then used by companies to power their offerings.
Countless emerging and established companies rely on web scraping to train AI technologies, offer price comparisons, power web-based search functions, and even help law enforcement identify wanted persons.
However, the legality of scraping is a complex issue. In the United States, there is no single legal or regulatory framework governing scraping. The legal regime has been largely reactive, developing in real time as stakeholders make claims about the collection and use of their data.
Here are some key considerations that can affect the legality of scraping:
- The nature of the data being scraped
- The origins of the data
- The technology used to prevent data scraping and the technology used to scrape
- The existence and content of a website's terms of service
Frequently Asked Questions
Is BeautifulSoup illegal?
BeautifulSoup itself is not illegal, but using it to scrape private or password-protected sites without permission is against the law. Always ensure you're scraping public data to avoid any legal issues.
Is web scraping traceable?
Yes, web scraping can be traced due to IP address tracking, traffic pattern analysis, and detection of inconsistencies in bot appearance. Advanced security systems can even block scrapers with high accuracy.
Featured Images: pexels.com


