When would Web Scraping and its Application be Illegal? - Data Security and Privacy Law by Country

Kelly Chen

What is web scraping?

Web scraping is the act of extracting data from websites with techniques, and usually the obtained data is stored into a database or local files of computers. Web scraping helps reduce the time of collecting a large volume of data and is widely used in business, especially for marketing purposes. Meanwhile, the practice of web scraping raises a lot of concerns and controversies, which include whether web scraping is legal or not.

What is the legality of web scraping across the world?

United States

In the United States, there are three common legal claims used to prevent undesired web scraping. The first one is copyright infringement, which means using others’ content without the permission of the owner . The second is the violation of the Computer Fraud and Abuse Act (CFAA), by accessing a computer without authorization. However, Scraping data that is publicly available and not copyrighted does not violate the CFAA. The third is electronic trespass to chattel, which happens when someone intentionally interfered with others’ lawful possession of movable personal properties. In 2003, Intel Corp. brought suit against Kourosh Kenneth Hamidi, a former Intel employee, for receiving unsolicited messages from Hamidi. In this case, Intel Corp. believed that the sending of unwanted e-mail constituted the action of trespass to chattels. However, the US court made the decision that the electronic communication did not constitute an actionable trespass to personal property (which was the computer system in this case) because it did not interfere with the possessor’s use of the personal property itself.

European Union  

General Data Protection Regulation, which was passed under Europe’s data privacy and security law, was put into effect beginning May 25, 2018. Under Article 14 of the GDPR, data controllers have to clearly inform individuals before using personal data when the data has not been directly collected from them. On March 25, 2019, the Polish data protection authority (DPA) fined data analytics company Bisnode for not fulfilling the obligation in Article 14 of the GDPR. Bisnode obtained personal data from the public registers of business owners and used them for business purposes; however, Bisnode only directly informed some of the individuals since it only obtained email addresses for those. For others, Bisnode simply posted a notice on its website, and thus GDPR’s Article 14 was violated and Bisnode was fined approximately 1 million PLN (approximately 278.5 thousand US Dollar).

Australia

The Spam Act 2003 was passed by the Australian Parliament to restrict spam, including email spam, phone spam, and  email address harvesting. The act states that both possession and use of address‑harvesting software and harvested‑address lists are illegal. In addition, the Spam Act requires all marketing emails to be sent with the consent of the recipients, and all emails must include an option for recipients to opt-out of receiving further emails. The company behind the GraysOnline shopping websites was fined $165,000 after using a harvested-address email list which breached the Spam Act.

China

The Cybersecurity Law of the People’s Republic of China (known as the Chinese Cybersecurity Law) was implemented by the Standing Committee of the National People’s Congress on June 1, 2017. Under Article 22, network product and service providers have to inform and obtain the consent of information owners before disclosing such personal information to others. The exception is that such personal information after being processed fails to identify specific persons or to be restored. By Article 41, network operators have to obtain and use personal information in a legal and proper manner. On November 24, 2017, three people were convicted of the crime of illegally collected data from the server of Beijing ByteDance Networking Technology Co., Ltd.

Conclusion

In short, web scraping itself is not illegal in most countries, but it is usually illegal to scrape private personal data or use the scraped information without consent. If one is uncertain about the legality of web scraping, a safe action to take would be to consult a lawyer. 

References

Beckham, J.. 2003. "Intel v. Hamidi: Spam as a Trespass to Chattels - Deconstruction of a Private Right of Action in California". The John Marshall Journal of Information Technology & Privacy Law. 22: 205–228.

Hirschey, J.. 2014. “Symbiotic Relationships: Pragmatic Acceptance of Data Scraping.” Berkeley Technology Law Journal 29: 897-927.

Lee, Jyh-An.. 2018. "Hacking into China's Cybersecurity Law" (PDF). Wake Forest Law Review. 53: 57–104.

Pikulíka, T., Štarchoň, P.. 2020. "Public registers with personal data under scrutiny of DPA regulators". Procedia Computer Science. 170: 1174–1179.

Qian, L., Tao, J. 2020. "Rethinking Criminal Sanctions on Data Scraping in China Based on a Case Study of Illegally Obtaining Specific Data by Crawlers". China Legal Science. 8: 136.

Torresan, D.. 2013. "Keeping Good Companies". informit. 65: 668–669.