Is Web Scraping Legal?
The short answer: scraping publicly available data is generally legal, but there are important boundaries. The legality depends on what data you collect, how you collect it, what you do with it, and which jurisdiction you operate in. This page covers the key considerations - but it is not legal advice. Consult a lawyer for your specific situation.
Key legal principles
Public data is generally fair game
Data that is publicly accessible on the web - visible to anyone without logging in - has been the subject of several court cases. The general direction of US case law is that scraping publicly available data is not a violation of the Computer Fraud and Abuse Act (CFAA). The landmark hiQ Labs v. LinkedIn case established that accessing public data does not constitute "unauthorized access" under the CFAA.
Logging in changes the picture
Scraping data that requires authentication - logging into an account to access content behind a login wall - raises different legal questions. If you agreed to terms of service when creating the account, scraping may violate those terms. Courts have treated access to login-protected data differently from access to public pages.
Personal data has extra protections
Regulations like the EU's GDPR and California's CCPA place restrictions on how personal data is collected, stored, and used - regardless of whether that data is publicly visible. Scraping names, email addresses, phone numbers, or other personal information may trigger compliance obligations even if the data is on a public page.
Copyright still applies
Scraping factual data (prices, product specifications, business hours) is generally fine. Scraping and republishing copyrighted content (articles, images, creative writing) without permission is a copyright issue, not a scraping issue. The method of collection does not change copyright law.
Notable court cases
hiQ Labs v. LinkedIn (2022)
The Ninth Circuit ruled that scraping publicly available LinkedIn profiles did not violate the CFAA. The court found that the CFAA's "without authorization" language applies to accessing systems that are not publicly accessible, not to collecting data from public web pages. This case is widely cited as supporting the legality of scraping public data.
Meta v. Bright Data (2024)
A federal court ruled that scraping publicly available data from Facebook and Instagram did not violate the CFAA or California's computer access laws. The court emphasized the distinction between public and non-public data, reinforcing the principle from hiQ v. LinkedIn.
Van Buren v. United States (2021)
The Supreme Court narrowed the scope of the CFAA, ruling that the law covers accessing information on a computer that someone is not entitled to access, not misusing information that someone is otherwise authorized to access. This narrower interpretation has been applied in web scraping cases.
Note: Case law evolves and varies by jurisdiction. These summaries describe general trends in US law. If you operate outside the US or your use case involves sensitive data, seek jurisdiction-specific legal advice.
Laws and regulations to be aware of
CFAA (US)
The Computer Fraud and Abuse Act prohibits accessing a computer "without authorization." Recent case law has generally held that this does not apply to scraping publicly accessible web pages.
GDPR (EU)
The General Data Protection Regulation restricts processing of personal data. If you scrape data that identifies individuals (names, emails, profiles), you need a lawful basis for processing under GDPR.
CCPA (California)
The California Consumer Privacy Act gives California residents rights over their personal information. Collecting personal data of California residents may create compliance obligations.
Copyright law
Copyrighted content remains protected regardless of how it is collected. Scraping factual data is different from scraping creative works. When in doubt, focus on facts and data points rather than original content.
Guidelines for responsible scraping
Scrape public data only
Stick to data that is visible to any visitor without logging in. If you need to create an account or log in to access the data, that changes the legal analysis significantly.
Respect robots.txt
While robots.txt is not legally binding in most jurisdictions, respecting it demonstrates good faith. If a site's robots.txt asks you not to crawl certain pages, consider whether you have a good reason to access them anyway.
Be careful with personal data
If your scraping involves personal information (names, contact details, profile data), understand your obligations under GDPR, CCPA, or other applicable privacy laws. The fact that data is public does not exempt it from privacy regulations.
Do not overload servers
Space out your requests reasonably. Sending thousands of requests per second to a website can degrade their service for other users. Beyond being inconsiderate, excessive load could be seen as a denial-of-service attack.
Use data responsibly
How you use the scraped data matters as much as how you collect it. Using scraped data to build a competing product, spam people, or republish copyrighted content creates legal risks beyond the scraping itself.
Review terms of service
While terms of service violations are generally a civil matter (breach of contract) rather than a criminal one, knowing what the site's terms say about automated access helps you make informed decisions about risk.
Important disclaimer
This page provides a general overview of the legal landscape around web scraping. It is not legal advice. Laws vary by jurisdiction, change over time, and apply differently depending on your specific use case. If you have questions about whether your scraping activity is legal, consult a lawyer who specializes in technology law in your jurisdiction.
Browser7 is a tool for rendering web pages. How you use the data you collect is your responsibility. Please ensure your use of Browser7 complies with applicable laws and the reasonable expectations of the websites you access. See our FAQ and Terms of Service for more on responsible use.
Learn more
- Web Scraping Best Practices - technical and ethical guidelines
- What Is Web Scraping? - how web scraping works
- FAQ - common questions about Browser7 and responsible use