Jan 17, 201912:47 PMLegal Login
with Mindi Giftos
What you need to know about the legal implications of data scraping
(page 1 of 2)
Let’s say that your next idea — which could be the next big idea — involves a web-based collection, compilation, or some presentation of a sliver of “big data” so pioneering, maybe even disruptive, that customers and investors will come chomping at the bit to get their hands on it. Your idea, undoubtedly, has an e-commerce angle, such as a proprietary feature complete with pricing information indexed for your customers’ convenience. A meaningful portion of your solution’s value will likely stem from this carefully selected catalog of prices. So, how do you protect it?
There are several mechanisms of protection at your disposable — some technical and others legal, for example. Determining the specific type and degree of security measures that you will deploy to defend against the myriad of potential threats is a business decision, which must be made early and revisited often. However, one modern technical phenomenon, data scraping, presents a particularly tricky business dilemma warranting a deeper level of analysis.
Data scraping is a technical means for gathering and copying targeted data from a website or other database. In general, data scraping can consist of using computer programs to process a website’s human-readable content or HTML instead of relying on a website’s API, which typically requires prior authorization from the website owner or operator. Data scraping is the primary means deployed by internet search engines and web aggregators to catalog and organize the immense dataset found online. There is often a great mutual benefit in the relationship between web aggregators and the targeted web sites. Aggregators need content to function, and website owners, presumably, want web users to see their content; however, it is not always clear what the law proscribes when the owner of a website desires to shield its content from the data-scraping technology employed by search engines and others.
As the business and legal worlds continue to grapple with the full scope and latitude of data scraping, it is important to consider its implications from both perspectives. From the legal perspective, lawmakers, lawyers, and judges are continually working to conceptualize data scraping in a manner that fits the existing legal landscape. The ever-changing nature of the internet, and all aspects associated therewith, including data scraping, makes it difficult for the law to keep pace; especially since the law is notorious for lagging behind the pace of developmental progress for contemporary technologies. So, as the internet continues to evolve, dislocating one industry after another, there is a remarkable irony at the heart of it all — the legal ambiguity of data scraping.
As we have discussed before, one legal regime currently wrestling with the concept of data scraping is the Computer Fraud and Abuse Act (CFAA), which proscribes unauthorized access to a protected computer in the form of either (i) access without authorization, or (ii) use that exceeds authorized access, such authorization to access being either expressed or implied. Under the CFAA, courts have held that certain uses of data-scraping software to extract information from or gain access to a database or website are actionable, and companies that employ data-scraping and data-crawling software should ignore the CFAA at their own peril.