Is Data & Web Scraping Legal?

Web scraping is the process of accurately obtaining and storing publicly available data or creating data sets. Although it is legal to scrape public data, there are some situations that need to be considered when web scraping. We will explain these situations in detail in our article.

What is Web Scraping?

Web Scraping, or Web Scraping as it is known globally, is essentially a method of obtaining internet data. There are also terms such as data extraction and data harvesting, but Web Scraping is the most commonly used name. Web Scraping means crawling HTML pages, optimizing them and storing them in the desired format. A web page is HTML as standard, and storing the data you need in this web page in Json or in a different format is called Web scraping.

It is legal to scrape public, publicly available data on the Internet. However, it is necessary to pay attention to the website’s terms of use and to be careful not to abuse the website’s rules when scraping these websites. Each website may have rules on the use of third parties when providing public data in its terms of use.

The fact that Data Scraping is legal when done publicly means that you must not violate the rules of that website when reusing or processing that data. When scraping content such as personal data, intellectual property, logos, news, copyrights, etc., it is especially important to read the website terms of use and pay attention to them to avoid legal problems.

It is useful to read the laws of the European Union and the country of the website where you scrape data, although public data is legal and obtainable, you should know that you should not scrape if the website you scrape data from does not allow them in the usage agreement. For example, Sahibinden.com, the largest car and home listing website in Turkey, explicitly states in their service agreement that they do not allow Web scraping. We leave the sentence about scraping in Sahibinden’s service agreement as an example below:

Attempting to access the “Site” in a way that prevents, disrupts or interferes with the communication or technical systems of the “Portal”, using automatic programs, robots, spiders, web crawlers, spiders, data mining, data crawling, etc. on the Site. In case of using “screen scraping” software or systems, automatic tools or manual processes, unauthorized access to other users’ data or software, running bots as a result of determinations to be made according to various criteria, DDOS attacks and all other kinds of systems to disrupt, change, reduce or destroy the current performance of all or part of the systems and all other attacks on all kinds of systems and other unlawful uses, such uses will be blocked at the discretion of SAHİBİNDEN.

What are the Data Scraping laws around the world?

US courts generally hold that public data should be freely shared and that public data can be freely obtained. However, violations such as personal data, copyrights, and data that exists after logging in, rather than indexable pages of the relevant website, are not permitted. The US has modeled data scraping on laws such as the California Consumer Privacy Act (CCPA), the Computer Fraud and Abuse Act (CFAA) and the Copyright Act.

The European Union, like the United States, also maintains that publicly available data can be openly collected, with the exception of personal data, data obtained after logging in, and copyrighted data. Also, make sure that your collection does not violate any EU or national regulations, such as the General Data Protection Regulation (GDPR), the Database Directive or the Digital Single Market Directive.

The UK, like the US and the EU, argues that public data can be openly collected. But again, you should be particularly mindful when collecting the data behind a login, personal data, intellectual property or confidential data. The most important regulations for web scrapers include the Data Protection Act, the Copyright, Designs and Patents Act and the Computer Misuse Act.

There is no legal law on data scraping in Turkey, but it can become a criminal offense if the website from which the data is scraped receives repeated requests from the same IP address, the website is attacked by a DDOS attack, and the website is functionally damaged. Although there is no data scraping law in Turkey, it is possible to collect publicly available data, just like the laws in Europe, the US and the UK. However, it is necessary to pay attention to whether the website to be scraped allows data scraping in the robots.txt file or in the Usage, service agreement, and it is necessary to obtain permission from that website.

Take care before collecting personal data

Not so long ago, few people worried about personal data. There were no specific regulations and everyone’s name, birthday and shopping preferences were freely available. This is no longer the case in the European Union (EU), California and other jurisdictions. If you collect personal data, you should always familiarize yourself with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) and your local regulations.

Because regulations around the world are different, you need to think carefully about where and whose data you collect. In some countries this may be completely fine, while in other places you should avoid personal data altogether. If you want to learn more, here is a great comparison of GDPR and CCPA.

So what is personal data (information)?

The GDPR defines personal data as follows: “Personal data relate to an identified or identifiable natural person means any information” This is a bit hard to read, but it gives us an idea of how broad the definition is. Almost anything can be personal data if it relates to a specific person. The CCPA definition is quite similar, but calls it personal information. To simplify, we will only use the term personal data.

Let’s look at some examples of personal data to illustrate the breadth of the definition:

  • Official data about a person
    • name, surname
    • date of birth
    • address
    • social security number, passport number, national identification number
    • employment information
  • Contact details
    • telephone number
    • e-posta adresi
    • IP adress
    • Facebook, Twitter and other network accounts
  • Data frequently collected by apps
    • location by address or GPS
    • shopping preferences
    • behavioral data
  • Video + audio recordings of individuals and biometric data
  • Special categories of personal data
    • sex, gender and sexual orientation
    • racial or ethnic origin
    • religious beliefs
    • political views
    • medical records

As you can see, almost any information about a person constitutes personal data. Note that this is not an exhaustive list. When in doubt, read the definition again and try to decide whether your information fits in.

Social media platforms’ fight against data scraping

Meta Platforms, namely Instagram and Facebook, formerly Twitter (X), have sued a number of companies over data scraping in the past and have taken a stand on the issue. While most of these lawsuits have not been accepted by the US, there are rumors that platforms are doing this to intimidate small data scraping companies. To emphasize their commitment
They have filed several lawsuits against companies such as Octopus Data, Inc. , BrandTotal Ltd. , Ekrem Ateş , Social Data Trading Ltd. (as mentioned earlier) and most recently Bright Data Ltd. in connection with various web scraping software or services.

s 094687845e278ca031939650e13f5bf400657bc6

Under US law, data scraping that collects publicly available data is considered legal, but data scraping that involves logging in, i.e. creating perhaps thousands of accounts, to extract non-public data from a website that can only be obtained by logging in, is illegal, i.e. illegal.

Meta sues a Turkish Ekrem Ateş

In 2022, Meta sued Ekrem Ateş, who collected Instagram’s non-public profile data with thousands of bot accounts. You can access the case file here. The rough detail of the case is actually about the public remarketing of those profiles with bot accounts, even though the Instagram profiles belonging to Meta are closed. The cases of companies such as Brightdata and Octoparse have been finalized, but we do not yet know what Ekrem Ateş’s case is.

Meta lost its legal battle against Bright Data, which it had previously used for data scraping but later sued for scraping data from its platforms.

The court found that Meta failed to prove that the company collected non-public data – that is, data that was not behind a login screen or password protected. Meta’s evidence did not sufficiently show that Bright Data’s collection of publicly available Facebook or Instagram user data involved unauthorized access or breached the terms of the contract.

Conclusion

So, is web scraping legal or not? Is data scraping legal? It’s a complex problem, but we firmly believe it is, and we hope this short and boldly simplified legal analysis has convinced you too. We also believe that web scraping has a great future ahead of it. We can see a slow but steady paradigm shift in the acceptance of scraping as a useful and ethical tool for gathering information and even creating new knowledge on the internet.

According to Statista, the big data market is growing in revenue every year and it is only natural that web scraping, a powerful data collection method, is gaining more popularity. However, with more and more people adopting it, the legality of web scraping has become a hotly debated topic among developers and others working in the field.

As a result, data scraping automation allows people to do things faster with proxy and data scraping bots that they can do by surfing the web. But of course, it is useful to pay attention to the rules of the websites when it comes to remarketing these data sets. In addition, logging in and publicly publishing parts of the website that are not actually visible but are visible by logging in can create legal problems. So make sure you read our article above carefully.

Also, do not forget to get support from a professional company like us to avoid legal problems in data scraping processes.

Proxynet © 2025 · All Rights Reserved