Is Web Scraping Legal? What the Law Actually Says (2026)

Short answer: web scraping is not illegal in itself. Courts in the US and elsewhere have repeatedly declined to treat the automated collection of publicly available data as a crime. But "not illegal in itself" is not the same as "always legal" — what you scrape, how you scrape it, and what you do with the data afterwards can each create real legal risk. This guide explains where the lines actually are, in plain language.

⚠️ Disclaimer: this article is general information, not legal advice. Laws differ between countries and change over time. If you're planning a large-scale or commercially sensitive scraping project, consult a lawyer in your jurisdiction.
Is web scraping legal — laws, cases and practical rules
Web scraping legality depends on what you collect, how you access it, and how you use it.

The four factors that decide whether scraping is legal

1. Is the data public?

This is the single biggest factor. Data that any visitor can see without logging in — business listings, prices, product details, published contact information — sits at the low-risk end of the spectrum. Data behind a login, a paywall, or any access control is a different story: courts treat bypassing those barriers far more seriously, and doing so can bring computer-misuse laws into play. As a simple rule, if you have to break through a gate to reach the data, the legal picture changes completely.

2. Is it personal data?

Business information (a company's name, address, phone number, category) is treated very differently from personal information about individuals. Once you're collecting data about identifiable people, privacy laws apply — the GDPR in Europe, the UK GDPR, the CCPA/CPRA in California, and similar laws elsewhere. These laws don't ban collection outright, but they require a lawful basis for processing, and they apply even to data that is publicly visible. The record fines against facial-recognition company Clearview AI, which scraped billions of personal photos, show that regulators take this seriously. If your scraping targets business listings rather than people, your privacy-law exposure is much smaller — but any outreach you do with the data must still comply with anti-spam and telemarketing rules like CAN-SPAM or the GDPR's marketing provisions.

3. Is the content protected by copyright?

Facts are not copyrightable — a phone number, an address, a price, or an opening time belongs to no one. But creative content is protected: articles, photographs, reviews written by users, and substantial portions of curated databases. Scraping factual data points is legally very different from copying and republishing someone's written content. If your use case is lead lists and market data, you're mostly in facts territory; if you plan to republish scraped content, you're in copyright territory and should get advice.

4. What do the website's terms of service say?

Most large websites prohibit automated data collection in their terms. Violating terms of service is not a criminal offense — it's at most a contract issue — and courts have wrestled for years with when ToS violations matter and how they can be enforced. In practice, the operational consequence is usually being rate-limited or blocked. The legal exposure grows when ToS violations are combined with the aggravating factors above: bypassing logins, harvesting personal data at scale, or harming the website's operation.

What the landmark cases actually decided

hiQ Labs v. LinkedIn (US). The most cited scraping case. The Ninth Circuit held that scraping publicly available data — pages visible without logging in — does not violate the Computer Fraud and Abuse Act (CFAA), the main US anti-hacking law. The long-running case later ended with hiQ losing on other grounds (breach of LinkedIn's user agreement, tied to how the scraping was carried out), which neatly illustrates the overall lesson: public scraping isn't hacking, but how you do it still matters.

Van Buren v. United States (US Supreme Court, 2021). Not a scraping case directly, but it narrowed the CFAA significantly: the law targets accessing systems or areas you're not entitled to access at all — a "gates-up-or-down" test — rather than misusing access you legitimately have. This ruling is a large part of why public-data scraping sits outside the CFAA's reach.

Meta v. Bright Data (US, 2024). A federal court ruled in favor of the data-collection company, finding that scraping public Facebook and Instagram pages while logged out did not breach Meta's terms, since those terms bind account holders using their accounts. Another data point in the same direction: publicly accessible data, collected without logging in, keeps landing on the permissible side.

In Europe, the focus is less on anti-hacking law and more on the GDPR and database rights. The pattern holds: collecting public, factual business data is broadly tolerated; harvesting personal data at scale without a lawful basis is where enforcement lands.

So where does that leave everyday scraping?

Scraping public business listings — the kind of data a Google Maps scraper or a Facebook pages extraction workflow collects — is on the well-established, lower-risk end of the spectrum: the data is public, it's factual, and businesses publish it precisely so that people can find and contact them. That's exactly the category the case law above has repeatedly declined to criminalize.

The risk profile rises as you move away from that category: logged-in scraping, personal profiles, copyrighted content, aggressive request volumes that degrade a site, or reselling scraped datasets wholesale. Different project, different rules.

Practical rules for staying on the right side

Frequently asked questions

Can I get in trouble for scraping a website?

For collecting public, factual data at reasonable volumes — the realistic worst case is getting blocked by the website. Criminal exposure has centered on bypassing access controls (logins, paywalls) and on schemes involving fraud or damage. Civil disputes have centered on personal data, copyrighted content, and large-scale commercial harvesting. Ordinary lead-generation scraping of public business listings has not been where the legal trouble is.

Is it legal to scrape Google Maps?

Google Maps business listings are public, factual data that businesses publish to be found. Collecting it for prospecting and research falls into the lower-risk category discussed above. Automated access is against Google's terms of service — which, as covered earlier, is a contract matter rather than a criminal one — and the practical consequence websites apply is blocking, which is why well-built tools browse like a real user. What you must do is use the data responsibly and follow the outreach laws that apply when you contact the leads.

Does robots.txt have legal force?

Not directly — it's a convention, not a law. But it signals the site owner's wishes, and ignoring it can undermine a claim of good faith if a dispute ever arises. It's one input into scraping respectfully.

Is scraping legal in the EU / UK?

The same principles apply, with more weight on data protection: public factual business data is broadly fine to collect, while personal data requires a lawful basis under the GDPR / UK GDPR regardless of whether it's publicly visible. Marketing outreach rules (like PECR in the UK) also apply to what you do with the data.

Conclusion

Web scraping is a legal grey zone only if you talk about it in the abstract. Once you look at the actual factors — public vs. gated, factual vs. personal, gentle vs. abusive, facts vs. copyrighted content — the picture is quite clear, and years of court decisions have consistently protected the collection of publicly available data. Stay in the public-and-factual lane, scrape respectfully, follow the outreach rules, and web scraping is simply what it has always been: automating what any person could do manually in a browser, at a speed that makes it useful. If your project is more complex than that, custom scraping solutions can be designed around the constraints — and questions about a specific project are best answered by a lawyer, not a blog post.

You might also like:

Google Maps Limited View Update: Why Most Scrapers Broke (And How to Fix It)

Google recently introduced a major change to Google Maps that is quietly breaking many scraping tools and APIs. If your system suddenly stopped returning review counts, pricing information, menu links, review breakdown charts, or popular times data — you are likely hitting Google’s new “Limited View” mode.

Google Maps Extractor – Extract Business Leads Fast (2026)

A practical, non-technical but comprehensive guide for marketers, agencies, and local businesses — how to extract reliable business leads from Google Maps using a modern extractor, validate them, and turn them into outreach-ready lists.

How to Extract Data from Google Maps to Excel (No Coding)

A practical, non-technical guide to extract business listings, contacts, and emails from Google Maps and export them to CSV or JSON. Ideal for marketers, researchers, and local businesses.