The Legality of Screen Scraping and Its Open Banking Moment

Han-Wei Liu - Monash University

--- Screen scraping - technique using an agent to collect, parse, and organize data from the web in an automated manner - has found countless applications over the past two decades. It is now used for targeted advertising, price aggregation, budgeting apps, website preservation, academic research, journalism, and more. Analytic start-ups draw insights for industries by scraping public data, while Fintech firms purchase data made available by aggregators to develop new products and services.

However, screen scraping can be controversial. It can be detrimental to the data host and consumer. Scraping is parasitic when it undercuts a website’s revenue by republishing data without requiring users to view supporting advertisements. It can facilitate copyright infringement at scale or even impact the data host’s services by overloading servers. Screen scraping can also raise privacy concerns for consumers if it collects identifiable information or enables new surveillance forms. In the banking context—where login credentials may be shared to allow the scraping of account data—there are additional concerns about cybersecurity, data breach, and liability allocation for unauthorized transactions. These complex applications of screen scraping have led to litigation against scrapers—most notably in the US.

My recent article , "Two Decades of Laws and Practice Around Screen Scraping in the Common Law World and Its Open Banking Watershed Moment", has undertaken a comprehensive survey, mapping out the trajectory of relevant laws and jurisprudence around screen scraping legality in three common law jurisdictions - the US, the UK, and Australia. With five selected issue areas I investigated- “digital trespass” statutes, tort, intellectual property rights, contract, and data protection - my findings reveal some level of divergence in the way each country addresses the legality of screen scraping.

Specifically, I argue that the use of tort law, in the form of a “trespass to chattels” claim, is more likely to succeed in the US than in the UK or Australia. The Computer Fraud and Abuse Act (CFAA) is also a handy tool for litigating against scrapers in the US, despite the vague and evolving concept of “authorized” access. While one may find comparable legislation (i.e., Computer Misuse Act in the UK and Cybercrime Act 2001 in Australia) in other two jurisdictions, they have not yet tested for such a purpose—though the recent landmark decisions in the US like hiQ could shed light on as to reasoning the UK or Australian courts may follow. By contrast, intellectual property infringement claims are more likely to succeed in the UK, given the existence of a “database right,” which does not exist in the other two states. There is room for claims based on contractual rights (derived from a website’s terms of use) in all three common law jurisdictions. However, in Australia, such claims may be the “first line of defense” against screen scraping, considering the absence of a hacking statute or database right. Finally, scraping personally identifiable information may breach privacy/data protection in Australia and the UK, but it is less clear in the US context, for the lack of a comprehensive data privacy legislation at the federal level yet.

Despite such divergence, one may see a sea change amid the trend of data-sharing under the banner of “Open Banking” in coming years. While these three jurisdictions are divided in the way they treat such technology (i.e., screen scraping), Open Banking initiatives’ rise in recent years could moderate concerns and bring a certain level of convergence. I argue that to the extent Open Banking mandates or facilitates data sharing—depending upon the regulatory design in each jurisdiction, it could reduce the need for screen scraping. This is especially so in the European context—and even more so if the UK Smart Data initiative expands these data-sharing principles beyond the financial sector.

Conversely, the financial data-sharing environment is less evident in the US, which lags in building up Open Banking. Australia lies in the middle of these two extremes: it has a comprehensive Consumer Data Rights (CDR) regime that can theoretically reduce screen scraping needs. However, given that it imposes no ban on screen scraping (unlike the EU/UK model), it has a loophole for data miners to work around the new regime and continue scraping data.

In short, with the emerging trend of data sharing, one could witness a sea change in the screen scraping legal landscape. Insofar as data sharing schemes enable information flow between entities, one would expect some level of convergence. However, such a convergence is qualified by the institutional design of data-sharing schemes—whether or not it explicitly addresses screen scraping (as in Australia and the UK) and whether there is a top-down, government-mandated data-sharing regime (as in the US).

These are, of course, just preliminary findings, though they can serve as a starting point for a larger project exploring the role of screen scraping in the digital economy. Debates on the legality of screen scraping and some issues left out in this paper - such as the linkage between data sharing and antitrust and conflict of laws - continue to rage. It remains to be seen how the governments in these three jurisdictions and others develop a more holistic approach towards this technology by striking the right balance between different stakeholders entering the age of big data.

7 views0 comments

Recent Posts

See All

Judging Autonomous Vehicles

Jeffrey J. Rachlinski – Cornell Law School; Andrew J. Wistrich – California Central District Court -- Would you rather be run over by a self-driving car or a car driven by a human being? Assuming a s

What is Legal Innovation?

Haim Sandberg – School of Law, The College of Management Academic Studies -- Is law itself an arena of innovation – of legal innovation? Can we learn something about the nature of legal innovation fr

Measuring Law Over Time

Corinna Coupette, Max Planck Institute for Informatics; Janis Beckedorf, Ruprecht-Karls-Universität Heidelberg; Dirk Hartung, Center for Legal Technology and Data Science; Michael Bommarito, CodeX – T