Data Scraping Rules Clarified in the 9th Circuit

Takeaway: Web scraping after receiving a cease and desist letter is held by the 9th Circuit to be in violation of the Computer Fraud and Abuse Act (“CFAA”).

Recently, the 9th Circuit Court of Appeals clarified the web scraping debate in Facebook v. Power Ventures, 2016 DJDAR 7051 (July 12, 2016).  The 9th Circuit held that for a publically accessible website, although the legality of scraping has not been clarified, a cease and desist letter withdrawing authorization for an entity to access a website triggers liability for scraping from that point forward, under the CFAA.

Other circuits have held similarly.  North District of Texas held in Southwest Airlines Co. v. Farechase Inc., 318 F. Supp. 2d 435 (N.D. Tex. 2004) that even if a plaintiff’s browsewrap terms prohibiting scraping were insufficient to show that defendant accessed without authorization, their repeated warnings and requests to stop were enough.  Most recently in the Northern District of Indiana, a plaintiff sued defendants for automated and manual scraping and the court denied motion to dismiss the cause of action under the CFAA. Couponcabin LLC v. Inc., 14-39 (N.D. Ind. June 8, 2016).

The cases leave the question open as to whether scraping created liability under the CFAA even before receiving cease and desist letters and for the most part, most courts focused more on whether or not there was enough notice that its scraping activities were without authorization. QVC Inc. v. Resultly LLC 99 F. Supp.3d 525 (E.D. Pa. 2015).

All in all, at least to once put on notice by cease and desist letter, further scraping of a website may be deemed by the 9th Circuit to violate the CFAA.