Is web scraping legal? A practical, non-lawyer overview

First, the disclaimer: this is not legal advice, we're not lawyers, and the law varies by country and changes over time. For anything that matters, talk to counsel. With that said, here's a practical map of the questions that actually come up.

The questions that matter

• Public vs private data. Scraping data that's publicly visible without logging in sits on very different footing than data behind an account or paywall.
• Terms of service. Many sites prohibit scraping in their ToS. Whether that's enforceable depends on jurisdiction and how the terms were agreed — but it's a real factor.
• Copyright. Facts aren't copyrightable; creative content (article text, photos) is. How you use what you collect matters as much as collecting it.
• Personal data. GDPR, CCPA and similar regimes apply when the data is about identifiable people — regardless of whether it's public.
• Computer-misuse laws. Circumventing access controls or degrading a service can cross lines that simple reading of public pages does not.

How responsible scraping lowers risk

• Prefer public data; don't break authentication to reach private data.
• Respect robots.txt and rate limits; don't degrade the target.
• Honor data-subject rights and takedown requests for personal data.
• Keep provenance so you can answer where any record came from.

The bottom line

Web scraping is not inherently illegal — but "it's public" is not a blanket defense either. The risk depends on what you collect, how you collect it, and what you do with it. We operate conservatively, decline work we shouldn't do, and tell clients honestly when a target raises flags worth a lawyer's look.