The battle to prevent scraping of databases

Scraping techniques have developed alongside the proliferation of price comparison websites and aggregators, which use the scraped data to generate content for their own website. The legal position of this process is unclear, leaving most website owners looking to their own terms and conditions as a means of prohibiting these techniques and guarding against unauthorised use. A recent decision from the Court of Justice of the European Union (“CJEU”) has ruled that where website operators are unable to rely on the EU Database Directive of 1996 to prevent web-scraping, they can potentially rely on such terms and conditions in order to make a breach of contract claim.

The Database Directive introduced certain safeguards for owners of data and content, in particular, those who do not qualify for the usual intellectual property protections. The Directive offers two forms of protection in respect of databases: the structure of the database may be protected by copyright, and the “database” right protects the actual contents of the database.

The extent of the Directive’s protection in the context of web-scraping has, so far, been unclear, but the recent case of Ryanair Ltd vs PR Aviation BV will be of some interest to a range of companies whose businesses rely on such data. In this case, Ryanair sought to prevent the defendant, PR Aviation, a Dutch company operating a website for consumers to compare flight data of low-cost airlines and book flights, from scraping data from its website – an action which was specifically prohibited by the Terms of Use of the Ryanair website. Ryanair claimed that the activity by PR Aviation amounted to copyright infringement of the structure of Ryanair’s database and the database right concerning its content, and furthermore, that this constituted a breach of the contract that existed between Ryanair and PR Aviation regarding the latter’s use of the website.

These arguments were dismissed by the Dutch courts, who considered that web-scraping of Ryanair’s website simply amounted to “normal”, lawful use of its website (database). However, on appeal, a question was referred to the CJEU to ask whether or not such lawful use could be limited contractually. The CJEU held that, where a database does not qualify for protection under the Directive, the owner of a publically accessible website is free to determine the use of its database, in accordance with contract and local laws. It is still to be decided whether or not Ryanair’s website falls within the protection of the Directive, but if it does not, Ryanair may well be able to rely on its contractual terms and conditions to prevent PR Aviation from further using its data in the future, and to potentially claim damages.

This decision has immediate implications for all web-based businesses. Companies seeking to secure their data should expressly prohibit unlicensed web-scraping in their terms and conditions of website use, and ensure that these are compliant with all local laws to establish robust and binding contractual protections. They should also look to put technological measures in place to prevent those who do not accept the terms of use from accessing the website and database content. On the flip side, other businesses who rely on web-scraping as a means of generating content for their own sites may want to review their strategies against the increased risk of contractual claims.

Ryanair may have won the most recent battle, but will they win the war?

Jo Memery

This publication is not intended to be a comprehensive review of all developments in IT law and practice, or to cover all aspects of those issues referred to in it. Readers should take legal advice before applying the information contained in this publication to specific issues or transactions. For more information please contact us at updates@memerycrystal.com