Yes, scraping public data in California is generally legal if done without violating privacy or computer crime laws, but strict compliance with CCPA, CFAA, and local ordinances is required.
Public data accessible without authentication or technical barriers may be scraped, but automated collection must avoid unauthorized access under the California Penal Code § 502 (CFAA equivalent) and comply with the CCPA’s restrictions on personal information. The California Privacy Protection Agency (CPPA) has signaled heightened scrutiny in 2026 for large-scale scraping that risks exposing sensitive data, particularly under the CPRA’s expanded definitions. Local jurisdictions like San Francisco and Los Angeles have also introduced municipal data governance policies, requiring transparency in automated collection practices.
Key Regulations for Scraping Public Data in California
- California Consumer Privacy Act (CCPA/CPRA): Prohibits scraping personal data without a “business purpose” disclosure or consumer opt-out. Entities must honor Global Privacy Control signals by 2026.
- Computer Fraud and Abuse Act (CFAA) § 502: Criminalizes accessing data via “exceeding authorized access,” including bypassing rate limits or scraping behind login walls.
- Local Data Governance Ordinances: San Francisco’s Data Privacy Ordinance (2024) and Los Angeles’ Open Data Policy require public notice for automated collection exceeding 10,000 records/month.