Yes, scraping public data in France is generally permitted, but strict compliance with GDPR, the French Data Protection Act, and the 2026 Digital Services Act (DSA) is mandatory. Publicly accessible data does not automatically confer unrestricted use; automated collection must respect privacy, copyright, and anti-scraping laws enforced by the CNIL and ARCEP.
Key Regulations for Scraping Public Data in France
- General Data Protection Regulation (GDPR): Any personal data extracted—even from public sources—must comply with GDPR’s principles of lawfulness, fairness, and transparency. The CNIL (Commission Nationale de l’Informatique et des Libertés) enforces this, with fines up to €20 million or 4% of global revenue for violations.
- French Data Protection Act (Loi Informatique et Libertés): Amended in 2023 to align with GDPR, it imposes additional obligations for automated data collection, including prior notification to the CNIL for large-scale scraping projects.
- Digital Services Act (DSA, 2026): Mandates that platforms hosting public data must provide clear terms of service for scraping. Non-compliance risks penalties under the ARCEP (Autorité de Régulation des Communications Électroniques), including temporary bans on data access.
Scraping must avoid circumventing technical protections (e.g., CAPTCHAs, rate limits) under the French Penal Code (Article 323-1-1), which criminalizes unauthorized access to automated systems. Publicly available data does not equate to freely usable data; context (e.g., anonymization, purpose limitation) dictates legality.