Yes, scraping public data in Iceland is generally permissible, provided it complies with the Personal Data Protection Act (No. 90/2018) and the Act on Information Society Services (No. 150/2002). Publicly accessible data—such as government records, court decisions, or open datasets—may be scraped unless explicitly restricted by terms of service or statutory protections. The Icelandic Data Protection Authority (Persónuvernd) oversees enforcement, with 2026 amendments tightening scrutiny on automated data collection to curb privacy violations.
Key Regulations for Scraping Public Data in Iceland
- Personal Data Protection Act (No. 90/2018): Prohibits scraping personal data without a lawful basis (e.g., consent or legitimate interest). Automated collection of identifiable information triggers stricter obligations under GDPR-equivalent provisions.
- Act on Information Society Services (No. 150/2002): Requires compliance with fair processing principles when scraping digital platforms. Terms of service that prohibit scraping may override public accessibility if they constitute binding contractual terms.
- Public Sector Information Act (No. 144/2012): Permits reuse of public sector data unless restricted by copyright or confidentiality clauses. Scrapers must verify licensing terms, as some datasets (e.g., geospatial data) may require prior authorization.
Critical Considerations Avoid scraping data behind authentication barriers or from sources explicitly prohibiting automated access. Persónuvernd’s 2025 guidance emphasizes that even public data may become “personal” if combined with other datasets, necessitating a Data Protection Impact Assessment (DPIA) for large-scale scraping. Violations risk fines up to 4% of global turnover under GDPR-aligned penalties.