Yes, scraping public data in the Philippines is generally permissible, provided it complies with constitutional principles, data privacy laws, and sector-specific regulations. Publicly accessible information—such as government records, court decisions, or corporate filings—may be extracted for legitimate purposes, but automated collection must avoid infringing on individual privacy or intellectual property rights.
Key Regulations for Scraping Public Data in Philippines
-
Data Privacy Act of 2012 (DPA) and its 2026 Amendments: Automated scraping of personal data from public sources triggers compliance obligations under the National Privacy Commission (NPC). Controllers must ensure lawful basis, transparency, and proportionality in data collection, even if the source is public. The 2026 amendments introduce stricter penalties for unauthorized processing, including fines up to ₱5 million or imprisonment.
-
Intellectual Property Code (Republic Act No. 8293): Scraping copyrighted content—such as proprietary databases or curated public records—without permission violates Section 172. Exceptions apply for fair use (e.g., news reporting), but systematic extraction may require licensing.
-
Government Procurement Act (Republic Act No. 9184) and E-Government Policies: Public agencies may restrict automated access to their portals under Department of Information and Communications Technology (DICT) guidelines. Scrapers must adhere to API terms or risk being blocked under cybersecurity protocols enforced by the Cybercrime Division of the Philippine National Police (PNP).
Critical Considerations:
- Automated vs. Manual Access: The NPC distinguishes between incidental collection (e.g., viewing a webpage) and systematic scraping (e.g., bots extracting 10,000 records/hour). The latter requires a privacy impact assessment.
- Jurisdictional Risks: Foreign entities scraping Philippine public data may face additional scrutiny under the Anti-Money Laundering Act if data is monetized without local registration.
- Enforcement Trends: The NPC’s 2024 enforcement memoranda signal heightened scrutiny of data brokers; non-compliance has led to cease-and-desist orders against entities aggregating public personal data.