Yes, scraping public data in the UAE is permissible under strict conditions, but it must comply with federal laws and sector-specific regulations. Public data accessible without authentication is generally considered fair game, yet automated extraction risks violating cybercrime or data protection statutes if it disrupts systems or misuses information.
Key Regulations for Scraping Public Data in United Arab Emirates
- Federal Decree-Law No. 34 of 2021 on Combating Rumors and Cybercrimes: Prohibits unauthorized access to electronic systems or data, even if publicly available, if the method involves hacking, brute-force attacks, or circumventing security measures. Automated scraping tools that trigger rate limits or exploit vulnerabilities may breach this law.
- Federal Decree-Law No. 45 of 2021 on Data Protection (UAE Data Law): While not explicitly targeting scraping, it restricts the processing of personal data without a lawful basis. Publicly posted personal data may still require compliance with purpose limitation and transparency obligations under the UAE Data Law, effective January 2022.
- Sector-Specific Guidelines (e.g., Dubai Data Law No. 26 of 2015): Government entities in Dubai mandate controlled access to open data portals. Scraping such portals without prior approval from the Dubai Data Establishment or relevant authorities may constitute a violation of data governance policies.
Non-compliance risks fines up to AED 3 million under the cybercrimes law or penalties under the UAE Data Law. Entities should conduct legal reviews, implement rate-limiting, and seek explicit permissions when targeting government datasets or personal information.