Yes, web scraping is legal in California when conducted within specific legal boundaries, but unauthorized scraping may violate state and federal laws. California’s strict privacy statutes, including the CCPA and CCP, impose obligations on data handlers, while federal precedents like hiQ Labs v. LinkedIn affirm scraping public data unless prohibited by terms of service or contractual restrictions.
Key Regulations for Web Scraping in California
- California Consumer Privacy Act (CCPA/CPRA): Scrapers must not collect or sell personal data without explicit consent if the data subject is a California resident, even if the data is publicly available. Violations trigger statutory damages under the CPRA’s 2026 enforcement expansion.
- Computer Fraud and Abuse Act (CFAA): Unauthorized access to protected systems—such as circumventing CAPTCHAs or scraping behind login walls—risks civil and criminal liability under California’s interpretation of the CFAA, particularly when combined with intent to defraud.
- Terms of Service (ToS) and Contractual Restrictions: California courts enforce ToS violations as breach of contract; scraping data explicitly prohibited by a website’s ToS may result in injunctions or damages, as seen in Craigslist v. 3Taps (N.D. Cal. 2013).
Additional considerations include the California Invasion of Privacy Act (CIPA), which may apply if scraping involves interception of electronic communications, and local ordinances like the San Francisco Data Privacy Ordinance, which imposes additional transparency requirements on entities handling municipal data. Always verify whether scraped data includes biometric or geolocation information, as these trigger heightened protections under the California Privacy Rights Act (CPRA).