It is strictly regulated.
Web scraping in China operates under a fragmented legal framework where legality hinges on compliance with data protection, cybersecurity, and sector-specific regulations. The Cyberspace Administration of China (CAC) enforces strict controls under the Data Security Law (2021) and Personal Information Protection Law (PIPL, 2021), requiring explicit consent for scraping personal data. Commercial platforms often prohibit scraping via terms of service, and unauthorized scraping may trigger administrative penalties or criminal liability under the Criminal Law for data theft. The 2026 Regulations on Online Data Security Management further tighten oversight, mandating local storage of “important data” and real-time monitoring for cross-border transfers. Foreign entities face heightened scrutiny, with joint ventures or partnerships often required to navigate joint liability risks.
Key Regulations for Web Scraping in China
- Personal Information Protection Law (PIPL, 2021): Prohibits scraping personal data without consent, imposing fines up to ¥50 million or 5% of annual revenue for violations. The CAC and provincial cybersecurity bureaus enforce compliance, with mandatory data localization for sensitive categories.
- Data Security Law (DSL, 2021): Classifies data into “general,” “important,” and “core” categories, requiring tiered security measures. Scraping “important data” without government approval risks administrative detention or criminal charges under Article 285 of the Criminal Law.
- Cybersecurity Review Measures (2022): Mandates pre-approval for data processing activities involving “important data” or affecting national security. Platforms like WeChat and Alibaba enforce technical barriers (e.g., CAPTCHAs, rate limits) to deter unauthorized scraping, aligning with CAC’s 2024 Guidelines on Standardizing Data Collection.