Yes, web scraping is legal in Malaysia if conducted within permissible boundaries, but unauthorized extraction of protected data violates multiple statutes. The Personal Data Protection Act 2010 (PDPA) and copyright laws impose strict limits, while the Malaysian Communications and Multimedia Commission (MCMC) monitors compliance. Recent 2026 amendments to the PDPA introduce heavier penalties for unauthorized data harvesting, emphasizing consent and purpose limitation.
Key Regulations for Web Scraping in Malaysia
- Personal Data Protection Act 2010 (PDPA): Scraping personal data without consent breaches Section 4(1), triggering fines up to RM500,000 or imprisonment. The 2026 amendments expand definitions of “sensitive data” and require explicit opt-in for commercial scraping.
- Copyright Act 1987: Automated extraction of copyrighted content (e.g., articles, images) without permission constitutes infringement under Section 36, with statutory damages up to RM100,000 per violation. Courts assess whether scraping undermines the market value of the original work.
- Computer Crimes Act 1997: Unauthorized access to computer systems via scraping tools (e.g., bots) may violate Section 3, punishable by RM50,000 fines or 5 years imprisonment. MCMC’s 2025 guidelines clarify that aggressive scraping triggering server overloads falls under this Act.
Critical Compliance Notes:
- Terms of Service (ToS): Violating platform ToS (e.g., LinkedIn, e-commerce sites) may lead to civil liability or MCMC investigations under the Communications and Multimedia Act 1998.
- Public vs. Private Data: Scraping publicly available data (e.g., government gazettes) is permissible, but aggregating it for commercial use without safeguards risks PDPA breaches.
- Contractual Restrictions: B2B agreements often prohibit scraping; breaches may result in injunctions or liquidated damages under Malaysian contract law.