How to Use Terms and Conditions for Web Scraping Protection

Scraping

Is your website the target of web scrapers? You’re not alone! Billion-dollar businesses are built on the back of people like you, by companies that scrape and use your data for all sorts of purposes.

The good news is that you can protect even non-copyrighted content, like prices or customer reviews, via your website terms and conditions.

In this article, we take a look at the jurisprudence, and how to adapt your own terms and conditions so that they offer effective protection against scraping — including a template you can download and use as a starting point.

The jurisprudence: The Ryanair Limited v PR Aviation case

In 2015, the Court of Justice of the European Union made a landmark decision with broad implications for European online businesses in a case opposing Ryanair and PR Aviation.

PR Aviation operates a price comparison website where consumers can search, compare and book low-cost flights. In order to include Ryanair flights, PR Aviation was scraping data from Ryanair’s website without any license agreement allowing them to do so.

When the case was referred to the Court of Justice of the European Union, Dutch courts had already ruled that Ryanair’s database was not protected by European Directive 96/9, which concerns the legal protection of databases, nor by the corresponding Dutch database law or by Dutch copyright laws.

However, the question that was presented to the Court was whether Ryanair could contractually limit the use of their database by third parties. The contract in question was Ryanair’s website general terms and conditions.

In order to access flight information on Ryanair’s website, visitors were required to accept these terms and conditions, which included the following clause:

‘3. Permitted use. You are not permitted to use this website other than for the following, private, non-commercial purposes: (i) viewing this website; (ii) making bookings; (iii) reviewing/changing bookings; (iv) checking arrival/departure information; (v) performing online check-in; (vi) transferring to other websites through links provided on this website; and (vii) making use of other facilities that may be provided on the website.

The use of automated systems or software to extract data from this website or www.bookryanair.com for commercial purposes, (‘screen scraping’) is prohibited unless the third party has directly concluded a written licence agreement with Ryanair in which permits it access to Ryanair’s price, flight and timetable information for the sole purpose of price comparison.’

The Court ruled in favor of Ryanair, on the basis that if a database is not protected either by copyright or the Database Directive, “Articles 6(1), 8 and 15 of that directive do not preclude the author of such a database from laying down contractual limitations on its use by third parties”.

In short, the Court decided that European businesses can use their website terms and conditions agreement to prohibit scraping of their data. The ruling applies not only to websites, but also to mobile apps and other types of online media where data is made available to the public.

Ensure your terms and conditions can be enforced

This is encouraging for the many victims of web scraping. By using explicit language in your terms and conditions, you can effectively prohibit third parties from scraping and using your data for commercial purposes.

However, in order for your terms and conditions to provide effective protection, they must also be enforceable.

Terms and conditions will generally be considered enforceable if they are agreed to by both parties, but courts may use different criteria to determine whether such an agreement does in fact exist.

Some may consider that a “browsewrap” agreement, where the user is simply notified that using the website constitutes agreements to its terms, is sufficient. The more visible the notice or link to your terms and conditions are, the better.

You will have a much stronger case, however, if you implement a “clickwrap” agreement which requires the visitor to actively indicate agreement before accessing the information.