Quick Answer: Is Web Scraping Legal?
Yes — web scraping is legal when you collect publicly accessible, non-personal data without bypassing
access controls, in a way that does not harm the website, and in compliance with applicable laws.It is NOT legal when you scrape behind logins, collect personal data without a lawful basis, bypass
technical protections, or violate a site’s Terms of Service after explicitly agreeing to them.The legal risk is almost never the act of scraping itself. It comes from what you collect, how you
access it, and what you do with the data afterward.
Introduction: The Real Question Behind Is Web Scraping Legal?
“Is web scraping legal?” It is the question everyone asks the moment they step into the world of web data.
Not because scraping is shady. Not because it is new. But because the rules around collecting online data feel confusing — a mix of ethics, compliance, copyright, Terms of Service, and local regulations that are constantly evolving.
Web scraping, at its core, is simple. It is an automated way of gathering publicly visible information from websites instead of copying and pasting it by hand. Search engines do it. Market research teams do it. Pricing intelligence tools do it. Review aggregators do it. Even the platforms complaining about scraping use it internally.
But simplicity does not mean anything goes. There is a difference between scraping publicly accessible facts and scraping restricted, copyrighted, or sensitive data. There is a difference between crawling a site respectfully and hammering a server with aggressive bots. There is a difference between collecting information for legitimate analysis and republishing someone’s intellectual property.
That is why the legality of web scraping sits somewhere between technology and responsibility. Not always legal, and not always illegal. Context matters. Intent matters. Compliance matters.
This 2026 guide breaks down the legal, ethical, and technical realities of web scraping in plain language. By the end, you will have a grounded answer to the question — and a practical sense of how to do it right.
Web Scraping vs Web Crawling: A Clear Distinction
Before getting into the legal question, it is important to separate two terms that people often conflate. They sound similar but serve different purposes.
Think of it this way. If the internet were a giant library: web crawlers are the librarians scanning shelves and cataloguing every book. Web scrapers are the readers who copy specific information from the pages they care about.
| Web Scraping | Web Crawling | |
|---|---|---|
| Primary function | Extracts specific data points from known pages | Discovers and indexes pages across a site or domain |
| Scope | Focused and targeted | Broad and exploratory |
| Output | Structured data (JSON, CSV, database) | List or index of URLs and page metadata |
| Typical use case | Price monitoring, review collection, job data | SEO audits, search engine indexing, site mapping |
| Scale | Any scale | Usually large scale |
In most real-world projects, crawling and scraping work together: a crawler discovers all the relevant URLs, then a scraper extracts structured data from each. Both can be legal. Both can be misused. Both have rules you must follow.
Is Web Scraping Legal? The 2026 Answer
The short, honest answer is yes — when done correctly. The longer answer is that legality depends on what you scrape, how you scrape it, and what you do with the data afterward.
Web scraping is not illegal by default. Courts have repeatedly confirmed that accessing publicly available information on the open web does not violate anti-hacking laws. But there are clear boundaries. Crossing them can turn a harmless data operation into a legal problem.
1. Publicly Accessible Data Is Generally Legal to Scrape
If the data is visible without logging in, without paying, and without bypassing a restriction, then scraping is usually allowed. This includes product listings, public reviews, news articles, public job postings, open business directories, and public social media content not behind a login wall.
This principle was affirmed in the hiQ Labs vs LinkedIn ruling, where the US Court of Appeals held that scraping publicly visible profiles did not violate the Computer Fraud and Abuse Act. But public does not mean free to republish or resell without limits. Copyright, intellectual property, and Terms of Service still apply.
2. Data Behind Logins or Paywalls Is Off-Limits
If a site requires login, membership, payment, authentication tokens, or bypassing anti-bot challenges before you can see the data, then scraping it without permission becomes unauthorized access. Courts treat this very differently from scraping open pages — think of it as walking through an open door versus breaking through a locked gate.
3. Copyrighted or Protected Material Cannot Be Repurposed
Even when data is publicly visible, you cannot scrape and republish entire articles, videos, images, source code, or protected creative works. Scraping for internal analysis is one thing. Scraping to replicate someone’s content or product is another — and this is where many businesses get into legal trouble.
4. If the Site Explicitly Forbids Scraping, You Must Respect It
Terms of Service are not optional. Ignoring them opens you up to cease-and-desist letters, IP bans, civil lawsuits, and DMCA takedowns. Responsible scraping always starts by reading robots.txt, Terms of Use, and API documentation. Respect the rules and you are safe. Ignore them and you are exposed.
5. Intent Matters More Than People Realise
Scraping for research, analysis, competitive understanding, price tracking, compliance monitoring, or market insights is generally considered legitimate. Scraping for data theft, spamming, user profiling, content replication, or reselling copyrighted datasets crosses the line quickly. Courts care about purpose — not just method.
The 2026 legal summary:
Get structured, high-quality image datasets with source URLs, metadata, timestamps, and validation workflows without managing scraping infrastructure, rendering logic, or file-quality checks at scale.
The AI Training Data Question: New Legal Frontier in 2026
One of the most significant shifts in 2025 and 2026 is the emergence of a new legal question that sits directly on top of web scraping: is it legal to scrape public web data to train AI models?
This is the most actively litigated area in tech law right now, and the landscape is evolving quickly.
The General 2026 Position
In the United States, scraping publicly accessible data to train foundational AI models is generally considered to fall under Fair Use — provided the model does not reproduce exact copies of copyrighted works verbatim. The key test is transformativeness: does the AI model transform the input data into something new, or does it simply reproduce it?
Key Cases Shaping AI Training Data Law
| Case | Parties | Status (April 2026) | Key Issue |
|---|---|---|---|
| NYT vs OpenAI | New York Times vs OpenAI and Microsoft | In litigation | Whether scraping news articles for AI training constitutes copyright infringement when the model reproduces passages verbatim |
| Reddit vs Perplexity AI | Reddit vs Perplexity AI and data providers | Pending (filed late 2025) | DMCA Section 1201 claims alleging circumvention of rate limits and anti-bot systems |
| Clarkson Law Firm class actions | Internet users vs OpenAI and Google | Discovery phase | Broad claims of illicit data collection — both dismissed in 2024 for vagueness, refiled and ongoing |
| EU AI Act implications | Regulatory — EU Commission | Enforcement beginning 2025-2026 | Requires transparency about training data sources; AI systems must disclose what public data was used |
What This Means for Your Scraping Program
- If you are scraping for AI training, document your sources, your purpose, and your data handling process
- Avoid scraping content from sites that explicitly prohibit AI training use in their Terms of Service — Reddit, Getty Images, and many news publishers have added explicit AI clauses
- Do not use scraped data to build a product that reproduces the source content verbatim at scale
- In the EU, the AI Act requires disclosure of training data sources — plan for this in your data governance documentation
- For AI training datasets at scale, consider licensed data sources or managed providers with documented provenance
PromptCloud’s position on AI training data:
PromptCloud provides AI-ready data pipelines built on publicly accessible sources, with compliance
documentation, source provenance, and usage controls baked in.
Browsewrap vs Clickwrap: Does Agreeing to ToS Make Scraping Illegal?
One of the most common misconceptions about web scraping legality is that a website’s Terms of Service automatically makes scraping illegal. The reality is more nuanced — and it depends on how those terms were presented to you.
| Type | What It Is | Legally Binding? | Scraping Risk |
|---|---|---|---|
| Browsewrap | Terms buried in a footer link — you never explicitly agree, just use the site | Generally NOT binding against scrapers who never saw or agreed to them | Lower — courts have been reluctant to enforce browsewrap against automated access |
| Clickwrap | Terms shown during account creation or login — you must actively click ‘I Agree’ | YES — creates an enforceable contract when you click to accept | Higher — breaching these terms after clicking to agree can create civil liability |
What This Means in Practice
- If you never created an account and never clicked ‘I Agree’ to a site’s ToS, browsewrap terms alone are unlikely to create legal liability for scraping public pages
- If you created an account, accepted ToS that prohibit scraping, and then scraped — you may be in breach of contract, even if the underlying data is publicly visible
- ToS violations are civil matters, not criminal — they do not automatically make scraping illegal under anti-hacking laws like the CFAA
- The safest approach is to scrape without creating accounts where possible, and to check ToS before any automated access
Note: Terms of Service enforceability is an evolving area of law. The Meta v. Bright Data case (2023-2024) showed that contract-based claims remain viable even when CFAA claims fail. Always seek legal advice for production-scale programs.
The Technical Rules That Keep Web Scraping Legal
Once you understand the legal framework, the next question is practical: how do you scrape in a way that is safe, respectful, and compliant? Technical behaviour matters just as much as legal theory. Courts care about how you accessed the data, not just what you collected.
1. Always Check and Respect robots.txt
Every serious scraping project should start at /robots.txt. This small text file tells bots which paths are allowed or disallowed and how frequently to crawl. Ignoring it is not just bad practice — it can be interpreted as ignoring clearly communicated access rules. Fetch the file first, honour Disallow directives, and if in doubt, look for an official API instead.
2. Rate Limit Your Requests
Even when scraping is allowed, overloading servers creates liability. Your bot is not the only visitor. Websites are sized for normal human traffic, not aggressive scrapers. Add delays between requests, use reasonable concurrency limits, back off when you see errors or timeouts, and avoid hammering the same page repeatedly. A simple rule: if your traffic pattern looks nothing like a human user, slow it down.
3. Prefer Off-Peak Hours When Possible
If you have flexibility, schedule scrapes when real users are least active — late at night in the website’s primary timezone, or early morning before normal business hours. This reduces the risk of impacting genuine users and lowers the chance of being flagged as a performance threat.
4. Identify Yourself Clearly and Honestly
Hiding behind vague user agents or pretending to be a regular browser is a red flag. Use a clear user agent string for your scraper, provide a contact URL or email in the user agent where possible, and respond quickly if a website owner reaches out. Transparency significantly reduces legal and operational risk.
5. Handle Blocks Gracefully
If a website returns 429 (Too Many Requests) or starts blocking your IPs, that is a signal to reduce your request rate or pause — not an invitation to push harder. Pushing against these signals is how legal and technical scraping slides into abusive territory.
6. Be Careful With What You Store and How You Use It
Avoid storing sensitive personal data unless you have a clear legal basis. Do not republish copyrighted material as your own. Do not use scraped data for harassment, profiling, or spam. Aggregate, analyse, or anonymise wherever possible. Many legal issues in scraping arise not from the collection but from the usage.
7. When In Doubt, Use Official APIs or Ask
A surprising number of websites are open to responsible data access if you explain your use case and show you care about performance. Many also offer official APIs, data exports, or partner programs that are faster, more stable, and legally safer than scraping. Use them when they exist.
Ethical vs Unethical Scraping: Where Good Actors Draw the Line
The legal question often hides a more practical one: are we doing this in a way we would be comfortable defending to a regulator, a customer, or a partner? That is where ethics comes in.
| Dimension | Ethical Scraping | Unethical Scraping |
|---|---|---|
| Data type | Public, non-sensitive business data — prices, stock levels, reviews, job listings | Personal data, private messages, login-protected content, PII |
| Access method | Open pages requiring no login, no bypass, no circumvention | Hacked accounts, shared logins, paywall workarounds, or technical tricks |
| Intent | Market research, analytics, price tracking, compliance monitoring, AI training with documentation | Spamming, cloning products, stealing content, building shadow user profiles |
| Server impact | Rate-limited, polite crawling with backoff when errors appear | Aggressive, high-frequency access causing performance degradation or downtime |
| Compliance posture | Reads and respects robots.txt, ToS, and regional privacy regulations | Ignores site rules, discards legal guidance, disguises automated traffic |
| Use of results | Internal dashboards, models, alerts, competitive intelligence, strategic decisions | Public republishing, resale of copyrighted content, misleading or deceptive products |
Four Practical Ethics Questions Before You Scrape Any New Source
- Would I be comfortable explaining this to the website owner? If the answer is no, that is a red flag.
- Am I collecting more data than I actually need? Collecting everything just in case increases risk for no reason.
- Could this data harm users if it leaked? If yes, question whether you should collect it at all.
- Am I using this data to add value or to simply copy what already exists? The closer you move to cloning, the higher the legal and ethical risk.
Case Law You Need to Know in 2026
Web scraping law is being actively shaped in courtrooms. Here are the key cases every data professional should understand — including several that have emerged or concluded since the last version of this article.
hiQ Labs vs LinkedIn (United States) — The Foundation Case
This is still the case everyone in the data world refers to. hiQ Labs was scraping publicly visible LinkedIn profiles. LinkedIn tried to block them and claimed scraping violated the Computer Fraud and Abuse Act (CFAA).
The Ninth Circuit ruled in 2019 that scraping publicly accessible pages does not violate anti-hacking laws — if anyone can see the page without logging in, accessing it with a bot is not “unauthorized access.” The court reaffirmed this in 2022 after a Supreme Court remand. The case concluded in December 2022 with a permanent injunction against hiQ, but notably this was based on contract and state law claims, not CFAA violations.
Key takeaway: Public data is generally fair game under the CFAA. But ToS violations can still create civil liability, and the final ruling showed platforms retain contract-based remedies even when anti-hacking laws do not apply.
Meta vs Bright Data (2023-2024) — Public Data Wins Again [NEW]
In January 2023, Meta sued Bright Data, a data collection provider, alleging illegal extraction from Facebook and Instagram. The court ruled in favour of Bright Data, finding insufficient evidence that Bright Data had scraped non-public data or accessed data while logged into user accounts.
Key takeaway: Scraping genuinely public data — data accessible without authentication — held up even against Meta’s aggressive legal posture. This ruling reinforced the hiQ principle in a new context.
Reddit vs Perplexity AI (2025-Ongoing) — The AI Training Frontier [NEW]
Reddit filed suit against Perplexity AI and several data collection service providers in late 2025. The complaint invokes DMCA Section 1201, alleging circumvention of technological measures including rate limits and anti-bot systems. Unlike hiQ and Meta v. Bright Data, this case focuses not just on whether the data was public but on whether technical access controls were bypassed.
As of April 2026, the case is pending. It represents the evolving legal frontier around AI training data and the question of whether bypassing rate limits or anti-bot measures constitutes illegal circumvention.
Key takeaway: Even public data becomes legally risky if you bypass technical protections to access it. Rate limit circumvention and anti-bot evasion are now active litigation areas.
CNIL Fine: KASPR and LinkedIn Data (EU) — GDPR Still Has Teeth
The French data protection authority (CNIL) fined KASPR 240,000 euros for collecting LinkedIn data without appropriate consent. The decision made clear that publicly visible data may still be subject to GDPR protections when it contains personal information — even if that information was posted publicly by the users themselves.
Key takeaway: In the EU, the fact that data is publicly visible does not exempt it from GDPR obligations. If the data can identify an individual, you need a lawful basis to collect and process it, regardless of where you found it.
The Pattern Across Cases
| Legal Principle | Supported By | Implication |
|---|---|---|
| Scraping public pages does not violate CFAA | hiQ vs LinkedIn (2019, 2022) | Strongest protection for legitimate scraping in the US |
| Public data can still be scraped even against platform objections | Meta vs Bright Data (2023-2024) | Reinforces public data principle in a new context |
| Bypassing technical controls creates additional legal risk | Reddit vs Perplexity (pending) | Do not circumvent rate limits or anti-bot measures |
| Publicly visible personal data is still regulated under GDPR | CNIL vs KASPR (EU) | Scraping PII requires a lawful basis even if publicly posted |
| ToS violations can create civil liability (not criminal) | hiQ final ruling (December 2022) | Clickwrap ToS agreements carry contractual weight |
How to Stay Compliant: A Practical Checklist for 2026
Compliance is not a legal puzzle. It is a checklist of respectful behaviours that align with how the modern web expects automation to behave.
| # | Check | Green (Safe) | Red (Risky) |
|---|---|---|---|
| 1 | Access level | Publicly visible, no login required | Behind login, paywall, or technical protection |
| 2 | robots.txt | Checked and honoured before scraping | Ignored or not checked |
| 3 | Terms of Service | Reviewed — no explicit scraping ban, or no clickwrap agreement signed | Signed ToS that explicitly bans automated access |
| 4 | Data type | Business data: prices, listings, reviews, metadata | Personal data: names, emails, phone numbers, addresses |
| 5 | Request rate | Polite delays, backoff on errors, off-peak timing | High-frequency, no delays, ignore 429 responses |
| 6 | Technical controls | No circumvention of CAPTCHAs, rate limits, or anti-bot systems | Bypassing technical protections to access data |
| 7 | Data storage | Aggregate and anonymise; no PII stored without legal basis | Storing personal data without consent or lawful basis |
| 8 | Data usage | Internal analysis, insights, dashboards, AI training with documentation | Publishing, reselling, cloning, or misleading applications |
| 9 | Audit trail | Documented: what, when, why, and how data was collected | No records of data sources or collection rationale |
| 10 | AI training use | Sources documented, ToS checked for AI clauses, no verbatim reproduction | Scraping sites with AI-prohibition clauses or reproducing copyrighted content at scale |
Region-by-Region: How Laws Differ Globally
Scraping laws are not universal. What is acceptable in one part of the world can be restricted or prohibited somewhere else. Here is the global landscape with the most important 2026 updates.
United States — Public Data Is Largely Scrape-Friendly
The US focuses on access more than scraping itself. If information is publicly visible without logging in, scraping it typically does not violate anti-hacking laws under the CFAA — affirmed by hiQ vs LinkedIn.
But the US also protects copyright, intellectual property, and Terms of Service. Scraping is legal; repurposing copyrighted content or bypassing login walls is not.
CCPA (California Consumer Privacy Act)
California’s CCPA adds a layer of protection for California residents specifically. Even publicly visible data that constitutes personal information under CCPA (which includes names, email addresses, and IP addresses tied to a person) triggers consumer rights obligations. If you scrape personal data about California residents and use it commercially, CCPA compliance is required — including the right to opt-out of sale of personal information.
European Union — Privacy Comes First
The EU is the strictest environment for personal data. GDPR applies even to publicly visible personal information — the CNIL vs KASPR ruling made this explicit. You can scrape product data, pricing, reviews, business listings, and non-personal metadata. You cannot scrape names, emails, phone numbers, addresses, or any data that identifies an individual without a lawful basis.
The EU AI Act (entering enforcement in 2025-2026) also requires transparency about training data sources for AI systems deployed in the EU.
United Kingdom — Similar to EU, Slightly More Flexible
Post-Brexit, the UK follows a GDPR-equivalent regime (UK GDPR) but with slightly more business-friendly interpretations. Rules remain: no scraping personal data without a lawful basis, no bypassing protections, respect Terms of Service, and avoid scraping copyrighted content.
India — DPDP Act Changes the Landscape
India’s Digital Personal Data Protection (DPDP) Act, enacted in 2023 and coming into fuller enforcement in 2025-2026, introduces GDPR-style protections for personal data of Indian residents. Scraping publicly visible personal data about Indian individuals now carries compliance obligations under DPDP — even if that data is publicly posted.
Public business information — company listings, product data, pricing — remains widely scrape-friendly. Scraping personal or sensitive data about individuals is not.
Canada — Privacy and Consent Are Core
Canada’s PIPEDA mirrors GDPR-style restrictions. You can scrape non-personal public data and product and business information. You cannot scrape personal user data or anything behind logins. Consent and purpose are major factors in determining compliance.
Russia — Extremely Restrictive
Russia aggressively blocks bots and expects explicit permission before automated access. Expect heavy IP bans, strict anti-crawling filters, and limited tolerance for high-frequency scraping. Assume scraping is not allowed without direct approval from site owners.
Middle East — Controlled, With Variations
Countries like UAE and Saudi Arabia protect government data, financial information, and personal data. Public commercial data is usually scrape-friendly unless restricted by platform rules.
| Region | Public Business Data | Personal Data | AI Training Data | Key Law / Case |
|---|---|---|---|---|
| United States | Generally legal | CCPA restrictions for CA residents | Fair Use generally applies — evolving | CFAA + hiQ ruling + CCPA |
| European Union | Legal | Strictly regulated under GDPR | EU AI Act transparency requirements | GDPR + EU AI Act + CNIL ruling |
| United Kingdom | Legal | Regulated (UK GDPR) | Similar to EU | UK GDPR |
| India | Legal | DPDP Act restrictions (2025-2026) | Not yet defined | DPDP Act + Copyright Act |
| Canada | Legal | PIPEDA restrictions | Evolving | PIPEDA |
| Russia | Restricted — permission required | Strictly restricted | Restricted | Federal laws + platform rules |
| Middle East (UAE, KSA) | Generally legal | Restricted | Limited guidance | National data protection laws |
Key Takeaways for 2026
So, is web scraping legal? The real answer is yes — when it meets the core principles of responsible access. Scraping publicly available, non-sensitive data is widely accepted across major regions, supported by case law, and practiced by thousands of businesses every day.
Where teams get into trouble is not the scraping itself. It is the misuse of data, bypassing protections, collecting personal information without a lawful basis, violating Terms of Service after explicitly agreeing to them, or circumventing technical access controls.
The legal landscape in 2026 is more nuanced than it was in 2023. AI training data cases, new regional privacy laws like India’s DPDP Act, and active litigation around anti-bot circumvention mean that the rules are still being written. The teams that operate safely are the ones who document their sources, check for AI-specific ToS clauses, rate-limit respectfully, and build compliance into their workflow — not as an afterthought.
With the right guardrails in place, you can confidently say that web scraping is not only legal but an essential part of how data-driven businesses operate today.
Want compliant web data without the legal complexity?
Get structured, high-quality image datasets with source URLs, metadata, timestamps, and validation workflows without managing scraping infrastructure, rendering logic, or file-quality checks at scale.
Frequently Asked Questions
1. Is it legal to scrape publicly available data?
Yes. Publicly visible data that does not require login or bypassing protections is generally legal to scrape. Courts in the US, including the hiQ vs LinkedIn ruling, confirmed that accessing open web data does not violate anti-hacking laws, as long as usage respects copyright and applicable site rules.
2. Can I scrape pages that require authentication?
No. If a website requires login, payment, or technical access controls to see the data, scraping becomes unauthorized access. Anything behind a wall — a member area, a paid section, or content only available after login — is off-limits without explicit permission.
3. Is it allowed to republish scraped content?
No. You cannot republish copyrighted material such as articles, images, videos, or proprietary datasets. Scraping is legal for analysis, research, and internal use, but repurposing someone else’s content violates copyright laws.
4. Is scraping personal data allowed under GDPR or CCPA?
Highly restricted. Even publicly visible personal information — names, emails, social profiles, phone numbers — is protected under GDPR and CCPA. You cannot collect or store PII without a lawful basis. The CNIL fine against KASPR in France made clear that publicly posted data is not exempt from GDPR. This is why compliant scraping focuses on product and business data, not user identities.
5. What happens if a website blocks my scraper?
A block is a signal, not an invitation to push harder. You should slow down, adjust your frequency, or stop scraping altogether. Continuing after a block or bypassing protections can create legal exposure, particularly under DMCA Section 1201 claims for circumventing technical access controls — as seen in the Reddit vs Perplexity case.
6. Does a website’s Terms of Service make scraping illegal?
It depends. If you never created an account and never explicitly agreed to the ToS (browsewrap), courts have generally been reluctant to enforce those terms against scrapers. If you created an account and clicked ‘I Agree’ to terms that prohibit scraping (clickwrap), you have a contractual obligation not to scrape. ToS violations are civil matters, not criminal, but they can still lead to account termination, IP bans, and civil lawsuits.
7. Is scraping public data for AI training legal?
Generally yes in the US, under Fair Use — provided your model does not reproduce copyrighted content verbatim at scale. However, many platforms including Reddit, Getty Images, and major news publishers have added explicit AI training prohibition clauses to their ToS. Always check for these. In the EU, the AI Act requires transparency about training data sources. This area is actively being litigated and the rules continue to evolve.
8. What is the difference between browsewrap and clickwrap?
Browsewrap agreements are terms buried in a footer that you never explicitly agree to — just by using the site you are supposedly bound. Courts are generally reluctant to enforce these against scrapers. Clickwrap agreements require an active click of ‘I Agree’ during account creation or login — these create enforceable contracts. If you scrape after clicking to agree to terms that prohibit scraping, you may be in breach of contract.
9. Is web scraping legal in India?
Yes, scraping publicly available business data is generally legal in India. However, India’s Digital Personal Data Protection (DPDP) Act, entering fuller enforcement in 2025-2026, introduces GDPR-style obligations for personal data of Indian residents. Scraping personal data about individuals — even if publicly visible — now requires a lawful basis. Focus your India scraping on business data, product information, and pricing rather than personal details.
10. How is web scraping legality different in the EU vs the US?
The US approach focuses primarily on access: if data is public, accessing it is generally legal under the CFAA. The EU approach focuses on the nature of the data: even publicly visible data that identifies an individual is protected under GDPR, regardless of how it was accessed. In practice this means US law is more permissive for scraping personal data from public pages, while EU law requires a lawful basis for any personal data processing — making business data scraping the safest option in both jurisdictions.
