Six Web-Scraping Legal Trends for Q1 2024


2024 is going to be a massive year for web-scraping legal decisions. There will be substantive decisions in all the major generative AI cases. Big-name scraper Bright Data is in legal battles with Twitter and Facebook. Ryanair and are locked in a legal struggle. And so on.

With all that, I suspect this is going to be the most important year ever for the law of web scraping.

Here are some trends I’m looking for in early 2024.

  • The Pendulum Shifts?

Not too long ago, I was writing about how bleak things were looking for web scrapers in the legal world. Contrary to popular understandings of the law, hiQ Labs v. LinkedIn Corp., the most famous pro-scraping case in history, was ultimately decided in favor of LinkedIn.

But now it looks like things are shifting again. Bright Data just won a major victory in its recent dispute over breach of contract with Meta. Some of the major generative AI cases are starting to look favorable in terms of their early copyright decisions. Whereas much of the history of web-scraping litigation is an unbroken string of losses for web scrapers, things now seem to be looking a little better.

Of course, there is plenty of nuance in terms of why some scrapers are winning and why some lose. But the trend appears positive.

  • Copyright Preemption

One particularly tricky area of the law related to web scraping is that of copyright preemption. It is something that not a lot of lawyers or judges know much about.

But it is another legal argument that scrapers might have in their favor. In the recent X Corp. v. Bright Data case, the judge recently asked for supplemental briefing on the copyright preemption issue. That to me sounds like a judge that is looking for an excuse not to enforce X Corp’s terms of service.

If that’s correct, scrapers might have yet another lifeline to fight against potential breach of contract legal claims.

  • Probing the “Gates” of the CFAA

Historically, the legal issue that has been the most sensitive for web scrapers is the computer fraud and abuse act, or CFAA. It’s sensitive because it has both a civil and a criminal component. Dating back to Aaron Swartz and beyond, it’s been the bane of white-hat hackers and many tech-savvy programmers that seek to create a more open internet.

After the Van Buren case in 2021, there haven’t been as many CFAA scraping-related cases as there were previously. But there have been some troubling legal opinions to come out since that time.

Even though the Van Buren case was broadly positive for web scrapers, I still expect that those looking to stop scraping will continue to push the legal limits of when they can apply this computer-trespass law against scrapers.

  • Return of Trespass to Chattels

Three years ago, I thought that the ancient tort of “Trespass to Chattels” was a remnant of early-internet law.

But recent legal decisions make it seem like this state-law claim may be alive and well again.

Some of the most recent decisions seem to imply that even the most trivial intrusions on another company’s server can give rise to this claim, at least in California. That’s not great for scrapers.

That case law is unsustainable, and I suspect it’s only a matter of time before we get clarification on a clearer standard of what it means to burden someone’s property in the context of internet intrusion. But in the meantime, this will be a dangerous claim for scrapers.

  • Unconscionability and Public Policy Issues

I have made it clear in my public writing that courts should be more aggressive in asserting that certain types of online contracts should not be enforceable on public policy or unconscionability grounds.

There are some cases, such as X Corp. vs. the Center for Countering Digital Hate, where courts will have no choice but to consider the broader policy and free-speech considerations with scraping.

Will this be the year that a few courts start to agree with me?

  • Obscure, state-law privacy claims

There are lots of companies that are in the business of collecting data about people and selling it online. It doesn’t take much time Googling your own name to find a host of internet resources that claim to have data about you that they’re willing to sell to others at a price.

Many of these companies are using a variety of methods of questionable legality to obtain this information. Are they allowed to do it?

Statutory larceny, false advertising, the CDAFA, and a host of other obscure state-law claims could see a renaissance as class-action lawyers look for ways to hold companies accountable for collecting PII and selling it without consent. Which of these claims will stick, and in which contexts?

We will soon find out.