Is Price Scraping Legal?

Updated June 2026
Price scraping is generally legal in the United States when you collect publicly displayed pricing data without bypassing authentication, violating terms of service, or overwhelming target servers. The landmark hiQ v. LinkedIn ruling established that accessing public data does not constitute unauthorized access under the Computer Fraud and Abuse Act. However, specific circumstances like scraping behind a login, ignoring cease-and-desist requests, or collecting personal data alongside prices can create legal risk. The legal landscape continues to evolve through court rulings, and practices that are acceptable today may face new restrictions as case law develops.

The Legal Framework for Price Scraping

There is no single law in the United States that specifically addresses web scraping or price scraping. Instead, the legality of price scraping is determined by the intersection of several existing laws: the Computer Fraud and Abuse Act (CFAA), copyright law, contract law (terms of service), and state-level unfair competition statutes. Each of these frameworks applies differently depending on what data you scrape, how you access it, and what you do with it.

The Computer Fraud and Abuse Act (CFAA) is the primary federal statute cited in scraping litigation. It prohibits "unauthorized access" to computer systems. The key legal question is whether automated scraping of publicly available data constitutes "unauthorized access." The hiQ v. LinkedIn case, decided by the Ninth Circuit Court of Appeals, answered this question with a clear no for publicly accessible data. The court held that accessing data available to any visitor without a password does not violate the CFAA, regardless of whether the website operator wants the data scraped.

Copyright law protects original creative expression but does not protect facts, including prices. Individual product prices are factual data and cannot be copyrighted. However, a database of prices compiled with significant creative selection, coordination, or arrangement could potentially qualify for copyright protection as a compilation. In practice, this distinction rarely matters for price monitoring because the goal is to collect individual prices for competitive analysis, not to reproduce a competitor's entire price database as a competing product.

Contract law and terms of service represent the most common legal theory used to challenge scraping. Many websites include terms of service that prohibit automated data collection. When a scraper violates these terms, the website operator may argue breach of contract. The enforceability of browsewrap agreements (terms that are posted on the site but not actively agreed to by users) varies by jurisdiction, but courts have increasingly held that clear, prominently displayed terms can be enforceable even without active consent. The Meta v. Bright Data case in 2024 reinforced this principle, with the court siding with Meta when scraping violated platform terms.

Key Court Cases That Define the Boundaries

What did the hiQ v. LinkedIn case establish?
The hiQ v. LinkedIn case is the foundational ruling for modern web scraping law. hiQ Labs scraped publicly available LinkedIn profiles to provide workforce analytics. LinkedIn sent a cease-and-desist letter and blocked hiQ's access. hiQ sued, and the Ninth Circuit ruled that scraping publicly available data does not violate the CFAA because the data is accessible to anyone with a web browser. The court reasoned that the CFAA was designed to prevent hacking into protected systems, not to give website operators control over publicly visible information. This case established the general principle that public data is fair game for scraping under federal computer fraud law, though other legal theories (like breach of contract) may still apply.
How did Meta v. Bright Data affect scraping legality?
In Meta v. Bright Data (2024), the court reinforced the importance of platform terms of service. Bright Data scraped data from Facebook and Instagram that Meta argued was covered by its platform terms and contractual restrictions. The court sided with Meta, holding that scraping in violation of clearly communicated terms constitutes breach of contract, even when the underlying data is publicly visible. This case tempered the broad pro-scraping interpretation of hiQ by showing that terms of service can create enforceable restrictions on data collection, especially when the scraper has been put on notice about those restrictions.
What about the Ryanair v. PR Aviation ruling?
This European case is relevant for businesses that monitor prices on international websites. The Court of Justice of the European Union ruled that Ryanair's terms of service, which prohibited automated price scraping, could be enforceable as a contract even though the data (flight prices) was publicly available. European data protection and database rights add additional layers of legal complexity that do not exist in US law, making cross-border price scraping more legally nuanced than domestic monitoring.

What Makes Price Scraping Legally Risky

While scraping publicly displayed prices is generally legal, several factors increase legal risk and should be evaluated before launching a price monitoring program.

Scraping behind authentication is the clearest legal risk. If you need to log in to access prices (for example, member-only pricing, wholesale portals, or logged-in marketplace views), scraping that data likely violates the CFAA because you are accessing a system beyond your authorized scope. Even if you have a legitimate account, using it for automated scraping may exceed the authorization granted by your account terms. Price monitoring should focus on publicly visible prices that any visitor can see without logging in.

Ignoring cease-and-desist requests increases legal exposure significantly. If a website sends you a formal request to stop scraping their site, continuing to scrape after receiving that request strengthens their legal position in any subsequent litigation. While hiQ prevailed despite LinkedIn's cease-and-desist, the specific facts of that case (including hiQ's business dependency on the data) influenced the outcome. For most businesses, the prudent response to a cease-and-desist is to evaluate whether the monitoring can be achieved through alternative means (APIs, commercial data providers, or manual checks) before deciding whether to continue automated collection.

Excessive server load from aggressive scraping can create legal liability under theories of trespass to chattels or intentional interference with business. If your scraping activity is frequent enough to degrade the target website's performance, you are causing measurable harm that courts may find actionable. Rate-limiting your requests, spreading checks across time, and using efficient scraping patterns (only requesting the pages you need rather than crawling entire sites) mitigates this risk.

Collecting personal data alongside prices triggers data protection laws that do not apply to pure price data. If your scraper incidentally collects seller names, contact information, or customer reviews (which may contain personal information), you may need to comply with data protection regulations like GDPR (in Europe), CCPA (in California), or other privacy laws. Price monitoring focused strictly on product prices and attributes generally avoids these concerns.

Best Practices for Legal Compliance

Organizations that scrape competitor prices can reduce legal risk significantly by following established best practices that demonstrate good faith and minimize impact on target websites.

Only scrape publicly visible data. If a price is displayed on a product page that any visitor can see without logging in, it is public information. Do not scrape behind login walls, paywalls, or member-only sections. This keeps your activity clearly within the boundaries established by hiQ v. LinkedIn.

Respect robots.txt. While robots.txt is not legally binding in most jurisdictions, ignoring it signals bad faith and can be used against you in litigation. If a website's robots.txt file disallows scraping of specific sections, avoiding those sections demonstrates that you are making reasonable efforts to comply with the website operator's preferences.

Rate-limit your requests. Send requests at a pace that does not burden the target server. A general guideline is no more than one request every few seconds to any single domain, with delays between requests that mimic human browsing patterns. Never run concurrent high-volume requests against a single website, as this can be construed as a denial-of-service attack regardless of your intent.

Identify your scraper. Use a descriptive User-Agent string that identifies your organization and purpose. This transparency demonstrates good faith and gives website operators a way to contact you if they have concerns. Some organizations also provide a contact URL in their User-Agent string where website operators can request exclusion.

Do not republish scraped prices as a competing product. Collecting competitor prices for internal analysis is fundamentally different from republishing those prices in a consumer-facing comparison service. Internal competitive intelligence use has strong legal footing. Republishing competitor prices in a way that competes with the source website raises additional copyright, unfair competition, and terms of service concerns.

Consult legal counsel for high-risk scenarios. If your price monitoring involves international websites (subject to foreign laws), high-value proprietary data, or websites that have previously litigated against scrapers, get legal advice specific to your situation. The general principles outlined above cover common cases, but edge cases require professional legal analysis.

Price Scraping Laws Outside the United States

The legal framework for price scraping varies significantly across jurisdictions. Businesses that monitor prices on international websites need to consider the laws of the countries where those websites are hosted and operated.

European Union law adds the Database Directive, which grants legal protection to databases that required substantial investment to create, even if the individual data points (like prices) are not copyrightable. The GDPR also applies if any personal data is collected during the scraping process. European courts have generally been more receptive to website operators' rights to control access to their data, making European price scraping legally more constrained than US price scraping.

United Kingdom law post-Brexit largely mirrors EU principles, with the UK GDPR and database rights providing similar protections. The UK also has the Computer Misuse Act, which parallels the CFAA but with some differences in scope and enforcement.

Australia does not have a database directive equivalent, but its Privacy Act applies to personal data collection, and general copyright law protects original compilations. The legality of scraping public pricing data in Australia is generally aligned with US principles, but less case law exists to provide clear guidance.

For businesses monitoring prices globally, the safest approach is to follow the most restrictive applicable standard: scrape only public data, respect robots.txt, rate-limit requests, and avoid collecting any personal data alongside pricing information.

Key Takeaway

Price scraping of publicly visible data is generally legal in the US under the hiQ v. LinkedIn precedent, but terms of service violations, authenticated access, excessive server load, and international laws can create liability. Follow best practices for rate limiting, transparency, and data minimization to stay on solid legal ground.