Web Scraping and Protection of Websites

Web Scraping and Protection of Websites

Web scraping refers to several techniques used to collect data from the internet and is also known as screen scraping or data mining. With the web scraping method, the content available on someone else's website on the Internet is collected through software that simulates website browsing and is used on the scraper's websites or services. The best-known examples of web scraping are various price comparison sites, flight tracking programs, and news-curated websites.

The concept of web scraping is related to the fact that data can now be traded like a commodity, given the technological advancements. However, the fact that content is available on the internet does not mean that it can be used again. Whether the data owner's rights have been violated is crucial. There are various legal regulations to prevent these violations.

Web Scraping Under EU, US, and Turkish Law

In EU legislation, Directive 96/9/EC [the “Directive”] has been issued to protect databases from intellectual property rights violations that may be caused by web scraping. The Directive makes a distinction based on database originality and provides copyright protection for original databases. In terms of non-original databases, the Directive on Copyright in the Digital Single Market [the “DSM Directive”] regulates “sui generis” protection.

Although regulations regarding web scraping are still rare in US law, the primary regulation in this area is the Computer Fraud and Abuse Act of 1986 [the “CFAA”]. According to the CFAA, unauthorized access to a computer system is a criminal offence. However, the term of unauthorized access has been debated since the CFAA came into force. In the hiQ v. LinkedIn decision dated 2022, the Court of Appeal held that the scraping of publicly available data was lawful and did not breach the CFAA. However, hiQ was found to have violated the LinkedIn User Agreement by creating fake profiles. Although the lawsuit was settled before a final decision was rendered, the court's decision is important because it excludes web scraping from the definition of fraud.

While there is no direct regulation on web scraping in Turkish law, Law No. 5846 Law on Intellectual and Artistic Works [the “Copyright Law”] regulates the protection of databases in parallel with the EU Directive.

Copyright Protection of Databases under Turkish Law

The relevance of data scraping to copyright is whether the use of the data would violate the copyrights of the data subjects. Based on various Court of Cassation decisions, it can be stated that the general tendency in Turkish law is to protect websites as databases and database protection is regulated in Copyright Law. In this context, Copyright Law regulates both the protection of original databases, that is, databases that are obtained by selection and compilation of data and materials according to a specific purpose and a specific plan, and Sui Generis database protection.

Article 6/b.11 of the Copyright Law protects the first type of database and is a kind of protection of work in terms of its legal nature. In this context, the owner of an original database will be able to benefit from all the work protection provisions of the Copyright Law for violations to which the database may be subject, just like the owner of a literary, musical or cinematographic work.

Databases must meet the requirements of containing content selected or arranged according to a specific purpose and within a particular plan that is accessible in any way in order to be eligible for copyright protection under Art. 6/b.11 of the Copyright Law. It should also be kept in mind that in order for a database to benefit from the protection of work and therefore from the protection of Copyright Law, it must both bear the characteristics of its author and fall within one or more of all kinds of intellectual and artistic products that are deemed scientific, literary, musical work or work of fine arts or cinematographic work.

It may not always be possible to consider every content on a website as a work as explained above. For example, it is clear that prices per square meter by neighbourhood compiled from real estate websites or comparative price information of a mobile phone cannot be defined as copyrighted work. The sui generis protection regulated in the additional Art. 8 of the Copyright Law might apply in this situation. Accordingly, the relevant database producer (the creator of a database - the investing database producer) has the right to permit or prohibit the permanent or temporary transfer of a substantial part or all of the contents of the database to another medium by any means and any form, and the distribution, sale, rental or communication to the public in any way. Certainly, it will also be possible to claim compensation for damages in the event of a breach.

Finally, although it is not the subject of this article, it should be noted that personal data related to scraped data may be subject to separate protection and websites may face claims of breach of membership or user agreements. In the EU case Ryanair v. PR Aviation, in which the Directive was applied, it was held that the use of the database of the website of Ryanair, an airline company, by the price comparison website PR Aviation through 'screenscraping' was not subject to copyright or sui generis protection. However, it was ruled that data scraping from databases can be limited by contractual obligations (user agreement, membership agreement, etc.), provided that it is in accordance with national law.

Conclusion

Turkish law does not yet have a regulation directly regulating web scraping. Nonetheless, it appears that websites may be protected against right violations caused by data scraping under work protection or Sui Generis protection provisions, if they meet the requirements stipulated in the Copyright Law according to the type of database.