Table of Contents
- 5 Famous Web Scraping Court Cases Where Scrapers Won
- 1) hiQ Labs, Inc. v. LinkedIn Corp. (9th Cir., 2019; reaffirmed 2022)
- 2) Van Buren v. United States (U.S. Supreme Court, 2021)
- 3) Perfect 10, Inc. v. Amazon.com, Inc. (Google Image Search) (9th Cir., 2007)
- 4) British Horseracing Board Ltd v. William Hill (CJEU, 2004) (C-203/02)
- 5) Fixtures Marketing Ltd v. OPAP (CJEU, 2004) (C-444/02)
5 Famous Web Scraping Court Cases Where Scrapers Won
Web scraping is not automatically legal or illegal.
Legality depends on what you access (public vs. behind login), what you copy (facts vs. creative expression), how you access it (respecting access controls and technical measures), what your Terms of Service say (contract), and which jurisdiction applies (US vs. EU/UK rules can differ a lot).
If you want a practical baseline before reading case law, start with ethics and operational "be polite" behavior:
This post is not legal advice.
1) hiQ Labs, Inc. v. LinkedIn Corp. (9th Cir., 2019; reaffirmed 2022)
Case: hiQ Labs, Inc. v. LinkedIn Corp., U.S. Court of Appeals for the Ninth Circuit.
- 2019 opinion (PDF): https://cdn.ca9.uscourts.gov/datastore/opinions/2019/09/09/17-16783.pdf
- 2022 opinion (PDF): https://cdn.ca9.uscourts.gov/datastore/opinions/2022/04/18/17-16783.pdf
What was being scraped: hiQ collected data from public LinkedIn profile pages to power analytics products.
Claims raised: The fight centered on the Computer Fraud and Abuse Act (CFAA) and whether scraping public pages becomes "without authorization" after LinkedIn objects and tries to block access.
What the court held (plain English): Public web pages are treated differently from breaking into a protected system. The Ninth Circuit was skeptical of turning "we sent you a cease-and-desist" into a CFAA "hacking" claim for genuinely public pages.
Why it mattered: In the US, CFAA threats are a common anti-scraping strategy. This case made that strategy harder (at least for public pages, in this circuit, on these facts).
Practical takeaway: Public vs. gated access is the first branch in your legal risk tree. The moment you scrape behind login/paywalls, or bypass technical controls, the risk profile changes sharply.
2) Van Buren v. United States (U.S. Supreme Court, 2021)
Case: Van Buren v. United States, Supreme Court of the United States.
- Opinion (PDF): https://www.supremecourt.gov/opinions/20pdf/19-783_k53l.pdf
Why it is scraping-relevant: This is not a "web scraping" fact pattern, but it is a major CFAA interpretation decision. Many scraping disputes try to reframe policy or purpose violations as CFAA claims.
What the Court held (plain English): The Court read "exceeds authorized access" narrowly. Having legitimate access and then using it for an improper purpose is not automatically a CFAA violation; the concept focuses more on crossing access boundaries (getting into parts you are not entitled to access).
Why it mattered: It reduced the risk that "you violated a policy/ToS" turns into a federal computer crime theory by itself.
Practical takeaway: A ToS violation may still create contract risk, but it is less likely (by itself) to be treated as CFAA "hacking" in many contexts. Authentication bypass and defeating access controls remain high risk.
3) Perfect 10, Inc. v. Amazon.com, Inc. (Google Image Search) (9th Cir., 2007)
Case: Perfect 10, Inc. v. Amazon.com, Inc., U.S. Court of Appeals for the Ninth Circuit.
- Opinion (PDF): https://cases.justia.com/federal/appellate-courts/ca9/06-55405/0655405-2011-02-25.pdf
What was being crawled: Google's systems crawled and indexed images, and displayed thumbnails in image search results.
Claims raised: Copyright infringement claims against a large-scale crawler/search product.
What the court held (plain English): The court treated thumbnails in a search/discovery context as strongly transformative and found fair use on key points. (This is not a blank check to republish full-size images or entire works.)
Why it mattered: It validated an important crawler pattern: copy only what is necessary to index/search, show reduced representations (snippets/thumbnails), and route users to the source.
Practical takeaway: The closer your scraped output is to being a substitute for the original (full articles, full-resolution images, full databases), the higher your IP risk. Snippets and indexing use cases are easier to defend than wholesale republication.
4) British Horseracing Board Ltd v. William Hill (CJEU, 2004) (C-203/02)
Case: The British Horseracing Board Ltd and Others v William Hill Organization Ltd, Court of Justice of the European Union (Grand Chamber).
- Judgment (EUR-Lex): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62002CJ0203
What was being "extracted": Racing data was used by a betting operator; the dispute focused on the EU Database Directive's "sui generis" database right.
Claims raised: "Extraction" / "re-utilisation" of substantial parts of a database, and repeated extraction of insubstantial parts.
What the court held (plain English): Database-right protection was narrowed in important ways. Investment in creating the underlying data was not automatically treated as investment in obtaining the contents for database-right protection.
Why it mattered: In the EU/UK, a lot of scraping conflicts are really database-right conflicts. This line of cases limited how far database-right claims can reach for certain fact-heavy datasets.
Practical takeaway: In EU/UK, treat database right as a first-class risk category. Avoid rebuilding someone else's database, minimize volume, and be explicit about what fields you take and why.
5) Fixtures Marketing Ltd v. OPAP (CJEU, 2004) (C-444/02)
Case: Fixtures Marketing Ltd v Organismos prognostikon agonon podosfairou AE (OPAP), Court of Justice of the European Union (Grand Chamber).
- Judgment (EUR-Lex): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62002CJ0444
What was being "extracted": Football fixture lists (structured facts: dates/teams) used for betting products.
Claims raised: EU Database Directive "sui generis" database right.
What the court held (plain English): A fixtures list can qualify as a "database," but protection is not automatic. Effort spent creating the underlying schedule is not the same as protected investment in obtaining/verifying/presenting existing independent materials.
Why it mattered: It reinforced that database right is not simply a reward for creating facts/events.
Practical takeaway: Even where database right is weak, contract/ToS and technical access restrictions can still create real risk. Legal safety is a bundle, not a single doctrine.
Closing: what these cases do (and do not) mean
These cases do not mean "scraping is always legal." They show that legality depends on context.
Key factors that tend to decide outcomes:
- Public vs. gated access (login, paywall, auth boundaries)
- What is copied (facts/fields vs. protected expression)
- How much is copied (substantial parts; systematic rebuilding)
- Technical measures (blocks, challenges, circumvention)
- Terms/permissions (ToS, robots.txt, licenses, notices)
- Jurisdiction (US CFAA/copyright/contract vs. EU/UK database right and related doctrines)
If you want scraping to be sustainable, build compliance into your crawler from day one: scope limits, rate limiting, backoff, and clear rules about what content you store and republish.