23 January 2020
In the beginning of 2015, the Court of Justice of the European Union (CJEU) made a decision that is very important for online businesses within the EU.
Since the CJEU ruling from Ryanair Limited v PR Aviation, if a business has a database that is made public but that is not protected under the Database Directive, the business can now use their Terms and Conditions agreement to prohibit screen scraping of their data.
This applies to websites, mobile apps, or any sort of online media where data is stored, utilized, or accessible to the public.
This is very positive news for businesses that wish to prohibit screen scraping, but who were unable to legally limit this activity under the Database Directive.
Now, all a business owner must do is write the proper language into their Terms and Conditions of using the website that prohibits screen scraping and then requiring users to accept the terms before using the site or accessing the portion of the website where the data is located.
These two steps will provide legal recourse and protection to your business in the event that the data gets scraped:
Screen scraping refers to the practice of collecting or capturing all visual data from a website for use elsewhere.
It's also known as data scraping.
The process is typically automated and done with a program or some form of software or application.
This practice is very commonly done by websites that offer or provide quickly-changing information from other websites, such as pricing or sports scores.
Kayak is a website that allows users to search for hotels, flights and car rental prices from their own website as well as a number of different websites so the best deals can be found across all of the websites.
Data from these other websites is pulled in to the Kayak website by screen scraping the necessary data on those individual websites. But Kayak has agreements in place with companies that make this not prohibited by them to do so.
The following image is an example of Kayak's interface that allows data from a number of websites and sources (Priceline, Booking.com, Hotels.com, Expedia, Travelocity) to be pulled in to a single website search:
While Kayak's practices are contractually authorized and legal, other similar websites like Kayak participate in screen scraping in an unauthorized way.
In the recently decided case referenced above - Ryanair Limited v PR Aviation - there was no agreement between Ryanair and PR Aviation that would allow PR Aviation to use any of Ryanair's data in any way.
Ryanair sells flights through its website and requires users to agree to and accept its Terms and Conditions before any flight pricing information is displayed:
The clause prohibiting screen scraping is this:
2. Exclusive online distribution channel. This website is the only website authorized to sell Ryanair flights, whether on their own or as part of a package. Price comparison websites may apply to enter into a written License Agreement with Ryanair, which permits such websites to access Ryanair's price, flight and timetable information for the sole purpose of price comparison.
PR Aviation had to agree to these terms of the Ryanair website in order to access the airfare prices and flight data for the flights being sold there.
PR Aviation then ran software that would automate a screen scrape to pull the pricing data for the Ryanair flights into the PR Aviation website for resale.
Ryanair commenced with legal proceedings against PR Aviation.
The court found in favor of Ryanair, which led to the decision that if a business has a database that is made public but is not protected under the Database Directive, the business can now utilize their Terms and Conditions agreement to prohibit screen scraping of their data.
Ryanair was protected against screen scraping because of the language in their Terms and Conditions agreement, and because access to their data was conditioned upon acceptance of these terms.
As a business owner who wishes to keep your data safe from screen scraping, you should do the following:
Explicitly write in your website's Terms and Conditions agreement that you prohibit users from recording your data with automated programs, software, or any other method of screen scraping.
Make it clear that your data is yours.
You can also note a prohibition on using your data for commercial use.
Be very specific and concrete about what you will allow your data to be used for, or, what you will not allow your data to be used for.
Once you write your Terms and Conditions agreement in such way that users can't scrap your data, set up your website so that the data you wish to keep protected is kept in a separate section of the website that can only be accessed by users after they agree to your agreement.
This is called a click-wrap agreement. Here's an example from EngineYard linking to its Terms of Service agreement:
For example, the way that Ryanair requires users to agree to and accept its Terms and Conditions agreement before any flight pricing information is displayed is a very effective way to set up on your website as well:
This separation of data ensures that no data can be accessed by a user before the user accepts your Terms and Conditions, thus keeping all of your data covered by your agreement.
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.