How Open Banking May Affect the Legality of Screen Scraping

Screen scraping – the technique of automatically collecting, parsing, and organizing data from the web – has over the past two decades been used for everything from targeted advertising to price aggregation to academic research. It can, however, be detrimental to the data host and consumer. Scraping is parasitic when it undercuts a website’s revenue by republishing data without requiring users to view supporting advertisements. It can also facilitate copyright infringement or overload the data host’s servers. What’s more, screen scraping can raise privacy concerns for consumers if it collects identifiable information or enables new forms of surveillance. In the banking context – where login credentials may be shared to allow the scraping of account data – there are additional concerns about cybersecurity, data breaches, and liability allocation for unauthorized transactions. These various instances of screen scraping have led to litigation against scrapers, most notably in the U.S.

In a recent article, I have undertaken a comprehensive survey, mapping out the trajectory of relevant laws and jurisprudence around screen scraping in three common law jurisdictions: the U.S., the UK, and Australia. In the five areas I investigated – “digital trespass” statutes, tort, intellectual property rights, contract, and data protection – my findings reveal differences in how each country addresses the legality of screen scraping.  Specifically, I argue that the use of tort law, in the form of a “trespass to chattels” claim, is more likely to succeed in the U.S. than in the UK or Australia. The Computer Fraud and Abuse Act (CFAA) is also useful for suing scrapers in the U.S., despite the statute’s vague and evolving definition of “authorized” access. While there are comparable laws (i.e., Computer Misuse Act in the UK and Cybercrime Act 2001 in Australia) in other two jurisdictions, they have not yet been used against scrapers, although recent landmark decisions in the U.S. may serve as models for UK or Australian courts. By contrast, intellectual property infringement claims are more likely to succeed in the UK, given the existence of a “database right,” which does not exist in the other two countries. There is room for claims based on contractual rights (derived from a website’s terms of use) in all three common law jurisdictions. However, in Australia, such claims may be the first line of defense against screen scraping, considering the absence of a hacking statute or database right. Finally, scraping personally identifiable information may breach privacy or data protection in Australia and the UK, but it is less clear whether it is a violation in the U.S., which still lacks a comprehensive data privacy law.

Despite such differences, the rise of data-sharing under the banner of “Open Banking” may bring a certain level of convergence. I argue that, to the extent Open Banking mandates or facilitates data sharing – depending upon the regulations in each jurisdiction – it could reduce the need for screen scraping. This is especially so in the Europe – and even more so if the UK Smart Data initiative expands these data-sharing principles beyond the financial sector. Conversely, the financial data-sharing environment is less evident in the U.S., which lags in building up Open Banking. Australia lies in the middle of these two extremes: It has a comprehensive Consumer Data Rights (CDR) regime that can theoretically reduce the need to screen scrape. However, given that it imposes no ban on screen scraping (unlike the EU/UK model), it has a loophole for data miners to work around the new regime and continue scraping data.

In short, with the emerging trend of data sharing, one could witness a sea change in the screen scraping legal landscape. Insofar as data sharing schemes enable information to flow between entities, one would expect some level of convergence. However, such a convergence is qualified by the institutional design of data-sharing schemes – whether they explicitly address screen scraping (as in Australia and the UK) and whether there is a government-mandated data-sharing regime (as in the U.S.). These are, of course, just preliminary findings, though they can serve as a starting point for a larger project exploring the role of screen scraping in the digital economy. Debates continue on the legality of screen scraping and some issues not discussed in my paper – such as the link between data sharing and antitrust and conflict of laws. It remains to be seen how these three nations and others develop a more holistic approach to this technology by striking the right balance between different stakeholders entering the age of big data.

This post comes to us from Dr. Han-Wei Liu at Monash University, Australia. It is based on his recent paper, “Two Decades of Laws and Practice Around Screen Scraping in the Common Law World and Its Open Banking Watershed Moment,” available here.

1 Comment

  1. Nick Thomas

    The financial industry in the US and Canada have been actively working towards a standard to move data aggregation from consumer-initiated and explicitly permissioned screen scraping to consumer-permissioned access via the Financial Data Exchange API standard.

    Banks, Data Access Providers, Consumer Advocacy groups, and Financial Technology companies have joined together to make this happen in an open and transparent way.

Comments are closed.