Yes, scraping public data in the UK is generally lawful if conducted within legal boundaries, but compliance hinges on data protection, intellectual property, and sector-specific regulations. The Information Commissioner’s Office (ICO) and UK courts distinguish between accessible and lawfully obtained data versus unlawfully extracted or misused information. Recent 2026 guidance from the ICO emphasizes proportionality, transparency, and adherence to the UK GDPR and Data Protection Act 2018, particularly when personal data is involved.
Key Regulations for Scraping Public Data in United Kingdom
- UK GDPR and Data Protection Act 2018: Scraping personal data without a lawful basis (e.g., consent or legitimate interest) violates these frameworks. The ICO’s 2026 Data Scraping and Web Crawling Guidance clarifies that automated collection must not infringe individuals’ privacy rights, even if data is publicly available.
- Copyright, Designs and Patents Act 1988: Extracting and reproducing copyrighted content (e.g., databases, creative works) without permission may constitute infringement. Courts apply the British Horseracing Board v William Hill precedent, where structured data compilation was protected.
- Computer Misuse Act 1990: Unauthorized access or circumvention of technical measures (e.g., IP blocking, CAPTCHAs) to scrape data can lead to criminal liability. The Act’s 2026 amendments broaden penalties for “digital trespass,” including automated scraping tools.
Organizations must conduct Data Protection Impact Assessments (DPIAs) for large-scale scraping projects and document lawful bases under Article 6 UK GDPR. Sector-specific rules, such as the Financial Conduct Authority’s (FCA) 2026 Digital Data Collection Policy, further restrict scraping in regulated industries. Failure to comply risks enforcement actions, fines up to 4% of global turnover, or injunctions.