Yes, web scraping is legally permissible in Singapore if conducted within the bounds of intellectual property, data protection, and contract law. The Personal Data Protection Commission (PDPC) and the Singapore courts have not outright banned scraping, but unauthorized access or extraction of data may violate the Computer Misuse Act (CMA) or the Personal Data Protection Act (PDPA). Businesses must ensure compliance with terms of service, copyright statutes, and data minimization principles to avoid enforcement actions.
Key Regulations for Web Scraping in Singapore
- Personal Data Protection Act (PDPA): Scraping personal data without consent or a legitimate purpose breaches PDPA obligations, particularly under the Consent and Purpose Limitation provisions. The PDPC has signaled stricter enforcement post-2026, aligning with global trends in data sovereignty.
- Computer Misuse Act (CMA): Unauthorized access to computer systems—including bypassing CAPTCHAs or exploiting vulnerabilities—constitutes an offense under Section 3 of the CMA, carrying penalties up to SGD 10,000 and/or 3 years’ imprisonment.
- Copyright Act: Extracting copyrighted content without permission may infringe Section 19 of the Copyright Act, especially if the data is republished or monetized. Fair dealing exceptions (e.g., research, criticism) are narrowly construed.
Singapore’s legal framework prioritizes proportionality: scraping public data for analysis is generally tolerated, but commercial exploitation or disregard for contractual restrictions invites liability. The PDPC’s Advisory Guidelines on the PDPA for Selected Topics (2022) emphasize transparency in data collection, while the Infocomm Media Development Authority (IMDA) monitors emerging risks in automated data harvesting. Entities should conduct due diligence on target websites’ robots.txt files and terms of use to mitigate exposure.