Skip to content

Is Web Scraping Legal in Germany?

While scraping public data is safe and legal in Germany some data can be subjected to common laws like GDPR and DMCA. In Germany, these laws are pursued by the Federal Commissioner for Data Protection and Freedom of Information (BfDI):

GDPR (General Data Protection Regulation)

European Union data protection law that impacts personal data collection related to EU citizens. The GDPR requires that companies must have a legal basis for collecting and using personal data. This includes obtaining explicit consent from the individuals concerned, or having a legitimate reason for collecting the data. If a company is scraping personal data from a website, it must have a legal basis for doing so, and it must inform the individuals concerned about the data being collected, used, and shared.

In practice, this law prevents scraping of personal user data as acquiring consent is very impractical. It's worth noting that even if certain pieces of information, such as names, are removed, the data may still be considered personal data if it can be used to identify an individual through other means, such as through a combination of other data points. For example, if a dataset contains information such as email addresses, age, location, and occupation, it could still be considered personal data under GDPR, even if the names have been removed.

GDPR is a relatively new law and there are still many unanswered questions about how it applies to web scraping. However, it is generally considered to be a very strict law and it's best to avoid scraping personal data until more information is available.

Just like most copyright frameworks EU copyright laws protect literary, artistic, and scientific works, including text, images, and videos. This means that if the content is protected by copyright, it can only be scraped with the permission of the copyright holder. However, if the content is considered to be in the public domain or is otherwise not protected by copyright, it can be scraped without permission.

Sui Generis Database Protection

EU law also provides protection for sui generis database protection, it applies to databases that by reason of the selection or arrangement of their contents constitute the author's own intellectual creation. This means that if the database was created by someone and it constitutes an original work, the person who created it has the right to prevent extraction and re-utilization of the contents of that database.

There's no precedence for this law being used to prosecute web scraping, but it's worth noting that it could be used to prosecute web scraping if the scraped data is considered to be an original database.

There aren't many notable cases directly related to web scraping in Germany other than recent explicit ruling on web scraping legality:

In 2014/2018, the German Federal Court of Justice (Bundesgerichtshof) ruled that the scraping of publicly available data, including personal data, is generally permissible under German data protection laws. However, the court emphasized that the scraped data must not be used for any illegal purposes, and that the scraping must not violate the rights of the data subjects. 1