The Supreme Korean court says that scraping publicly available data is legal

On May 12, 2022, the Korean Supreme Court held in Case No. 2021Do1533 that scraping publicly available data from a competitor’s website does not violate the asserted laws, including the Copyright Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection (“Information Protection Act”). This Korean decision is comparable and in line with the decision of the United States Court of Appeals for the Ninth Circuit in hiQ Labs, Inc. v. LinkedIn Corp. on April 18, 2022 which reaffirmed its finding that hiQ Labs did not violate the asserted state and federal law, including the federal Computer Fraud and Abuse Act by scraping data in bulk from public LinkedIn profiles.

Background

Yanolja Co., Ltd. (“Yanolja”) is an online travel agency, which provides accommodation information via its website and mobile app and facilitates booking and other transactions between accommodation providers and customers. GC Company Corp. (“GC Company”) is also an online travel agency and is a Yanolja’s competitor.

GC Company developed and used a scraping tool to (i) access Yanolja’s website and mobile app, (ii) collect information — such as a list of accommodation partners, address and price of accommodations — by entering command calling information via Yanolja’s API (Application Programing Interface) server, and (iii) share the collected information internally for its marketing and promotion purposes.

With respect to the foregoing scraping activity, Yanolja filed a criminal complaint accusing GC Company and its officers and employees (collectively, the “Defendants”) of violating the Information Protection Act, the Copyright Act, and the Criminal Code by interfering with its business.

The court of first instance found the Defendants guilty of all charges (i.e., violation of the Information Protection Act, infringement of database producer’s rights under the Copyright Act, and violation of the Criminal Code by criminally interfering with Yanolja’s business involving computer database). The appellate court overturned the lower court ruling and the Defendants were found not guilty of all charges. The Supreme Court affirmed the appellate court’s decision.

Supreme Court Decision

1. Information Protection Act

The Supreme Court held that the Defendants did not access an unauthorized or restricted information network and found Defendants not guilty of violating the Information Protection Act based on the following findings: (i) there was no objective evidence showing that access to Yanolja’s API server was restricted or that Yanolja has implemented any technical measures blocking unauthorized access; (ii) Yanolja’s general terms of use was clearly applicable to registered users only; (iii) Yanolja’s general terms of use did not prohibit use of packet capture and scraping, which was used by Defendants; (iv) Yanolja’s API server was accessible via mobile app and a PC web browser; and (v) there was no reason to restrict access to Yanolja’s API server, as it was not used for storing valuable business information.

More specifically with respect to (i) above, the Supreme Court explained that the issue on whether a service provider restricted its information communication network must be determined by comprehensively taking into account a variety of objective circumstances, such as security measures and terms of use. Based on the foregoing standard, the Supreme Court determined that Yanolja failed to restrict access to its API server.

2. Copyright Act

A person is liable for infringing database producer’s rights when such person reproduces all or substantial part of database. A substantial part of database can be determined based on both quantitative and qualitative aspects. For qualitative consideration, one should question whether a database producer has made substantial investment to update, verify, or supplement the reproduced portions or materials.

The Supreme Court held that the Defendants did not infringe the database producer’s rights and found Defendants not guilty of violating the Copyright Act based on the following findings: (i) the Defendants did not reproduce, as objectively determined, all or substantial part of Yanolja’s database but merely reproduced only the individual materials of the database and rearranged it in an Excel file; and (ii) the amount of data collected by the Defendants was not deemed statutorily substantial, as the Defendant’s act did not conflict with Yanolja’s ordinary use of its database nor unreasonably harmed Yanolja’s interest.

More specifically with respect to (i) above, the Supreme Court explained it could not find that Yanolja made substantial investment to collect the information collected by the Defendants, as such information was already widely known to the general public.

3. Criminal Code

The Supreme Court also found Defendants not guilty of violating the Criminal Code in light of the following findings: (i) the Defendants’ act of scraping did not interfere with information processing on Yanolja’s API server; (ii) the Defendants’ act of scraping did not interfere with Yanolja’s booking business; (iii) the Defendants did not interfere with Yanolja’s business, because its scraping did not modify data within Yanolja’s API server; and (iv) the Defendants lacked mens rea for criminal interference with business, as the Defendants merely intended to collect accommodation information from Yanolja’s API server.

Takeaways

It is worth noting that the Supreme Court in Case No. 2021Do1533 confirmed data scraping itself is merely a technology and is not per se illegal. As described above, the Court provided standards for determining whether particular acts would or would not be illegal data collection via scraping. As a result, companies, which utilize technology that can be considered crawling to analyze data from competitors, are advised to reference the standards set out in this Supreme Court decision.

In addition to the criminal case, a civil lawsuit between Yanolja and GC Company is currently pending on appeal. In the civil lawsuit, the district court agreed with Yanolja’s allegations that GC Company violated the catch-call provision of the Unfair Competition Prevention and Trade Secret Protection Act (“UCPA”), and awarded KRW 1 billion (approx. USD 0.8 million) in compensatory damages to Yanolja. GC Company appealed the district court’s decision, and the appellate proceeding is pending before the Seoul High Court.

While it is yet unsure whether the Supreme Court decision in the criminal case (Case No. 2021Do1533) would have any impact on the appellate court’s decision in the civil case, online service providers engaged in scraping should be mindful of the outcome of the pending civil appellate case because the High Court will address on first impression the applicability of the catch-call provision under the UCPA in the context of web scraping.