Data Misappropriation

How to Cite

Xiao, G. (2023). Data Misappropriation: A Trade Secret Cause of Action for Data Scraping and a New Paradigm for Database Protection. Science and Technology Law Review, 24(1), 125–172.


Data scraping (also called web scraping, screen scraping, or web crawling) is a technique that uses “bots” to automate the collection of information from publicly available websites. Fundamentally, data scraping is data copying. Intellectual property (“IP”) law—namely, copyright—typically handles disputes involving copying. However, copyright law largely fails to protect data and databases (i.e., compilations of data). Instead, plaintiff websites assert contract law, Computer Fraud and Abuse Act (“CFAA”), and state unfair competition law (common law misappropriation, unjust enrichment, conversion, and trespass to chattel) claims against data scrapers.

This Note proceeds as follows. First, this Note examines how scrapers can be liable under trade secret law for scraping data from publicly accessible websites. Initially, trade secret law seems incongruous with data scraping because the core concept of trade secret law—secrecy—is seemingly at odds with public accessibility. If a website is publicly available, how can a scraper be liable for trade secret misappropriation of the website’s data? This Note explains how a recent Eleventh Circuit case, Compulife Software Inc. v. Newman, laid the groundwork for a trade secret cause of action. This Note reconciles Compulife with existing trade secret jurisprudence, argues that Compulife was rightly decided as a matter of both law and policy, and provides a roadmap for courts to apply trade secret law to data scraping cases.

Second, this Note explains why courts and litigators should use trade secret law to adjudicate data scraping disputes. Specifically, this Note argues that, compared to the existing alternatives, trade secret law is best suited to handle the various policy issues surrounding data scraping. This Note explains how contract law and the CFAA have filled the database void left by copyright law: contract law and the CFAA have become “quasi-IP” regimes, granting websites property rights in databases otherwise unprotected by copyright law. In response to the emergence of quasi-IP, this Note argues for reconceptualizing the data scraping problem by reframing data scraping as data copying—reframing data scraping with an intellectual property lens. Trade secret law offers a framework for that reconceptualization. In contrast to contract law and the CFAA (an anti-hacking law premised on criminal trespass principles), trade secret law provides courts and litigators with the appropriate IP-based doctrinal levers to analyze data scraping cases.

Finally, this Note analyzes how EU law filled the database gap by creating an IP right, the sui generis database right. This Note argues that Compulife’s trade secret theory emulates many aspects of the EU sui generis database right. In this sense, Compulife’s trade secret theory can be seen as the United States’ attempt to fashion its own sui generis database right to fill the database gap left by copyright.
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Copyright (c) 2022 Geoffrey Xiao