PINGDOM_CHECK

#ExtractSummit2026 The world's largest web scraping conference returns. Austin Oct 7–8 · Dublin Nov 10–11.

Register now
Data Services
Pricing
Login
Try Zyte APIContact Sales
  • Unblocking and Extraction

    Zyte API

    The ultimate API for web scraping. Avoid website bans and access a headless browser or AI Parsing

    Ban Handling

    Headless Browser

    AI Extraction

    SERP

    Enterprise

    DocumentationSupport

    Hosting and Deployment

    Scrapy Cloud

    Run, monitor, and control your Scrapy spiders however you want to.

    Coding Agent Add-Ons

    Agentic Web Data

    Plugins that give coding agents the context to build production Scrapy projects. Starts with Claude Code.

  • Data Services
  • Pricing
  • Browse

    • BlogArticles, podcasts, videos
    • Case studiesCustomer outcomes
    • White papersIn-depth reports
    • EventsConferences, webinars, recordings

    Subscribe

    • NewsletterSwiftly delivered
    • Discord communityExtract Data community
  • Product and E-commerce

    From e-commerce and online marketplaces

    Data for AI

    Collect and structure web data to feed AI

    Job Posting

    From job boards and recruitment websites

    Real Estate

    From Listings portals and specialist websites

    News and Article

    From online publishers and news websites

    Search

    Search engine results page data (SERP)

    Social Media

    From social media platforms online

  • Meet Zyte

    Our story, people and values

    Contact us

    Get in touch

    Support

    Knowledge base and raise support tickets

    Terms and Policies

    Accept our terms and policies

    Open Source

    Our open source projects and contributions

    Web Data Compliance

    Guidelines and resources for compliant web data collection

    Join the team building the future of web data
    We're Hiring
    Trust Center
    Security, compliance & certifications
Login
Try Zyte APIContact Sales

Zyte Developers

Coding tools & hacks straight to your inbox

Become part of the community and receive a bi-weekly dosage of all things code.

Join us
    • Zyte Data
    • News & Articles
    • Search
    • Social Media
    • Product
    • Data for AI
    • Job Posting
    • Real Estate
    • Zyte API - Ban Handling
    • Zyte API - Headless Browser
    • Zyte API - AI Extraction
    • Web Scraping Copilot
    • Zyte API Enterprise
    • Scrapy Cloud
    • Solution Overview
    • Blog
    • Webinars
    • Case Studies
    • White Papers
    • Documentation
    • Web Scraping Maturity Self-Assesment
    • Web Data compliance
    • Meet Zyte
    • Jobs
    • Terms and Policies
    • Trust Center
    • Support
    • Contact us
    • Pricing
    • Do not sell
    • Cookie settings
    • Sign up
    • Talk to us
    • Cost estimator
All articles
AI60, 60 articles
Data quality13, 13 articles
Developer interest57, 57 articles
Integration2, 2 articles
Open-source40, 40 articles
Proxies29, 29 articles
Scraping practice17, 17 articles
Scraping strategy26, 26 articles
Web data60, 60 articles
Web scraping APIs33, 33 articles
Zyte API59, 59 articles
Scrapy48, 48 articles
Scrapy Cloud10, 10 articles
Web Scraping Copilot12, 12 articles
AI & Machine Learning1, 1 articles
Automotive2, 2 articles
E-commerce & retail26, 26 articles
Entertainment & Streaming2, 2 articles
Financial Services8, 8 articles
Government2, 2 articles
Market Research & Intelligence3, 3 articles
Media & publishing8, 8 articles
Real Estate2, 2 articles
Recruitment & HR3, 3 articles
Transportation & Logistics2, 2 articles
Travel & hospitality2, 2 articles
Extract Summit25, 25 articles
PyCon1, 1 articles

Appearance

Discord Community
BlogLeadershipGDPR: Public and Personal Data Update
ArticleLeadership

GDPR: Public and Personal Data Update

GDPR & Public Personal Data Update - Stay informed about the latest updates and guidelines on GDPR and public personal data.

S

Sanaea Daruwalla

3 min read · July 25, 2019

GDPR: Public and Personal Data Update

GDPR update: Scraping public personal data

One common misconception about scraping personal data is that public personal data does not fall under the GDPR. Many businesses assume that because the data has already been made public on another website that it is fair game to scrape. In actuality, GDPR makes no blanket exceptions for public personal data and the same analysis for any other personal data must be conducted prior to scraping public personal data as well (see our previous posts on GDPR for web scraping and web scraping legal check). It is also worth noting that there are some exemptions under GDPR and the ICO provides a great overview of these exemptions - read them here. In this post, we will focus on public personal data in general, as it comes up frequently as a point of confusion.

Disclaimer: I am not a lawyer, and the recommendations in this guide do not constitute legal advice. Our Head of Legal is a lawyer, but she’s not your lawyer, so none of her opinions or recommendations in this guide constitute legal advice from her to you. The commentary and recommendations outlined below are based on Zyte's experience helping our clients (startups to Fortune 100s) maintain GDPR compliance while scraping billions of web pages each month. If you want assistance with your specific situation then you should consult a lawyer.

A recent decision from the Polish GDPR regulator clearly sets forth the necessity to comply with GDPR even when dealing with public personal data.

In March 2019, the Polish regulator issued a £187,000 fine against a company for scraping public personal data and reusing that data without notifying the data subjects. The company in question is said to have taken personal data on over six million Polish citizens from the country’s Central Electronic Register and Information on Economic Activity. However, it only informed 90,000 of the individuals that it had email addresses for, asserting that “high operational costs” prevented it from doing more. The company attempted to use the argument that there was a disproportionate effort in notifying all the individuals for whom they did not have email addresses, but the Polish regulator did not find that convincing. It should be noted that it’s unclear whether they conducted a full DPIA or not, which is something we always recommend if you are conducting any type of personal data scraping without the data subject’s explicit consent or contractual agreement.

Despite the company’s arguments regarding the disproportionate costs, the Polish regulator found that the company should have used the postal addresses and telephone numbers it had to notify individuals about (1) the data they used, (2) the source of their data, (3) the “purpose and the period of the planned data processing,” and (4) their rights under the GDPR. So the Polish regulator found that even when taking public personal data, and even when the operational burden to notify is high, you still have very strict obligations to the data subjects that you must comply with.

gdpr-web-scraping-compliance-tool-scanner

This is a clear signal that there is likely no way around your obligations to notify individuals of your scraping of their public personal data. If you have their email, telephone, physical address, or other means to contact them, you are obliged to provide the requisite notifications. Furthermore, if you are being investigated, ensure that you are clearly taking actions to rectify any issues or you may open yourself up to further unnecessary fines. Finally, if you do decide to take the DPIA route, ensure that it is well documented and that if there is a way to notify the data subjects to do so.

It is really important for Web Scraping companies to stay updated with the rules and regulations around data extraction to remain web compliant. At the Web Data Extraction Summit, we will discuss issues like this and many more so that you can make sure that your scraping process is productive and respectful, so make sure you attend to get best practice tips to ensure you remain compliant.

If you are considering commencing a web scraping project for your business that might extract personal data from public websites and you want to ensure it is GDPR compliant, then don’t hesitate to reach out to us. Our engineering team of 60+ crawl engineers and data scientists can build a custom web scraping solution for your specific needs.

Try Zyte API

Build your first scraper in minutes

Free trial, no credit card. From a single request to production in an afternoon.

Get started
Leadership
S

Sanaea Daruwalla

More from this author

Follow

Get the latest

Zyte and the data web in your inbox — or wherever you already are.

Subscribe

Or follow elsewhere

Continue reading

Electric cars and the journey to the future of web data
Leadership

Electric cars and the journey to the future of web data

Discover how web scraping APIs are replacing proxy-based setups, just as electric vehicles are transforming the auto industry. Learn why APIs deliver lower total cost, better scalability, and long-term value for web data teams.

Iain Lennon·10 min·February 16, 2026
Building solidarity and strategy at Zyte’s global meet-up
Leadership

Building solidarity and strategy at Zyte’s global meet-up

How 180 Zytans from 28 countries came together to plan the future, build relationships and learn from customers.

Suzanne Hassett·5 minutes·February 13, 2026
Balancing innovation and regulation in data scraping
Leadership

Balancing innovation and regulation in data scraping

Explore the balance between innovation and regulation in data scraping. Recent court rulings (like Meta v. Bright Data) favor scraping public data, but compliance with copyright, 'fair use,' and strict GDPR rules for personal data remains essential.

Sanaea Daruwalla·10 Mins·October 14, 2025

The Community · Newsletter

The best of Zyte and the data web, in your inbox.

One curated edition — new articles, product updates, and the stories shaping the data web. No noise.

G2.com

Capterra.com

Proxyway.com

EWDCI logoMost loved workplace certificateZyte rewardISO 27001 iconG2 rewardG2 rewardG2 reward

© Zyte Group Limited 2026