Is Web Scraping Legal In New Zealand? Essential Compliance Guide

Alex Solo
byAlex Solo11 min read
Regulatory Compliance
Contents

If you run a small business in New Zealand, web scraping can feel like a shortcut to better data - competitor pricing, market research, lead lists, product catalogues, or trend analysis.

But before you spin up a script (or pay a vendor to do it for you), it’s worth slowing down and asking the key question: is web scraping legal in New Zealand?

The helpful (and slightly frustrating) answer is: it depends on what you’re scraping, how you’re accessing it, and what you plan to do with it.

This guide breaks down the main legal and compliance issues for NZ businesses, in plain English, so you can use web scraping confidently - without accidentally creating privacy, IP, consumer law, or cyber risk problems for your business.

What Counts As Web Scraping (And Why Businesses Use It)

Web scraping generally means using software (a “bot”, “crawler”, or script) to automatically extract data from websites. It’s different from a person manually copying and pasting information, because scraping usually happens at scale and speed.

Small businesses commonly use scraping for:

  • Competitor monitoring (prices, stock availability, promotions)
  • Market research (product ranges, customer reviews, category trends)
  • Lead generation (business directories, publicly listed contact details)
  • Content aggregation (job listings, events, property listings, travel or product info)
  • Training data (for analytics tools or AI systems)

Done carefully, scraping can be legitimate and commercially sensible. Done carelessly, it can create serious legal exposure - and the risks don’t always show up until you’re already relying on the data.

There isn’t one single “Web Scraping Act” in New Zealand that makes scraping legal or illegal across the board. Instead, legality comes down to how web scraping interacts with several areas of law.

So when people ask whether web scraping is legal, the real questions are usually:

  • Are you allowed to access the website the way you’re accessing it?
  • Are you allowed to copy and reuse the data you’re extracting?
  • Are you collecting personal information, and if so, are you handling it lawfully?
  • Are you using the scraped data in a way that could mislead customers or harm others?

In practical terms, web scraping in NZ is more likely to be on the right side of the law when:

  • The data is genuinely public and you’re not bypassing security or access restrictions
  • You respect the website’s terms of use and technical controls
  • You avoid collecting personal information (or you have a solid privacy compliance framework if you do)
  • You don’t copy protected content (like articles, images, or databases) in a way that infringes IP
  • You use the information fairly and honestly (especially if you publish it or use it in marketing)

And it’s more likely to be risky when:

  • You scrape behind logins, paywalls, or “members only” areas without permission
  • You ignore robots.txt, anti-bot measures, or rate limits and disrupt the service
  • You scrape emails, phone numbers, or other identifiers and then market to them
  • You republish large amounts of another business’s content or data in your own product
  • You scrape in a way that could look like unauthorised access or interference with systems

Because the line can be fine (and fact-specific), it’s worth treating web scraping like any other business compliance project - set up your “legal foundations” early, so you’re protected from day one.

The Key NZ Laws Businesses Need To Think About Before Scraping

If you’re deciding whether web scraping is legal for your business use case, these are the legal areas that most commonly matter in New Zealand.

Privacy Act 2020 (Personal Information)

If your scraping collects personal information (information about an identifiable individual), the Privacy Act 2020 is front and centre.

Examples of “personal information” that might be scraped include:

  • Names linked to contact details
  • Email addresses (even business emails if they identify an individual)
  • Phone numbers
  • Social media handles linked to a person
  • Reviews or comments that can be tied back to someone

For businesses, the key issue usually isn’t “can we technically access it?” - it’s whether you are collecting and using it fairly, lawfully, and with appropriate transparency and security.

In practice, you should have a clear internal view on:

  • Purpose: Why are you collecting this data, and is it reasonably necessary for your business?
  • Transparency: How will individuals be informed (directly or indirectly) that you’re collecting and using their info?
  • Storage and security: How will you protect it from unauthorised access, loss, or misuse?
  • Retention: How long do you keep it, and when do you delete it?
  • Disclosure: Are you sharing it with vendors, offshore tools, or partners?

If you collect personal information, you’ll usually also want a compliant Privacy Policy and internal handling processes that match what you’re actually doing (not just a generic template).

Copyright Act 1994 (Copying Content)

Scraping often involves copying. And copying can raise copyright issues.

Copyright in NZ can protect things like:

  • Articles, blog posts, and product descriptions
  • Photos, images, graphics, and videos
  • Software code
  • Some compilations and datasets (depending on how they’re created and expressed)

A common trap is assuming that “publicly available” means “free to reuse”. It doesn’t.

For example, if you scrape a competitor’s product descriptions and publish them on your own site, that’s a red flag. Even if you “rewrite” them, you can still create infringement risk (and it can also create brand and reputation problems).

If your business model relies on aggregating content (like listings, reviews, profiles, or catalogues), it’s worth getting advice early on what you can copy, what you should only link to, and what needs licensing or permission.

Contract Law And Website Terms (Terms Of Use)

Many websites have terms that say you can’t scrape, you can’t use bots, or you can’t reuse the content commercially.

From a business perspective, the big risk is that web scraping can become a contract problem if:

  • You (or your staff or contractors) agreed to the site’s terms (including by using an account)
  • The site terms are enforceable and you clearly breached them
  • Your breach causes loss, disruption, or triggers enforcement action

Even where enforceability gets technical, the practical point is simple: terms are where disputes start. If a platform sends you a cease-and-desist letter, they will almost always point to their terms first.

On your own side, you should also have well-drafted Terms of Use if you operate a platform, app, or website that lets users access data - especially if you want to set rules about automated access, acceptable behaviour, or data extraction.

Crimes Act 1961 (Unauthorised Access And Interference)

Even if you’re not “hacking”, some scraping behaviour can start looking like unauthorised access or interference - especially if you:

  • Bypass technical barriers
  • Use someone else’s credentials
  • Exploit vulnerabilities
  • Overwhelm a server with requests (intentional or not)

In New Zealand, the Crimes Act 1961 includes offences around unauthorised access to computer systems and damaging or interfering with computer systems or data. Exactly where scraping sits will depend on the facts, but the risk increases quickly if you’re circumventing controls, accessing restricted areas without permission, or causing disruption.

A good compliance approach is to keep scraping polite and controlled: rate limits, caching, clear identification, and documented permission where possible.

Fair Trading Act 1986 (How You Use Scraped Data)

If you use scraped data in marketing, pricing comparisons, rankings, or “best price” claims, you also need to think about the Fair Trading Act 1986.

This matters if you:

  • Publish competitor comparisons based on scraped prices
  • Advertise discounts using scraped “was/now” pricing
  • Promote “real-time” availability when your scraped data is delayed
  • Show reviews/ratings scraped from elsewhere in a way that implies endorsement

Scraped data can be incomplete, outdated, or context-dependent. If that leads to customers being misled, your legal risk may sit with you (not the website you scraped from).

Unsolicited Electronic Messages Act 2007 (Scraped Leads And Marketing)

If you scrape email addresses or other electronic contact details and then use them for marketing, you should also consider the Unsolicited Electronic Messages Act 2007 (NZ’s anti-spam law).

Broadly, if you send commercial electronic messages (like marketing emails or some types of direct messages), you’ll generally need consent (express or inferred), clear identification, and a functional unsubscribe option. Scraping a list doesn’t automatically mean you have consent to market to those contacts.

Common Web Scraping Scenarios For Small Businesses (And How To Do Them Safely)

It helps to think about web scraping in terms of real business scenarios. Here are a few common ones, and the compliance mindset we usually recommend.

Scenario 1: Competitor Price Monitoring

This is a common use case that can be relatively lower risk than republishing content - but it still needs boundaries.

Good practice includes:

  • Only scraping publicly accessible pages (not logged-in pricing tiers)
  • Respecting reasonable rate limits (avoid disrupting their service)
  • Not copying their branding, product images, or descriptions
  • Being cautious about publishing comparisons (accuracy matters under the Fair Trading Act)

If you plan to publish scraped comparisons on your own site, consider getting a Contract Review for any data supplier agreement and advice on your marketing claims - because liability can sit in unexpected places.

Scenario 2: Building A Directory Or Marketplace

Directories and marketplaces often rely on data aggregation. The compliance risks are higher because you may be republishing information (and sometimes personal information).

You’ll want to think through:

  • Whether the underlying listings/content are protected by copyright
  • Whether republishing could breach website terms
  • How you’ll respond to takedown requests
  • Whether you’re collecting personal information, and what your privacy stance is
  • How you’ll keep information accurate and current (or clearly disclose limits)

If you’re building a tech product that accesses third-party data, it may also be worth documenting the access rules in an API Agreement (or reviewing a third-party API/data licence before you integrate it).

Scenario 3: Scraping Leads For Marketing

This is where small businesses often get into trouble quickly.

If you scrape emails or contact details and then market to people, you may trigger:

  • Privacy issues (collection and use of personal information)
  • Spam compliance issues under the Unsolicited Electronic Messages Act 2007 (depending on the channel and consent basis)
  • Reputation risk (complaints, domain blacklisting, platform bans)
  • Terms breaches (many sites explicitly prohibit harvesting contact details)

If lead generation is the goal, consider alternatives that are usually safer (and often higher quality): opt-in lead magnets, referral partnerships, compliant advertising funnels, or data providers with clear licensing and consent.

Scenario 4: Scraping For AI Or Analytics Training Data

Using scraped content as training data can create a mix of privacy and IP issues, depending on what you collect and how the model outputs are used.

Questions to work through include:

  • Are you collecting personal information (even incidentally)?
  • Are you copying copyrighted works into your dataset?
  • Do you have a documented and defensible purpose for collection and retention?
  • Could your outputs reproduce protected content or reveal personal data?

Because the law in this area is evolving, it’s smart to build a conservative compliance approach from the start and get tailored advice for your specific dataset and use case.

A Practical Compliance Checklist Before You Start Scraping

If you want a quick “sanity check” before you scrape, here’s a practical framework many NZ small businesses use.

1) Confirm What You’re Accessing (And How)

  • Is the data truly public, or does it sit behind an account, paywall, or restricted area?
  • Are you using your own authorised credentials (not shared or scraped logins)?
  • Are you bypassing technical controls? If yes, stop and get advice first.

2) Check The Website’s Rules

  • Review the website terms for restrictions on bots, extraction, and reuse.
  • Check robots.txt and any published crawling policies (not always legally binding, but often a strong signal of expected behaviour).
  • If the data is critical to your business, consider getting written permission or a licence.
  • If there’s any chance the dataset contains personal information, treat it as a privacy project.
  • Document your purpose, retention period, and security controls.
  • Make sure your external statements match your actual practices (this is where a Data Privacy Lawyer can be especially helpful).

4) Be Careful With Reuse And Republishing

  • Scraping for internal analysis is generally lower risk than republishing content, but it can still create issues depending on the source and your access method.
  • Avoid copying large chunks of text, images, or structured content that looks like someone else’s database/product.
  • If you want to publish comparisons or “best of” lists, build in accuracy checks and clear disclaimers.

5) Put The Right Internal Policies In Place

Small businesses often forget this part - but it’s crucial if staff, contractors, or offshore teams are involved.

  • Define who is allowed to scrape and for what purpose.
  • Set “do not scrape” categories (e.g. personal info, behind logins, paywalled content).
  • Document basic security requirements (storage, access controls, deletion).

If you operate a platform yourself, a clear Acceptable Use Policy can help you set boundaries on automated access and protect your systems.

Key Takeaways

  • In New Zealand, there’s no single rule that makes web scraping always legal or always illegal - the legality depends on how you access the website, what you collect, and how you use it.
  • If your scraping collects personal information, you need to comply with the Privacy Act 2020, including fair collection, security safeguards, and sensible retention and disclosure practices.
  • Scraping and reusing content can raise Copyright Act risks, even if the content is publicly available online.
  • Website terms can create contractual risk, particularly if you scrape behind logins or in breach of clear anti-bot restrictions.
  • Scraping practices that involve bypassing controls, unauthorised access, or disruption can also raise issues under the Crimes Act 1961.
  • How you use scraped data matters - publishing comparisons or marketing claims using scraped information can create Fair Trading Act risk if the data is inaccurate or misleading.
  • If you scrape contact details and then send marketing messages, you may also need to comply with the Unsolicited Electronic Messages Act 2007.
  • A simple compliance checklist (access method, terms, privacy, IP, marketing claims, and internal policies) can reduce the risk of disputes and help you scale responsibly.

If you’d like help setting up a compliant approach to data collection, reviewing scraping-related terms, or making sure your privacy documentation matches your actual practices, you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.

Alex Solo
Alex Solo

Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.

Need legal help?

Get in touch with our team

Tell us what you need and we'll come back with a fixed-fee quote - no obligation, no surprises.

Keep reading

Related Articles

Cross-border Data Transfer Addendums: Privacy Issues for New Zealand Businesses

Cross-border Data Transfer Addendums: Privacy Issues for New Zealand Businesses

Using overseas software or service providers can expose New Zealand businesses to privacy risk if personal information is transferred offshore without the

9 May 2026
Read more
Privacy Notices and Consent Requirements for Managed IT Service Providers

Privacy Notices and Consent Requirements for Managed IT Service Providers

Managed IT service providers in New Zealand often handle large volumes of personal information, but many still rely on generic privacy wording or overuse

8 May 2026
Read more
Using Biometric Data in New Zealand: Consent and Privacy Issues for Businesses

Using Biometric Data in New Zealand: Consent and Privacy Issues for Businesses

Using fingerprints, facial recognition or voice verification in your business can raise real privacy risks in New Zealand. Learn when a biometric consent

7 May 2026
Read more
Import And Importation Laws In New Zealand: Compliance For Businesses

Import And Importation Laws In New Zealand: Compliance For Businesses

Importing goods into New Zealand can be a smart way to grow your product range, improve margins, or bring something genuinely new to the market. But once you move from “I found...

7 May 2026
Read more
Legal Compliance Checklist for New Zealand Video Production Businesses

Legal Compliance Checklist for New Zealand Video Production Businesses

Starting or growing a video production business in New Zealand means more than booking shoots and editing footage. This practical guide covers the legal

4 May 2026
Read more
Data Breach Response Plans for Audio Visual Hire Businesses in New Zealand

Data Breach Response Plans for Audio Visual Hire Businesses in New Zealand

Audio visual hire businesses often handle customer details, venue information, event schedules, and staff records across multiple devices and systems

4 May 2026
Read more
Need support?

Need help with your business legals?

Speak with Sprintlaw to get practical legal support and fixed-fee options tailored to your business.

Get StartedBook A Call