The Computer Fraud and Abuse Act (CFAA) imposes criminal penalties and establishes a civil cause of action against anyone who “exceeds authorized access” to a computer. 18 U.S.C. § 1030(a)(2). Earlier this year, the Supreme Court held that the CFAA does not apply when individuals who are authorized to access a website then violate the website’s “terms of service” by obtaining information from the site’s database for an improper purpose. Van Buren v. United States, 141 S. Ct. 1648, 1661 (2021). Did the Supreme Court’s interpretation of the CFAA leave the victims of one species of this activity—known as data scraping—helpless? A recent decision, by a lower court, says that the answer to this question may be no, and that they may have another path to relief: good old-fashioned breach of contract claims.
