Because the crawling behavior of network data has the characteristics of efficient retrieval, batch copying and low cost, it has become a way for many enterprises to obtain data resources. For this reason, once the captured data designs the rights and interests of others, enterprises will face many legal risks. This paper will discuss the compliance points of data capture behavior from the relevant overview of data capture behavior, relevant legislative provisions of data capture, and combined with typical cases of recent data capture behavior.

I. Overview of data grabbing behavior

Data crawling behavior refers to the behavior of programs or scripts that automatically crawl the information on the World Wide Web according to the set rules such as keywords and sampling objects. And copy the results on a large scale.

In the process of crawling data with crawler, it is a matter of life and death for enterprises to grasp the legal boundary. In recent years, the wide application of big data and artificial intelligence, as well as the rigid demand for various data, make the data industry linger on the "gray edge". Facing the "strong supervision" situation of network data security, it is urgent to do a good job in data compliance and data risk control. At present, there are no relevant laws and regulations in China that specifically regulate data capture, but mainly adopt the Copyright Law of People's Republic of China (PRC) (hereinafter referred to as the Copyright Law), the Anti-Unfair Competition Law of People's Republic of China (PRC) (hereinafter referred to as the Anti-Unfair Competition Law) and the Anti-Unfair Competition Law of People's Republic of China (PRC) according to the different qualities of data capture.

Second, sort out the legal responsibilities related to data capture.

(a) bear criminal responsibility

1, crime of illegally invading computer information system

Article 285 1 of the Criminal Law stipulates "the crime of illegally invading the computer information system". Whoever, in violation of state regulations, invades computer information systems in state affairs, national defense construction and cutting-edge science and technology fields shall be sentenced to fixed-term imprisonment of not more than three years or criminal detention.

Typical case: Li et al. illegally invaded the computer information system (20 18), No.3424, 169.

In this case, the defendant Li used the "crawler" software to capture a large number of license plate number information published by the vehicle management office of the traffic police detachment of Liangshan Public Security Bureau, and then used the software to break through the system security protection measures by means of multi-thread submission, batch brushing, automatic identification of verification code, etc., and submitted the captured license plate number to the "Traffic Safety Service Management Platform" vehicle scrapping inquiry system for comparison, and automatically recorded the unregistered license plate number according to the feedback, and established a national unregistered license plate number database. After writing the client query software, Li sells the database access rights of different provinces and cities at the price of 300-3000 yuan per month through QQ, Taobao and WeChat.

The court held that the defendant Li Wenmou invaded the computer information system in the field of state affairs for personal gain and violated state regulations. The defendant's behavior constituted the crime of illegally invading the computer information system.

2. Crime of illegally obtaining computer information system data

Paragraph 2 of Article 285 of the Criminal Law stipulates: Whoever, in violation of state regulations, intrudes into a computer information system other than that specified in the preceding paragraph, or obtains data stored, processed and transmitted in a computer information system by other technical means, or illegally controls a computer information system, if the circumstances are serious, shall be sentenced to fixed-term imprisonment of not more than three years or criminal detention and shall also or shall only be fined; If the circumstances are especially serious, he shall be sentenced to fixed-term imprisonment of not less than three years but not more than seven years and shall also be fined. At the same time, article 1 of the Interpretation of the Supreme People's Court and the Supreme People's Procuratorate on Several Issues Concerning the Application of Laws in Handling Criminal Cases Endangering the Security of Computer Information Systems specifically stipulates that "the circumstances are serious": "Whoever illegally obtains data of computer information systems or illegally controls computer information systems shall be deemed as" the circumstances are serious "as stipulated in the second paragraph of Article 285 of the Criminal Law: (1) Obtaining payment and settlement, securities trading, etc. (two) to obtain more than 500 groups of identity authentication information other than item (a); (3) illegally controlling more than 20 computer information systems; (four) the illegal income of more than five thousand yuan or caused economic losses of more than ten thousand yuan; (5) Other circumstances are serious. "

Typical case: Li and Wang illegally obtained the data of computer information system and illegally controlled the computer system (202 1) No.0104 148.

In this case, the company, without the authorization of Taobao (China) Software Co., Ltd., was instructed by Li, and the company's principals, defendants Wang and Gao cooperated with each other to break through and bypass the "anti-crawler" protection mechanism of Taobao by means of IP proxy and "X-sign" signature algorithm, and then illegally grabbed the broadcast addresses and sales of various anchors stored by Taobao during the live broadcast of Taobao through the data capture program. By the time of the incident, Cai Yi Company had integrated the illegally obtained data and sold it for profit. The illegal income is RMB 220,000. The court held that the defendants Li, Wang and Gao constituted the crime of illegally obtaining computer information system data, and were sentenced to fixed-term imprisonment ranging from two years and six months to one year and three months respectively, and fined.

The court held that the defendant Li Wenmou invaded the computer information system in the field of state affairs for personal gain and violated state regulations. The defendant's behavior constituted the crime of illegally invading the computer information system.

3. Provide programs and tools for invading and illegally controlling computer information systems.

The third paragraph of Article 285 of the Criminal Law stipulates that the crime is: providing programs or tools specially used to invade or illegally control computer information systems, or providing them to others knowing that they are used to invade or illegally control computer information systems. If the circumstances are serious, the punishment shall be in accordance with the provisions of the preceding paragraph. The Interpretation of the Supreme People's Court and the Supreme People's Procuratorate on Several Issues Concerning the Application of Laws in Handling Criminal Cases Endangering the Security of Computer Information Systems also lists such programs and tools as "having the function of evading or breaking through the security protection measures of computer information systems, and obtaining data of computer information systems without authorization or beyond authorization".

Typical case: Chen Hui commits the crime of invading and illegally controlling computer information system programs and tools (202 1), Guangdong 0 1 15, sentence No.5.

In this case, the defendant Chen Hui, in order to gain illegal benefits, wrote the crawler software in this area on the barley net platform of Zhejiang Taobao Network Co., Ltd. to grab tickets, and sold the software to others at the price ranging from 1888 yuan to 6,888 yuan, making illegal profits120,000 yuan. On July 65438, 2009, the defendant Chen Hui was arrested by the public security organs. After identification, the above crawler software has the function of constructing and sending network requests in an unconventional way, simulating users to manually place orders and buy goods on the barley net platform; It has the function of simulating user identification and inputting graphic verification code by unconventional means, and can access barley net platform resources in an unconventional way, bypassing the man-machine identification verification mechanism of Barley. Com platform.

We believe that the defendant Chen Hui provided programs and tools specially used to invade and illegally control computer information systems, and the circumstances were particularly serious and should be punished according to law.

4. Crime of infringing citizens' personal information

Article 253 of the Criminal Law stipulates this crime. Whoever, in violation of the relevant provisions of the state, sells or provides personal information of citizens to others, if the circumstances are serious, shall be sentenced to fixed-term imprisonment of not more than three years or criminal detention and shall also or only be fined; If the circumstances are especially serious, he shall be sentenced to fixed-term imprisonment of not less than three years but not more than seven years and shall also be fined. Whoever, in violation of the relevant provisions of the state, sells or provides others with personal information of citizens obtained in the course of performing their duties or providing services shall be given a heavier punishment in accordance with the provisions of the preceding paragraph. Whoever steals or illegally obtains citizens' personal information by other means shall be punished in accordance with the provisions of the first paragraph.

Typical case: Hangzhou Magic Scorpion Data Technology Co., Ltd., Zhou Jiangxiang and Yuan Dong's crime of infringing citizens' personal information (2020) Zhejiang 0 106 Criminal Chu No.437.

In this case, the defendant Zhou Jiangxiang is the legal representative and general manager of the company, responsible for the overall operation of the company, and the defendant Yuan Dong is the technical director and technical director of the company, responsible for relevant program design. Scorpion Company mainly cooperates with various online lending companies and small banks to provide online lending companies and banks with personal information and multi-dimensional credit data of users who need loans. The way is that Scorpion Company embeds the front-end plug-in it in the above online lending platform A**. When online lending platform users borrow money from online lending platform APP, the borrower needs to use the front-end plug-in provided by Magic Scorpion Company. Enter the account numbers and passwords of its communication operators, social security, provident fund, Taobao, JD.COM and Xue Xin. Com, credit center and other websites. After being authorized by the loan user, the crawler program of Scorpion Company logs on to the above-mentioned website instead of the loan user, enters his personal account, and uses various crawler technologies to capture (copy) the phone records, social security, provident fund and other data in the loan user's personal account on the website of the above-mentioned enterprises and institutions.

The court held that the defendant Hangzhou Magic Scorpion Data Technology Co., Ltd. illegally obtained citizens' personal information by other means, and the circumstances were particularly serious, and its behavior constituted a crime of infringing citizens' personal information. Defendants Zhou Jiangxiang and Yuan Dong are the directly responsible person in charge and other directly responsible personnel of the defendant company for infringing citizens' personal information, and their actions have constituted the crime of infringing citizens' personal information.

5. Crime of copyright infringement

According to Article 2 17 of the Criminal Law, anyone who commits one of the following acts of infringing copyright or copyright-related rights for the purpose of making profits, and the amount of illegal income is relatively large or there are other serious circumstances, shall be sentenced to fixed-term imprisonment of not more than three years and shall also or only be fined; If the amount of illegal income is huge or there are other particularly serious circumstances, he shall be sentenced to fixed-term imprisonment of not less than three years but not more than 10 years, and shall also be fined: (1) Copying and distributing his written works, music, art, audio-visual works, computer software and other works prescribed by laws and administrative regulations to the public through the information network without the permission of the copyright owner; (2) Publishing books with exclusive publishing rights enjoyed by others; (3) Reproduction, distribution and dissemination of audio and video products made by the producer to the public through the information network without the permission of the producer; (4) Reproduction and distribution of audio and video products of their performances without the permission of performers, or dissemination of their performances to the public through information networks; (five) the production and sale of counterfeit works of art; (6) Technical measures taken to intentionally avoid or destroy the copyright to protect the copyright or copyright-related rights of his works, audio-visual products, etc. Without the permission of the copyright owner or the copyright-related obligee.

Typical case: Tan Moumou and others' crime of copyright infringement (2020) Jing 0 108 No.237 at the beginning of punishment.

In this case, since 20 18, under the management or operation of the defendant Tan Moumou and others 12, the defendant company has used web crawler technology to grab genuine e-books and promote the operation of1without the permission of rights companies such as Technology Co., Ltd. and Beijing Fantasy Network Technology Co., Ltd. According to the information materials, account transaction details, appraisal conclusions, advertising promotion agreements and other evidence obtained by the public security organs according to law, after investigation, inspection and appraisal, the court found that the works involved infringed 4,603 written works that Palm Reading Technology Co., Ltd. and Beijing Fantasy Network Technology Co., Ltd. enjoyed the exclusive information network communication rights, and infringed 469 written works that Chinese Online Digital Publishing Group Co., Ltd. enjoyed the exclusive information network communication rights.

The court held that the company and the directly responsible person in charge, Qin Moumou and other defendants 12, copied and distributed works that others enjoyed copyright for profit without the permission of the copyright owner. If the circumstances are particularly serious, his behavior has constituted a crime of copyright infringement and should be punished.

(2) constitute unfair competition

Article 12 of China's Anti-Unfair Competition Law stipulates: "Operators who engage in production and business activities through the Internet shall abide by the provisions of this law. Operators shall not use technical means to interfere with or destroy the normal operation of network products or services legally provided by other operators by influencing users' choices or by other means: (1) Insert links into their legally provided network products or services without the consent of other operators, and force them to jump to the target; (2) misleading, deceiving or forcing users to modify, shut down or uninstall network products or services legally provided by other operators; (3) Malicious incompatibility with network products or services legally provided by other operators; (four) other acts that hinder or destroy the normal operation of network products or services provided by other operators according to law.

Typical case: dispute over unfair competition between Shenzhen Tencent Computer System Co., Ltd. and Tencent Technology (Shenzhen) Co., Ltd. and a new media company.

In this case, the two plaintiffs are the operators and managers of WeChat public platform, and the defendant, New Media Company, is the operator of a website, which uses crawler technology to capture articles and other information content data on WeChat public platform, and provides official WeChat account information search, navigation, ranking and other data services through the website. According to the original report, the defendant used the alleged infringing products, broke through the technical measures of data capture on the WeChat public platform, and commercialized it, which hindered the normal operation of the platform and constituted unfair competition. The defendant argued that the act of grabbing and providing the official WeChat account data service did not constitute unfair competition. The article it grabbed was not Tencent's data, but the user data of the official WeChat account, and its website was less profitable.

The court held that the defendant violated the principle of good faith and used the data with commercial value collected by the plaintiff with the user's consent, which was enough to substantially replace some products or services provided by other operators and undermined the market order of fair competition. It was an act of obstructing and undermining the normal operation of online products or services legally provided by other operators as stipulated in Item 4, Paragraph 2, Article 12 of the Anti-Unfair Competition Law, which constituted unfair competition.

(3) Administrative responsibility

At present, the administrative responsibility of reptile behavior in China is mainly stipulated in the Network Security Law, which is suspected of violating the provisions of Article 27: "No individual or organization may engage in activities that endanger network security, such as illegally invading other people's networks, interfering with the normal functions of other people's networks, and stealing network data; Do not provide programs and tools specially used to engage in activities that endanger network security, such as invading the network, interfering with the normal functions and protective measures of the network, and stealing network data; Knowing that others are engaged in activities that endanger network security, they may not provide technical support, advertising promotion, payment and settlement services. " , need to bear certain administrative responsibilities. Article 63 of the law also provides specific administrative punishment measures for violation of Article 27, including "confiscation of illegal income", "detention" and "fine". At the same time, post restrictions have also been imposed on relevant personnel who have been punished in violation of the provisions of Article 27.

In addition, article 16 of the Measures for the Administration of Data Security (Draft for Comment) restricts the application of crawler: "Network operators should access and collect website data in an automatic way and shall not hinder the normal operation of the website; This behavior has seriously affected the operation of the website. If the automatic access collection traffic exceeds one-third of the daily average traffic of the website, the website should stop when it requests to stop automatic access collection. " At the same time, Article 37 also stipulates the corresponding administrative responsibilities: if the network operator violates the relevant regulations, the relevant departments shall give public exposure, confiscate the illegal income, suspend the relevant business, suspend business for rectification, close the website, revoke the relevant business license or revoke the business license.

Third, the compliance criteria of data capture behavior

(A) strictly regulate data capture behavior

1. If the target website has an anti-crawling protocol, the Robots protocol set in the website should be strictly observed. The full name of Robots protocol (also known as reptile protocol, robot protocol, etc.). ) is the "Web crawler exclusion standard", and the website tells the search engine which pages can be crawled and which pages cannot be crawled through the Robots protocol. The agreement respects the wishes of information providers and maintains their privacy rights; Protect the personal information and privacy of its users from infringement. Robot protocol represents a kind of contract spirit. Only by observing this rule can Internet companies ensure that the privacy data of websites and users are not infringed. It can be said that whether from the perspective of protecting the privacy of netizens or respecting copyright content, observing the robots agreement should be a silent move of regular Internet companies, and any violation of the robots agreement should pay a price for it.

2. Reasonably limit the content of grabbing. When setting the crawling strategy, we should pay attention to the fact that coding prohibits crawling clear copyright works such as videos and music, or crawling user-generated content in batches for some specific websites; When using and disseminating the captured information, we should check the captured content. If personal information, privacy or other people's business secrets are found, they should be stopped and deleted in time. For internal system data, intrusion is strictly prohibited.

3. Crawling behavior should not hinder the normal operation of the website. Enterprises should reasonably control the frequency of crawling, and try to avoid crawling data too frequently, especially exceeding the requirement that the automatic access and collection traffic specified in the Measures for the Administration of Data Security (Draft for Comment) exceeds one-third of the daily average traffic of websites, and should strictly abide by the requirements of websites and stop data crawling in time.

(2) Observe the principles of legality, justice and necessity when capturing personal information.

In China, the principles of legality, justice and necessity are scattered in laws and norms such as Consumer Protection Law, Network Security Law, the National People's Congress Standing Committee (NPCSC)'s decision on strengthening network information protection and Personal Information Security Law. Network operators who intend to capture users' personal information should strictly abide by the provisions of the above laws and regulations, take the prior consent of individual users as the principle, and avoid capturing information beyond the authorized scope of users. Similarly, the data receiver should also review the legality of the crawler's access to other people's information to understand whether the subject of personal information agrees to enjoy personal information data.

(3) When grabbing commercial data, beware of unfair competition.

In the field of digital content, data is the core competitive resource of the content industry, and the data processed by the content platform often has extremely high economic value, so illegal grabbing behavior will be considered as unfair competition in some specific application scenarios. In particular, if the business models of both parties are the same or similar, obtaining the other party's information will cause direct damage to the other party, and enterprises should focus on prevention. If this is the case, we should use crawling carefully to obtain the data of the crawled website.

Four. conclusion

With the advent of the era of big data and the vigorous development of digital technology, the value of data has become increasingly prominent. Some enterprises use data capture technology to obtain and use relevant data more efficiently, so as to make up for the current situation of insufficient data and support the business development of enterprises. For these enterprises, "how is it legal for web crawler to grab information data?" "How to achieve compliance when crawling data?" This is a big problem to be solved urgently. As a legal worker, we should provide strong compliance guidance for enterprises from the professional perspective of law, and make due contributions to promoting the development of high-tech enterprises and further enhancing the national scientific and technological innovation capability.