Google vs. SerpApi 2026: What This Landmark Case Means for Web Scraping

TL;DR

Google is suing SerpApi in a case that could reshape scraping law for years to come, with a key hearing scheduled for May 19, 2026. The case centers on DMCA anti-circumvention rather than the CFAA, which makes it fundamentally different from past scraping cases. If you scrape publicly visible data using a browser-based tool like ScrapeMaster, the legal exposure is significantly lower than running server-side scraping infrastructure that bypasses technical access controls.

What is the Google vs. SerpApi case about?

Google filed suit against SerpApi, a company that sells structured access to Google search results through an API. The lawsuit alleges that SerpApi is violating the Digital Millennium Copyright Act by circumventing Google's technical protection measures — specifically, the anti-bot systems, CAPTCHAs, and rate-limiting mechanisms that Google uses to control automated access to its search engine.

This is not a simple terms-of-service dispute. Google is arguing that SerpApi deliberately engineered systems to defeat Google's access controls at scale, extracting millions of search results daily and reselling that data commercially. The case has been moving through the courts, and a critical hearing is scheduled for May 19, 2026, which could produce a ruling with far-reaching implications for the entire web scraping industry.

The core legal claims

Google's complaint rests on several pillars:

• DMCA Section 1201 (anti-circumvention) — Google argues that SerpApi circumvents technological measures that effectively control access to Google's copyrighted search results pages. This is the same statute used against DVD-ripping software and game console modchips.
• Copyright infringement — Google claims its search results pages are copyrighted works, and SerpApi's mass copying constitutes infringement.
• Breach of Terms of Service — SerpApi's automated access violates Google's ToS, which prohibit scraping without permission.
• Tortious interference — Google alleges SerpApi interferes with Google's relationships with advertisers by stripping ads from results.

The DMCA angle is what makes this case particularly significant. Previous major scraping cases focused on the Computer Fraud and Abuse Act or contract law. The DMCA claim introduces a new legal theory that, if successful, would give website operators a powerful new tool against scrapers.

How this differs from hiQ v LinkedIn

The hiQ v LinkedIn case, decided by the Ninth Circuit and ultimately settled, established an important principle: scraping publicly accessible data does not violate the CFAA. That case involved hiQ Labs scraping public LinkedIn profiles to build workforce analytics products. LinkedIn tried to block hiQ with cease-and-desist letters and technical measures, and hiQ sued for injunctive relief.

The key differences between that case and Google vs. SerpApi:

• Public vs. protected data — hiQ scraped data that was publicly visible to any visitor without logging in. SerpApi accesses Google search results, which are publicly visible but protected by anti-bot systems.
• CFAA vs. DMCA — hiQ was about whether scraping public data constitutes "unauthorized access" under the CFAA. Google vs. SerpApi is about whether bypassing anti-bot protections constitutes "circumvention" under the DMCA.
• Scale of commercial exploitation — SerpApi operates a large-scale commercial API that directly competes with Google's own official API offerings. hiQ was a smaller analytics company using public data for a different purpose.
• Technical circumvention — SerpApi allegedly uses rotating proxies, browser fingerprint spoofing, and CAPTCHA-solving services to evade Google's defenses. hiQ's scraping was more straightforward.

The hiQ precedent is often cited as establishing that scraping public data is legal. While that framing is broadly correct for CFAA purposes, it does not address DMCA anti-circumvention claims. Google vs. SerpApi could establish a parallel legal framework that restricts scraping even when data is publicly viewable, if technical measures must be bypassed to access it at scale.

DMCA vs. CFAA: Why the legal theory matters

Understanding the distinction between these two statutes is essential for anyone involved in web scraping.

The Computer Fraud and Abuse Act (CFAA)

The CFAA prohibits accessing a computer "without authorization" or "exceeding authorized access." In the scraping context, the question is whether visiting a public website and copying data constitutes unauthorized access. After hiQ v LinkedIn and the Supreme Court's 2021 decision in Van Buren v. United States, the consensus is that accessing publicly available data on a website open to all visitors does not violate the CFAA, even if it violates the site's terms of service.

The Digital Millennium Copyright Act (DMCA)

The DMCA's anti-circumvention provision (Section 1201) is a different animal. It prohibits circumventing "a technological measure that effectively controls access to a work protected under this title." The key questions in Google vs. SerpApi are:

• Are Google's search results copyrighted? Google will argue its results pages are creative compilations.
• Are CAPTCHAs and rate limiters "technological measures"? If the court agrees, then bypassing them is circumvention regardless of whether the underlying data is publicly viewable.
• Does the anti-circumvention provision apply to scraping? This would be a novel application of DMCA 1201, which has historically been used against DRM-breaking tools.

If Google prevails on the DMCA theory, it would mean that any website could potentially shield its publicly visible data from scraping simply by implementing basic anti-bot measures and then claiming DMCA protection. That would be a significant shift from the current legal landscape.

What this means for different types of scraping

Not all scraping is created equal, and the Google vs. SerpApi case highlights the legal distinctions between different approaches.

Server-side API scraping (highest risk)

This is what SerpApi does — running scraping infrastructure on servers that send automated requests to websites, often using proxies, headless browsers, and CAPTCHA-solving services to evade detection. This approach:

• Sends requests that do not originate from a real user's browser
• Often uses IP rotation to circumvent rate limiting
• May employ CAPTCHA-solving services to bypass access controls
• Operates at scales far beyond individual browsing
• Frequently resells the extracted data commercially

This type of scraping is most directly targeted by Google's lawsuit and faces the highest legal risk under both DMCA and traditional legal theories.

Cloud-based scraping platforms (moderate risk)

Services like Bright Data, Oxylabs, and similar platforms provide scraping infrastructure as a service. They face similar legal exposure to SerpApi, and several have already been involved in their own litigation. These platforms typically:

• Route requests through residential proxy networks
• Provide pre-built scraping templates for popular websites
• Operate at commercial scale
• May or may not implement circumvention techniques

Browser-based extension scraping (lowest risk)

This is where tools like ScrapeMaster operate. Browser-based scraping is fundamentally different from server-side scraping in several legally relevant ways:

• Runs in the user's actual browser — The scraping happens within a real Chrome session, using the user's genuine browser fingerprint and IP address. There is no circumvention of bot-detection systems because the requests come from a real browser operated by a real person.
• Accesses data the user can already see — The extension reads data from pages the user has already loaded and is viewing. It is functionally equivalent to the user manually copying data from the page.
• No CAPTCHA bypassing — Because the user navigates to the page normally, any CAPTCHAs are handled by the user as part of normal browsing. The extension never circumvents access controls.
• Individual scale — A person using a browser extension scrapes data at human-adjacent scale, not the millions of requests per day that triggered Google's lawsuit.
• No proxy or fingerprint spoofing — The extension uses the browser's native networking stack. There is no IP rotation, no fingerprint manipulation, no evasion of technical measures.

These distinctions matter because the DMCA anti-circumvention claim requires proving that a "technological measure" was "circumvented." When you use a browser extension that simply reads data from a page you are already viewing, there is no circumvention occurring.

Practical implications for web scrapers

If you use browser-based tools

The Google vs. SerpApi case is unlikely to directly affect individuals using browser extensions for personal data collection. The key factors that keep browser-based scraping in a lower-risk category:

• No circumvention — You load pages normally in your browser. No anti-bot measures are being bypassed.
• Personal use — Collecting data for your own research, price comparison, job searching, or analysis is qualitatively different from operating a commercial data resale business.
• Proportional scale — Scraping hundreds or even thousands of records for personal use is different from extracting millions of records daily.

With ScrapeMaster, you click the extension icon, let the AI detect the data structure in a few seconds, review and edit the results in a side panel, handle pagination through natural browsing, and export to CSV, XLSX, or JSON. The entire process happens within your browser session, using your normal browsing context. No servers, no proxies, no circumvention.

If you run server-side scraping

The case should serve as a warning. If you operate scraping infrastructure that bypasses anti-bot measures, you may face DMCA liability in addition to potential CFAA and contract claims. Consider:

• Reviewing your circumvention practices — Do you use CAPTCHA solvers, proxy rotation, or fingerprint spoofing? These could be characterized as circumvention under DMCA 1201.
• Evaluating your commercial model — Reselling scraped data at scale is what attracted Google's attention. Internal use carries different risk.
• Consulting legal counsel — If your business depends on scraping, get a lawyer's assessment of your specific practices in light of this case.

What the May 19 hearing could decide

The upcoming hearing may address several motions that could shape the case's trajectory:

• Motion to dismiss — SerpApi may argue that the DMCA does not apply to web scraping at all, which would be a significant precedent if the court agrees.
• Preliminary injunction — Google may seek to stop SerpApi's operations while the case proceeds.
• Scope of discovery — What technical details about SerpApi's scraping methods will be disclosed.

A ruling on the DMCA applicability alone would be industry-shaping, regardless of the final outcome.

How to scrape responsibly in 2026

Whether or not the Google vs. SerpApi case changes the legal landscape, responsible scraping practices reduce risk and demonstrate good faith:

• Respect robots.txt — While not legally binding in most jurisdictions, following robots.txt directives shows you respect the site operator's wishes.
• Avoid circumventing access controls — If a site uses CAPTCHAs, rate limiting, or login requirements, do not use tools that bypass these measures.
• Scrape at reasonable rates — Do not hammer servers with rapid-fire requests. Browser-based scraping naturally throttles requests to human browsing speed.
• Use data responsibly — Personal research, competitive analysis, and academic work are more defensible use cases than commercial data resale.
• Do not scrape personal data without justification — Privacy regulations like GDPR and CCPA apply regardless of how you collect the data.
• Keep records — Document what you scraped, when, and why. If questions arise later, records of responsible behavior help.

A browser-based approach handles several of these automatically. When you use ScrapeMaster to extract data, you browse at normal speed, see exactly what data you are collecting, and export it locally. There is no server infrastructure to audit, no proxy logs to worry about, and no automated circumvention to defend.

What other scraping-related lawsuits are happening in 2026

Google vs. SerpApi is not the only scraping case to watch:

• Reddit vs. multiple defendants — Reddit has filed lawsuits against SerpApi, Oxylabs, AWMProxy, and Perplexity AI for unauthorized scraping of Reddit content. These cases raise similar questions about public data access and commercial exploitation.
• Meta and X vs. Bright Data — The ruling that scraping publicly accessible data does not violate contract law or the CFAA remains an important precedent, but DMCA claims were not part of that case.
• AI training data disputes — Multiple lawsuits involving AI companies scraping copyrighted content for model training overlap with general scraping law and may produce relevant precedents.

The scraping legal landscape is more active in 2026 than at any point in the past decade. Multiple cases are moving through the courts simultaneously, and the outcomes could either solidify or restrict the right to scrape public data.

Frequently asked questions

Is web scraping legal in 2026?

Web scraping of publicly accessible data remains generally legal under the CFAA after hiQ v LinkedIn. However, the Google vs. SerpApi case could establish new restrictions under the DMCA for scraping that involves circumventing technical access controls. The legality depends heavily on what you scrape, how you scrape it, and what you do with the data.

Does the Google vs. SerpApi case affect Chrome extension scrapers?

Not directly. The case targets server-side scraping operations that bypass anti-bot measures at commercial scale. Browser-based extensions like ScrapeMaster operate within your normal browser session and do not circumvent any technological measures, which means the DMCA anti-circumvention theory does not apply.

What is DMCA anti-circumvention?

Section 1201 of the DMCA prohibits circumventing technological measures that control access to copyrighted works. In the scraping context, Google is arguing that its CAPTCHAs and anti-bot systems are such measures, and that SerpApi's tools circumvent them. This is a novel legal theory that has not been widely applied to web scraping before.

How is browser-based scraping different from server-side scraping legally?

Browser-based scraping happens in your actual browser using your genuine IP and browser session. You load pages the same way any visitor would. Server-side scraping uses automated scripts on remote servers, often with proxy rotation and CAPTCHA-solving. The legal distinction matters because DMCA anti-circumvention requires proving that a technological measure was bypassed, which does not happen with normal browser usage.

Should I stop scraping Google search results?

If you are scraping Google results at scale using automated server-side tools, you should review your legal exposure. If you are using a browser extension to check a handful of search results for personal research, the risk is minimal. The scale, method, and commercial intent all factor into the legal analysis.

What happens if Google wins?

If Google prevails on the DMCA theory, it could establish precedent that website anti-bot measures qualify as technological protection measures under the DMCA. This would give any website operator a powerful legal tool against scraping services that bypass their protections. However, it would not make all scraping illegal — it would specifically target circumvention of access controls.

Bottom line

The Google vs. SerpApi case is the most significant web scraping lawsuit in years, and the May 19 hearing could produce a ruling that reshapes the industry. The DMCA anti-circumvention angle is new and untested in the scraping context, which makes the outcome genuinely unpredictable.

For individuals and small teams collecting data for research, competitive analysis, or personal use, browser-based scraping tools remain the lowest-risk approach. ScrapeMaster runs entirely within your Chrome browser — no servers, no proxies, no circumvention of any kind. The AI detects data structures in seconds, handles pagination, and exports to CSV, XLSX, or JSON. It is free, requires no account, and operates within the bounds of normal browser usage. If you need your scraped data in a polished format for a report or presentation, you can pair it with a Convert extension to turn your exports into PDFs.

Whatever the court decides, the distinction between reading data in your own browser and operating commercial scraping infrastructure at scale is one that the law has consistently recognized. Scrape smart, scrape responsibly, and stay informed as this case develops.