Ryanair wins screen scraping case against Booking.com in US court ruling

> A jury in the District Court of Delaware unanimously found that Booking.com violated the Computer Fraud and Abuse act and that it had induced a third party to access parts of Ryanair's website without authorisation "with an intent to defraud," the verdict said

I imagine this is limited to a scenario where you: 1. Act as a middle-man for the transaction (as this lawsuit was about resale), 2. Interfere with pricing or other service aspects, 3. Add your own profit. I don't think this sets any precedent against scraping on its own.

(The highly variable and discriminatory pricing of travel would also best be addressed in regulation, rather than relying entirely on third-party resellers to rescue you.)

This will very likely be overturned as it flies in the face of the 9th circuit court decision on HiQ vs LinkedIn. This is in a different circuit, so it'll need to be elevated, but CFAA is absolutely the incorrect tool to be utilized here.

[1] https://calawyers.org/privacy-law/ninth-circuit-holds-data-s...

Jury Verdict: https://www.courtlistener.com/docket/18414221/457/ryanair-da...

> Part E: Computer Fraud an Abuse Act Loss

> Did Ryanair prove by a preponderance of evidence that it suffered actual economic harm caused by Booking.com violating the Computer Fraud and Abuse Act and, if yes, state the amount.

> X Yes _ No

> $ 5000

> Part E Nominal Damages

> $ 0

> Part F: Punitive Damages

> $0

I know Rynair won the lawsuit but uh, having to pay only 5k sounds like a win for Booking.com

I was at a startup event last year where someone that had been very senior and instrumental in Ryanair starting was talking to a small audience (<40 people). He told the story of how they didn't notice booking.com was "stealing" so much of their profit. To rephrase his words: "We gave those guys free advertising on our site and without us realising they were quickly making more profit per head than we were. Before we noticed and could do anything they had gotten too big to effectively cut off." So it's funny to see this posted and that the frenemy fight continues to this day.

The reason that Ryanair is against OTAs reselling flights is not the fees, it’s that they’re often resold as a package holiday.

Package holidays are flights bundled with hotels etc and are usually sold at much higher margin.

Ryanair has its own package holiday business and prefers that they make the margin, not someone else.

There are many more package holiday companies than airlines, they want to use this ruling and the fact that they also own an airline to restrict competition and make more money.

It appears the latest opinion may not yet be published for this case 20-cv-01191-LPS, Ryanair DAC v. Booking Holdings Inc. et al, United States District Court of Delaware.

This is the first opinion on the case from 2021 which denied Booking Holdings Inc request to dismiss:

[1] https://www.ded.uscourts.gov/sites/ded/files/opinions/20-cv-...

Ryanair (Irish company) makes one claim against Delaware corporation Booking Holdings Inc (including subsidiaries Kayak Software Corporation and Priceline LLC as Delaware corporations and Agoda as a Singaporean company) citing 18 USC 1030(a)(2)(C), (a)(4) and (a)(5)(A)-(C)[2]. Amongst reasons to seek dismissal of the case, Booking Holdings Inc name drops Etraveli, Mystifly and Travelfusion as the three companies which were used by Booking Holdings Inc to scrape airline websites including Ryanair's website.

It's hard from just this opinion to figure out what exactly Booking Holdings Inc, Etraveli, Mystifly and/or Travelfusion may have been found to do wrong. It sounds most likely that Ryanair may have successfully argued their public website is a "protected computer" because there is a "By clicking search you agree to the Website Terms of Use" button on their main website search form, and the ToS is the form of "protection". Looking behind the scenes, it's a fairly simple "anonymous token" API request without any secrets being required to ask the API to respond.

Deleting the HTML elements from the DOM that provide the "By clicking search you agree.." and the associated checkbox doesn't prevent the form from being submitted and results returned successfully.

[2] https://www.law.cornell.edu/uscode/text/18/1030

Pretty light article, does anyone have any more context? Does this set a strong precedent for all these types of sites? Booking.com wouldn't be the only site reselling airline tickets, in fact I wasn't even aware they did flights.

Does Booking.com do something particularly bad compared to something like SkyScanner or Google flights?

> "We expect that this ruling will end the internet piracy and overcharging perpetrated on both airlines and other travel companies and consumers by the unlawful activity of OTA (online travel agent) Pirates," Ryanair chief executive Michael O'Leary said.

Why is it almost always cheaper to buy through some weird 3rd party than with the airline directly? Sometimes it's a few bucks and I book with the airline directly, but sometimes it's over $50 cheaper to book through some 3rd party I've never heard of.

pretty bad precedent, id argue that anything thats publicly accesible is free to be scraped. So unless they did something illegal via bypassing security, then this sets a really bad tone for internet archival, web scraping and data collection in the future.

If it was up to me, I would have required all airlines publish their fares in machine readable format.

Though I am not a legal expert, it is fascinating, that both European companies had this dispute in front of US courts. One hypothesis would be, that Ryan Air lawyers saw higher chances there than in EU courts.

Did I miss something about what the term "internet piracy" means? From TFA:

> "We expect that this ruling will end the internet piracy and overcharging perpetrated on both airlines and other travel companies and consumers by the unlawful activity of OTA (online travel agent) Pirates," Ryanair chief executive Michael O'Leary said.

I thought piracy was distributing unauthorized copies of things like music and videos. Wouldn't booking.com's actions be closer to unauthorized ticket brokering?

I guess if you want to demonize someone for doing something you don't like it sounds worse to be labeled a "pirate" than an "unauthorized broker."

Simultaneously being hostile towards users with upselling dark patterns and towards web scappers where everyone is a suspect, that's what most of the web has become.

There was similar case with Kiwi.com.

Issue was that Kiwi pocketed refounds, would not inform customers of flight changes, changing baggage was very hard...

Ryanair service is OK (if you take it as a bus company). There do no play dead as Airbnb support. During covid they provided refunds sooner than Lufthanza for example.

I don't think screen scraping should be illegal unless there is a form in the way requiring interactive acceptance of terms.

Of course, now with AI that's a different story, but barring AI scraping a page for data should not be illegal just because the company wants to sell you API access.

I suspect there are lots of details and context absent from this article. It's hard to believe this is only about booking.com scraping Ryanair's website. What part of it was "unauthorized", exactly? While it's generally legal in the US to scrape publicly available information, that doesn't translate scraping info that requires logging into an account first.

It seems the bigger issue at hand may be booking.com purchasing the tickets and adding a lot of hidden fees on top.

I had always assumed Booking.com had some resale agreement with hotels and airlines - there was always some weird issue where if I called a hotel and asked for a room it was more expensive than booking.com or was not available yet was on booking.com

What gets me is why on Earth any provider would allow this - dealing direct is so much more sane 99% of the time, and a package holiday provider already has a reseller agreement.

Just stomp booking.com into the ground - I simply don’t understand why hotels and airlines don’t do it?

Can someone clarify what "access parts of Ryanair's website without authorisation" actually means? Are they referring to programmatic account creation?

I'm not sure why because Ryanair looks really good on the scrapers. I bet it drives a lot of business their way.

That is of course until you add all the additional charges.

> the companies, which use screen-scraping software to find and resell tickets, add additional charges and make it difficult for the airline to contact passengers.

AFAIK, it's impossible to resell flight tickets in EU, they are attached to real names that are checked upon boarding time. If wonder how did Booking manage to resell Ryanair tickets at scale?

Why are two European companies suing eachother in a US court? Ryanair doesn’t even serve the US, right?

How does the fraud part come in here? Not seeing it

this looks like scalping to me.

[the airline, Europe's largest by passenger numbers, has in recent years launched a series of legal actions against third-party booking platforms that resell its tickets without permission.

It says the companies, which use screen-scraping software to find and resell tickets, add additional charges and make it difficult for the airline to contact passengers.]

Did Ryanair try blocking their IP’s or adding captchas? Or did they sue because the cat and mouse game became too much?

I always thought booking sites had partnerships with airlines and using an API!

So this was a criminal offence. Who goes to jail?