Is Scraping Google Legal in 2026? The SerpApi Lawsuit, Explained
If you build anything that touches Google results — a rank tracker, an SEO dashboard, a price monitor, an AI agent that needs fresh search context — you have probably seen the headlines and felt a small knot in your stomach.
Google sued SerpApi. People are asking whether the whole category just became illegal. Reddit threads are full of “is my rank tracker dead?” and “should I rip this out before the hearing?”
I want to walk through this calmly, in plain English, the way I’d explain it to a teammate. What the case really says, what it does not say, and the small, practical things you can do this week so a courtroom in California is not a single point of failure for your product.
One disclaimer up front, and I mean it: I am a founder, not a lawyer. Nothing here is legal advice. If you have real exposure, talk to an actual attorney. This is the engineer’s-eye view.
Why Everyone Is Suddenly Asking This
On December 19, 2025, Google filed a complaint against SerpApi, LLC in the U.S. District Court for the Northern District of California. You can read Google’s own statement and solid coverage from Search Engine Land.
Google’s language is sharp. It called the business model “parasitic” and said automated requests had climbed dramatically over two years. SerpApi pushed back hard and filed a motion to dismiss, arguing that public search data should stay accessible and framing the fight as one about the open web.
So the noise is real. But noise and legal reality are not the same thing. Let’s separate them.
The Short Answer
There is no law that says “scraping Google is illegal.” In the US, accessing publicly visible pages has generally been treated as lawful. This case is narrower than “scraping” — it is mostly about whether bypassing a specific technical barrier crosses a line, and whether it breaks Google’s terms.
That distinction is the whole article, so let me unpack it.
What the Lawsuit Actually Argues
Reading the complaint and the coverage, Google’s case stands on a few legs, and almost none of them are “scraping is bad.”
1. Anti-circumvention under the DMCA. Google says it built a technical protection measure it calls SearchGuard, and that getting around it to reach the results is the unlawful act. This is a Digital Millennium Copyright Act §1201 theory — the same family of law that covers breaking digital locks. The legal weight is on the lock, not the looking.
2. Breach of Terms of Service. Google’s terms forbid automated access of this kind. This is contract law, not criminal law.
3. Copyright and related claims. Google argues the results pages reflect substantial investment and that wholesale copying and resale harms it.
Notice what is doing the work here: a technical protection measure and a contract. The case is far less “you read a public webpage” and far more “you picked a lock we installed, at scale, and sold what was inside.” Whether SearchGuard legally counts as that lock is exactly what the court has to decide.
Why This Case Is Different From hiQ v. LinkedIn
When people say “courts already ruled scraping is legal,” they usually mean hiQ Labs v. LinkedIn. That case found that scraping publicly available data did not violate the Computer Fraud and Abuse Act — the “unauthorized access” statute that the Supreme Court later read narrowly in Van Buren v. United States.
Here is the catch. The SerpApi complaint does not lean primarily on the CFAA. It leans on DMCA anti-circumvention and contract. hiQ is about whether reading public data is “unauthorized access.” This case is about whether you defeated a protection mechanism and broke an agreement. Different statute, different question. A win for the open web in one does not automatically transfer to the other.
That is why honest commentary — like the Search Engine Land analysis — is careful not to predict a winner. The legal questions are genuinely open, and a hearing is expected in 2026.
What It Means For You (the Builder)
Here is the part that actually matters for your weekend project or your company’s SEO platform.
The case is between two companies. It does not regulate you, the developer who consumes SERP data downstream. Nothing in it makes building a rank tracker, a SEO dashboard, or an AI agent that needs search context illegal by itself.
Your real risk is a supply-chain risk, not a personal legal one. If you depend on exactly one data source and that source is forced to change how it works, your feed changes with it — overnight, with no warning, in the middle of a billing cycle. That is the scenario worth engineering around. It is the same reason you would not run a payments business on a single processor with no fallback.
Cost and availability could move. Honest take: if pressure on the category increases, reliable SERP data may get a little more expensive or a little harder to source for some providers. That is not a doomsday prediction — it is a planning assumption. We already covered how widely prices vary in the cheapest SERP API comparison and the 2026 SERP API shoot-out.
If you want the broader ethics-and-compliance picture beyond this one case, we wrote a separate, deeper piece on legal and ethical search-data collection. This post is just about the lawsuit; that one is the standing reference.
How to De-Risk Your Project This Week
None of this is legal advice. It is resilience hygiene — the same things you’d do for any critical third-party dependency.
1. Put a thin interface between your code and your provider. One small module — getSerp(query, opts) — that the rest of your app calls. Swapping a provider should be a one-file change, not a refactor. We go deep on this in building a SERP API backup plan.
2. Cache like you mean it. Most ranking data does not change every hour. Caching cuts cost and cuts how exposed you are to any single provider hiccup. There is a whole pattern library for this in how SERP pricing really works.
3. Keep a second provider warm. Not “documented somewhere.” Actually tested, with credentials in your secrets manager, behind that interface from point 1.
4. Store the raw response, not just parsed rows. If you only keep {keyword, position} and you change providers, your history can quietly become inconsistent. Keep the raw JSON. Storage is cheap; lost history is not.
5. Read your provider’s terms before you scale. Boring, free, and the single highest-leverage thing on this list. Know what you signed up for.
Where a Structured Search API Fits
Honest framing, because you came here for a straight answer, not a pitch.
A structured search API like Serpent API exists so you make one HTTP call and get clean JSON — organic results, ads, People Also Ask, AI Overviews, related searches — instead of running and maintaining your own collection stack. The value is the structured data and the maintenance you don’t do.
It also slots neatly into the de-risking plan above: it is one well-defined endpoint behind your own interface, it returns raw JSON you can store, and it supports four engines (Google, Bing, Yahoo, DuckDuckGo) so you are not single-engine either. If you want to see the trade-offs against rolling your own, we compared both honestly in SERP API vs DIY scraping and what a SERP API actually is.
The point of this article is not “use us.” It is: the lawsuit is narrower than the headlines, your personal legal risk is low, your continuity risk is real and very fixable, and the fixes are things you control. Build like any single provider could change tomorrow, because that is just good engineering — lawsuit or not.
FAQ
Is scraping Google search results illegal?
There is no single law that says “scraping Google is illegal.” In the US, courts have generally treated accessing publicly visible pages as lawful, most notably in hiQ Labs v. LinkedIn. The Google vs SerpApi case is different because it does not rest mainly on the Computer Fraud and Abuse Act. Google’s complaint leans on the DMCA’s anti-circumvention rule and on breach of its Terms of Service, arguing that bypassing a technical protection measure is the unlawful part. Public visibility and circumvention are two separate questions.
What is the Google vs SerpApi lawsuit about?
Google filed a complaint in the Northern District of California in December 2025. It alleges that SerpApi circumvents a technical protection measure Google calls SearchGuard to scrape search results at very large scale, then resells that data. The core legal questions are whether SearchGuard qualifies as a technological protection measure under DMCA §1201, and whether the access breaches Google’s Terms of Service.
Does the lawsuit make my rank tracker illegal?
No. The case is between two companies and does not directly regulate the developers who consume SERP data. Nothing in it makes building a rank tracker, an SEO dashboard, or an AI pipeline unlawful by itself. The practical risk for builders is indirect: if a provider you depend on is forced to change how it operates, your data feed could change with it. That is a supply-chain risk you can plan around, not a personal legal exposure created by the suit.
Is the Google Custom Search API a safe alternative?
The Google Custom Search JSON API is an official, sanctioned product, so using it inside its terms is the lowest-friction option from a permissions standpoint. The trade-off is well known: it is built for site search rather than full web ranking, it does not return real organic positions the way the live results page does, results can differ from what users actually see, and it has tight free quotas. Many teams use it for low-volume needs and a structured SERP API for production ranking data.
How can I lower my legal and continuity risk when using SERP data?
Treat SERP data like any third-party dependency. Read the provider’s terms before you scale, store the raw response so a provider change never erases your history, cache results so you make fewer calls, keep a second provider tested and ready, and avoid hard-coding one vendor into your codebase. None of this is legal advice, but it is the same resilience hygiene you would apply to any external API.
