Costa Rica
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
Costa Rica has the most developed data-protection regime in Central America. Ley 8968 (2011, reformed) establishes consent-based processing rules enforced by PRODHAB. Ley 9048 (2012) reformed the Codigo Penal computer-crime section, expanding Art. 196 bis (data-system interference) to cover unauthorised seizure, copying, or transmission of data in computer systems — potentially applicable where scraping targets non-public data. Art. 196 bis only bites where the actor lacks authorisation; public pages carry implicit authorisation. Copyright is governed by Ley 6683 (1982, last substantively amended 2010): closed-exception model, no TDM exception, no sui generis database right. No scraping-specific case law exists. Overall risk for public-page crawling of government data is low; personal-data scraping and authenticated-system access carry meaningful exposure.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | without permission |
| Public-page carve-out | unsettled |
| Terms-of-service browsewrap enforceable | notice dependent |
| Terms-of-service clickwrap enforceable | yes |
| Copyright exception model | closed list |
| Text and data mining — commercial status | prohibited |
| Text and data mining — opt-out mechanism | none |
| robots.txt legal weight | non binding notice |
| AI training-specific law | none |
| Privacy regime | Ley 8968 / PRODHAB |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-23. Confidence: medium. Not legal advice.