Morocco

Summary

Morocco presents moderate risk for web crawling. The primary data-protection framework is Law No. 09-08 (2009, modelled on the French 1978 law), overseen by the CNDP (Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel). The CNDP has begun active enforcement — issuing warnings to major data controllers and opening investigations into large-scale processing operations as of early 2025 (Decision D-939-2025 on cookie notices). Computer- system access offences are covered by Act 07-03 supplementing the Penal Code, which criminalises unauthorised access to automated data processing systems; penalties range from 1 month to 5 years imprisonment and MAD 2,000 to MAD 2,000,000. Copyright protection for databases arises under Law No. 2-00 on Copyright and Related Rights (2000) on a compilation-originality basis only; there is no EU-style sui generis database right. No TDM copyright exception exists. Morocco has not ratified the AU Malabo Convention. No English-language case law specifically addressing web scraping under Act 07-03 is publicly available; however, the broad drafting of the authorisation test means untested exposure remains. No comprehensive revision to Law 09-08 was enacted as of May 2026, though CNDP enforcement intensity has increased.