Abstract: The country ’s first “crawler” indictment case reflected the problem of criminal law ’s over-regulation of crawling public data. The reason for this problem is that the judicial practice is dominated by technical judgments to expand the application of the crime of illegally obtaining data. Specifically, under the legislative provisions that determine the illegality of the form of crawling behavior based on the technical authorization of the data controller, the judiciary uses the technical attribute of the data to replace the legal attribute to judge the legal interest infringement of the behavior. From the perspective of the unification principle of legal order and the data security view that takes into account both security and development, the expansion and application of crimes led by technical judgments should not be the position of criminal law data crawling. In fact, data security protection should adhere to the restraint of the criminal law based on the consideration of data development, and limit the criminal law of crawling public data to the scope of protecting important data that has been typed in the criminal law and maintaining the normal operation of computer systems. For crawling public works data that has been typed and protected by the criminal law, which should be punished based on all the facts of the case, it should be determined as a crime of copyright infringement; for other public data crawling activities that are not typed in the criminal law, the crime of illegally obtaining data cannot be applied. But when the act of crawling public data disrupts the normal operation of the computer system and should be punished, it can be determined as the crime of destroying the computer information system.