I run a public website for aircraft enthusiasts at Heathrow (yes, yes, I know!) and I don't have any problem with visitors with web browsers using the data it displays on arrivals and departures (that's what it's there for), but it's become clear that it's also being accessed by someone running a screen-scraper bot that hoovers up the data at regular intervals (despite the banner on the site saying that no automated scripts or bots are allowed).
They're just using TOR to prevent you from banning a specific IP address.
I'd gather as much info as you can about the thing doing the scraping.
i.e. log all of the headers presented (e.g. user-agent[1]), timing info (does it make several queries in a row, does it make the queries at the same times, etc)
You might find that there's something specific about that client you can use to detect it.
If you outright ban it then you can expect them to work out how and make it harder for you to detect it in the future, so it becomes an endless game of whack-a-mole.
You can be much sneakier. I've written a bunch of things to scrape other sites (honouring their robots.txt and other wishes) and what annoyed me most was when the format of the response changes.
If you detect the annoying client then change the format of the page you return, add in new divs, add an extra column, that kind of thing.
One other fun thing is if you can reliably detect this client amongst all of the legitimate clients then occasionally send it incorrect data.
1. I know these can be trivially faked, but that person having to do that will cost them some time. At some point in the whack-a-mole game you'll either exhaust their (or your) patience or technical ability.