X

Ninth Circuit Rules that LinkedIn Cannot Block Data Scraping

On September 9, 2019, the U.S. Court of Appeals for the Ninth Circuit ruled that LinkedIn cannot deny a data analytics company access to information that is publicly available on LinkedIn's website, affirming the grant of a preliminary injunction by the district court.

As described in hiQ Labs, Inc. v. LinkedIn Corporation, LinkedIn sent the data analytics company hiQ Labs, Inc. ("hiQ") a cease-and-desist letter seeking to stop the company from accessing and copying data (i.e., "scraping") from LinkedIn's website. The data analytics company offers two products that use algorithms that rely heavily on information scraped from LinkedIn's publicly available user profiles to make various forecasts, such as whether an employee may be considering whether to leave his employer. In response to the cease-and-desist Order, the analytics company sought injunctive relief and a declaratory judgment that LinkedIn could not invoke the Computer Fraud and Abuse Act ("CFAA"), the Digital Millennium Copyright Act, California Penal Code 502(c) or the California common law of trespass. The analytics company asserted that LinkedIn had tortiously interfered with the company's contracts. The district court granted hiQ’s request for a preliminary injunction and LinkedIn timely appealed.

According to LinkedIn, hiQ violated the CFAA, which prohibits unauthorized access to a computer, by continuing to data-scrape its website after LinkedIn had instructed it not to do so. LinkedIn stated that permitting the data scraping to continue is against the public interest and would entice malicious actors to access LinkedIn's computers and attack its servers. The analytics company responded that the CFAA is not applicable in this instance because the information was publicly available and, therefore, could be accessed without any authorization at all. And since no authorization was typically required, its scraping could not be "unauthorized" within the meaning of the CFAA.

The Court ruled that the analytics company could continue data scraping, finding that:

  • the survival of its business was threatened, establishing a likelihood of irreparable harm if it could not use the LinkedIn public profile data ;
  • "serious questions" were raised as to whether data scraping of public information is a violation of the CFAA, including whether “without authorization” refers to access of information for which authorization or permission, such as password authentication, is generally required;
  • allowing companies like LinkedIn to decide who can use data that it makes publicly available, but does not own, could lead to the creation of "information monopolies," which would be against the public interest.; and
  • the preliminary injunction was in the public's best interest.

Commentary

Who owns data? What data can be collected, scraped, repurposed and made into something new? hiQ Labs won this case against LinkedIn, but the analysis was very fact-specific. See, e.g., Cadwalader Attorneys Review Supreme Court Ruling on Trademark Licensees' Rights. A finding that a firm has used data improperly could have significant collateral consequences (for example, if a firm has to completely redesign a product or forfeit profits that resulted from the use of data to which the firm did not have a right).

Email me about this

Primary Sources

  1. U.S. Court of Appeals, Ninth Circuit Opinion: hiQ Labs, Inc. v. LinkedIn Corporation

Related Articles

Tags

Regulated Activities
Data Protection / Cybersecurity
Regulated Entities
Commercial Companies
Body of Law
Privacy / Data Protection / Cybersecurity
Jurisdiction
US - Federal
Organization
Courts
Sub-Author
U.S. Circuit Courts