Battle Royale, Data Scraping Edition: The hiQ v. LinkedIn Saga Continues
CPW has previously covered the state of play for data scraping litigation in the context of hiQ’s and LinkedIn’s ongoing dispute. For an update on this litigation, read on below.
As a reminder, data scraping is a mechanism of extracting data from websites (including websites not available to the public and accessible only to individuals with user accounts). The practices of Clearview which has been the subject of recent litigation are a prime example. Notwithstanding the clear privacy issues implicated by data scraping, there is no law specifically regulating this practice nationwide (although some state laws, as CPW has already covered, regulate the collection of biometric data). As such, in litigation regarding data scraping, parties are stuck arguing over the application of various statutes that were enacted long before data scraping was prevalent.
Which brings us to the hiQ v. LinkedIn litigation. In their recently filed, Joint Case Management Statement, both parties have made it clear that they are not backing away from proving that their definition of “unauthorized access” under the Computer Fraud and Abuse Act (the “CFAA”), is what the legislators intended, back in 1984, and what needs to prevail in the court of law. LinkedIn’s petition for certiorari on this question is still pending before the Supreme Court of the United States. See our previous blog for more background on that, the CFAA, and this lawsuit.
As you will recall, hiQ filed its initial complaint against LinkedIn in 2017, alleging LinkedIn’s cease-and-desist letters to hiQ, followed by LinkedIn restricting hiQ’s access to its website, was anticompetitive and violated state and federal laws. The crux of hiQ’s complaint was that LinkedIn did not have monopoly rights to personal data made publicly available by its users, and that by scraping its website, hiQ did not violate users’ privacy rights (what LinkedIn alleges).
The Northern District of California granted hiQ’s request for a preliminary injunction against LinkedIn restricting hiQ’s access to publicly available LinkedIn member profiles. LinkedIn appealed, but the appeal was denied. The Ninth Circuit determined that “scraping” publicly available information from LinkedIn likely is not a violation of the CFAA because the LinkedIn computers are publicly accessible. As such, hiQ did not access the computers “without authorization” as required by the CFAA. LinkedIn then filed its petition for certiorari to the SCOTUS, which is currently pending.
Separate from the preliminary injunction, following Judge Chen’s ruling on its motion to dismiss, LinkedIn filed its Answer and Counterclaims on November 20, 2020, including counterclaims under the CFAA. On January 18, 2021, hiQ filed a motion to dismiss LinkedIn’s counterclaims under the CFAA. LinkedIn’s opposition is currently due on March 4, 2021. It is unlikely that the SCOTUS will respond on the pending certiorari before then.
In addition to the meaning of unauthorized access, the parties are also disputing:
Whether the California Penal Code § 502 is simply coextensive with the CFAA or has a broader scope, whether it applies to public profile pages on the LinkedIn website and, if it does apply, whether hiQ’s access to such profiles violates the statute;
Whether any of hiQ’s claims are preempted by the CFAA or California Penal Code § 502; and
Whether hiQ breached the LinkedIn User Agreement, which specifically prohibits automated access and scraping.
Factual disputes also exist, including the method that hiQ purportedly used to gain access to LinkedIn’s computers, and scrape data of LinkedIn’s members (i.e. the use of automated software/”bots”), and whether hiQ “knowingly” bypassed LinkedIn’s technical measures. LinkedIn is also disputing whether hiQ’s loss of employees, and its difficulty in signing customers or raising money and investments (including all of the reasons why hiQ’s business has failed, if indeed), is in fact related to LinkedIn’s cease and desist letter or other actions. LinkedIn has pointed to the vulnerability of “startups” in general as a likely cause of hiQ’s alleged business failure.
As we mentioned earlier, the questions posed in this lawsuit are bound to have major impact in the data scraping arena. Stay tuned.