July 6, 2020

Volume X, Number 188

July 06, 2020

Subscribe to Latest Legal News and Analysis

Data Scraping Survives! (At Least for Now) Key Takeaways from 9th Circuit Ruling on the HIQ vs. Linkedin Case

The original case was brought in California federal district court in 2017 by a company (hiQ) trying to protect its business of using publicly posted user data on LinkedIn. The California federal district court awarded a temporary restraining order against LinkedIn.

This order allowed hiQ to keep scraping data off of LinkedIn’s platform on employees in connection with one of its analytics tools that aims to warn hiQ’s customers (employers) when it seems that employees are looking for jobs. hiQ sold that service to employers, and LinkedIn tried to stop hiQ from scraping that data by arguing that hiQ’s actions violated a number of laws, most notably the Computer Fraud and Abuse Act, the “CFAA,” as well as LinkedIn’s terms of use. The federal district court found (at a preliminary inquiry level) that hiQ raised serious questions on the merits of LinkedIn’s argument that the conduct violated the CFAA and, therefore, granted a temporary restraining order (TRO) prohibiting LinkedIn from denying hiQ access to the data. LinkedIn appealed the ruling to the appellate court for the Ninth Circuit, which has been pending for about 2 years.

Appellate Court Ruling

On September 9, 2019, by a 3-0 decision, the Ninth Circuit appellate court affirmed the federal district court’s ruling and found that hiQ raised serious questions on the merits of LinkedIn’s argument that hiQ’s conduct violated the CFAA and upheld the TRO.

Takeaways from the Ninth Circuit Appellate Court Opinion:

  • Judge Marsha Berzon, writing for the NinthCircuit Panel,  stated that giving companies such as LinkedIn “free rein” over who can use public user data risked creating “information monopolies” that harm the public interest.
  • “LinkedIn has no protected property interest in the data contributed by its users, as the users retain ownership over their profiles.”
  • “And as to the publicly available profiles, the users quite evidently intend them to be accessed by others,” including prospective employers.
  • hiQ’s conduct of data scraping public profiles off of LinkedIn likely does not violate the CFAA.

“Where do scrapers go from here? Where is my web-bot?!” Hold On! …Not totally home free

This is a key decision that represents a significant federal circuit –the Ninth Circuit- putting limits on companies trying to affirmatively use the CFAA to restrict an outsider’s use of publicly posted user data. Unfortunately for scrapers, the Ninth Circuit left the door open to other claims, such as state law trespass to chattels, copyright infringement, breach of privacy, breach of contract, misappropriation and unjust enrichment that might allow companies like LinkedIn to limit competition with its products (LinkedIn could still pursue the case against hiQ on some of these other claims). So the fight between scrapers and companies that post data is not over, but the ruling from the Ninth Circuit is helpful to companies that may want to use publicly available data to enhance their own business offerings. (Please note that the CFAA is subject to multiple conflicting interpretations across the federal circuits, making it likely that the Supreme Court will eventually be forced to resolve the meaning of key terms like “without authorization;” thus, it is important to analyze in what jurisdictions the conduct is occurring to get an up to date assessment on scraping and data use.)

And does this tie into the CCPA? You bet!

As the Ninth Circuit’s makes clear, it is critical to consider who owns the data. In the hiQ case, it was a significant point that the users owned the data. This seems to relate to the same principles that founded the California Consumer Privacy Act (“CCPA”), which is set to go in effect on January 1, 2020. This is also something to be mindful of as it feeds into why compliance with CCPA is so important (i.e. because it relates to who ultimately owns the data and when a user wants his or her data removed, or if a user wants to know if you are selling his/her data, you must tell them and give him/her a right to not sell the data etc. …a company must comply under the CCPA!)

Important Comments from the decision to be mindful of for data scrapers:

The Ninth Circuit decision noted that the conduct of hiQ involved accessing publicly available information. The decision discusses at length the concept of “without authorization” and noted the conduct of hiQ did not involve logging on to the LinkedIn platform with a password. Other Ninth Circuit cases have taken issue with “logging on” to a platform to get access to data; consequently, as a rule of thumb, a company should not log in to any platform to scrape data.

© Horwood Marcus & Berk Chartered 2020. All Rights Reserved.National Law Review, Volume IX, Number 273

TRENDING LEGAL ANALYSIS


About this Author

Basileios "Bill" Katris, Horwood Marcus Berk Law Firm, Arbitration Counseling Lawyer,

BILL KATRIS has extensive litigation, arbitration and counseling experience involving a wide range of complex commercial contract disputes, trust and estate controversies, and business torts, including matters arising from breach of fiduciary duties, data usage, intellectual property disputes, the Telephone Consumer Protection Act ("TCPA"), breach of contract/contract interpretation, real estate transactions, employment issues, unfair competition, trade secret misappropriation, fraud, corporate mismanagement and business defamation issues. Bill's trust and estate...

312-606-3221
Robert Schaul Finance Attorney HMB Law Firm
Associate

Robert is a member of HMB’s Business and Finance Group. He focuses his practice on general corporate matters, M&A transactions and debt and equity financing matters.

Partnering with privately-held companies, start-ups, lenders, private equity and other investment vehicles and their associated stakeholders, Robert counsels clients on organizational and capital structure, along with general corporate and compliance issues. He serves as outside counsel for a broad spectrum of entities in various fields, from a multinational company in the healthcare industry to a local non-profit organization in the EdTech field. He also represents high-growth clients in the technology industry on data privacy and protection matters.

Robert’s financing practice focuses on representing start-ups in obtaining financing through equity and convertible debt funding rounds, as well as representing commercial banks lending through more traditional facilities. He says,  "The legal and regulatory environment is constantly changing, especially for technology and data companies. I keep my clients focused both on what they are trying to accomplish now and how they can achieve that result in a way that allows them to anticipate and more easily hurdle regulatory obstacles in the future."

312.606.3228