May 26, 2022

Volume XII, Number 146

Advertisement
Advertisement

May 25, 2022

Subscribe to Latest Legal News and Analysis

May 24, 2022

Subscribe to Latest Legal News and Analysis

May 23, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

Ninth Circuit Once Again Preserves Competitor’s Data-Scraping Rights

On remand from the Supreme Court of the United States, the US Court of Appeals for the Ninth Circuit reaffirmed its own 2019 opinion that preliminarily enjoined a professional networking platform from denying a data analytics company access to publicly available profiles. HiQ Labs, Inc. v. LinkedIn Corporation, Case No. 17-16783, (9th Cir., Apr. 18, 2022) (Wallace, Berzon, Berg (sitting by designation) JJ.).

Previously, the Supreme Court had granted certiorari in this case, but subsequently vacated the judgment and remanded back to the Ninth Circuit for further consideration in view of its  2021 decision in Van Buren v. United States. In Van Buren, the Supreme Court attempted to clarify the reach of the Computer Fraud and Abuse Act of 1986 (CFAA), holding that authorized computer access for arguably improper purposes likely does not constitute a violation of the CFAA. On remand, the Ninth Circuit concluded that Van Buren reinforced its determination that hiQ had raised “serious questions” about whether LinkedIn may invoke the CFAA to preempt hiQ’s claim of tortious interference.

HiQ is a data company that sells “people analytics” focused on predictive employee data. HiQ’s data is largely obtained by scraping public LinkedIn profiles with automated bots. In 2017, LinkedIn sent a demand letter to hiQ asserting that hiQ’s scraping activity was in violation of the CFAA, the Digital Millennium Copyright Act (DMCA), the California penal code and common law. HiQ immediately filed suit seeking injunctive relief and a declaratory judgment that LinkedIn could not lawfully invoke the asserted claims. Granting hiQ’s motion for the preliminary injunction, the district court ordered LinkedIn to remove, and to refrain from implementing, any technical barriers to hiQ’s access to the LinkedIn public profiles.

The Ninth Circuit stated that a plaintiff seeking a preliminary injunction must establish the following:

  • It is likely to succeed on the merits.

  • It is likely to suffer irreparable harm absent the injunction.

  • The balance of equities tips in its favor.

  • The injunction is in the public interest.

This analysis required the Ninth Circuit to focus only on whether hiQ had raised serious questions on the merits of the factual and legal issues presented. The Ninth Circuit’s re-examination of these factors was nearly identical to its 2019 holding.

Starting with irreparable harm, the Ninth Circuit found that the survival of hiQ’s business was threatened since it depends on being able to access public LinkedIn member profiles. The Court also agreed, once again, with the district court’s determination that the balance of the equities tipped in hiQ’s favor. The Court found that the privacy interests of individuals who have opted to maintain a public LinkedIn profile did not outweigh hiQ’s interests in continuing its business. On this factor, the Court noted that “little evidence” suggested that LinkedIn users who choose to make their profiles public actually maintain an expectation of privacy with respect to publicly posted information. The Court also noted that LinkedIn does not own its users’ data, since users retain ownership over the data comprising their LinkedIn profiles.

Revisiting the likelihood of success factor, the Ninth Circuit issued a reminder that its inquiry was limited to whether hiQ raised serious questions on the merits of LinkedIn’s “sole defense” to hiQ’s request for the preliminary injunction under the CFAA. Other potential claims, such as those arising under the Digital Millennium Copyright Act or trespass and misappropriation, were not at issue in this specific appeal.

The Ninth Circuit determined that hiQ raised serious questions as to the merits of its claim for tortious interference of contract by demonstrating the existence of valid contracts, LinkedIn’s knowledge of such contracts, LinkedIn’s “intentional acts” designed to disrupt these contracts and the resulting harm to hiQ. HiQ also raised serious questions on the merits of LinkedIn’s legitimate business purposes defense, which LinkedIn argued would justify an intentional inducement of contract breach.

The majority of the Ninth Circuit’s opinion looked at whether hiQ had raised a serious question as to the scope of the statutory coverage of the CFAA (which prohibits intentionally accessing a computer without authorization and is limited to computer information for which authorization or access permission, such as a password, is required) and whether access of a public LinkedIn profile would fall outside of the CFAA. The “pivotal” question was whether hiQ’s continued data scraping of public LinkedIn profiles after receipt of LinkedIn’s 2017 demand letter was “without authorization” under the meaning of the CFAA.

The Ninth Circuit found that hiQ raised “[a]t the very least . . . a serious question” about whether the CFAA’s “without authorization” language is even applicable if the accessed data is open to the public. This included a detailed breakdown of the statutory language and the fact that the affirmative notion of “authorization” implies express permission and therefore does not pertain to freely available information. Legislative history also bolstered the Court’s findings, because the CFAA has been best understood as an anti-intrusion statute (not a misappropriation statute) requiring conduct analogous to breaking and entering. The Court found reinforcement in Van Buren, even though Van Buren addressed a different clause of the CFAA (the “exceeds authorized access” clause, rather than the “without authorization” clause). Van Buren looked at the interplay between these two language provisions and imparted a “gates-up-or-down” interpretation of the CFAA. Therefore, the Court found that Van Buren reinforced the conclusion that when the “gates” are “up” on publicly available webpages without requiring authorization or access, the CFAA may not apply. This conclusion was contrasted with two precedent cases cited by LinkedIn, where the gates were “down” due to required passwords or other requisite access controls.

Finally, the Ninth Circuit agreed that there were significant public interests on both sides of the dispute, but again found in favor of hiQ’s position, which claimed that giving a company such as LinkedIn a complete monopoly over the collection and use of data that it does not own (but only licenses from users) would disserve the public interest. Finding that hiQ had established all the elements required for a preliminary injunction, the Court reaffirmed the injunction and remanded for further proceedings.

© 2022 McDermott Will & EmeryNational Law Review, Volume XII, Number 132
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Sarah Bro, McDermott Will Emery Law Firm, Intellectual Property Attorney
Associate

Sarah Bro is an associate in the law firm of McDermott Will & Emery LLP and is based in the Firm’s Orange County office.Sarah focuses her practice on trademark prosecution and trademark litigation support.

949-757-6001
Advertisement
Advertisement
Advertisement