In Brief:   Web scraping publically available information isn’t computer fraud.

Here’s What Happened: Web scraping or web harvesting is the extraction of data from a website. A “web bot” scampers about the web looking for data on a website, harvests the data and then loads it into a database or exports it into a format that can be utilized. Web scraping can be a marketing tool like lead generation. It can also be used for market analytics like brand monitoring, industry statistics and comparative shopping data.

LinkedIn is a professional networking site. Its members upload information about themselves as well as content that might be of interest. Members own their information and content. LinkedIn has tools to monitor the use of the website; including a tool that prohibits access by automated bots except for search engines like Google.

hiQ Labs Inc. is a data analytics company. It uses an automated web bot to scrape publically available information on LinkedIn Corp.’s website. This information includes information like people’s names, jobs, work histories and skills. hiQ creates “people analytics” for use by its customers. The customers use the information for employee recruiting and management intelligence.

LinkedIn was aware of hiQ’s bots for at least a couple of years and didn’t try to shut hiQ down. Then, LinkedIn decided it wanted to monetize the data on its website and launched its own data analytics product. LinkedIn sent hiQ a cease and desist letter accusing hiQ of violating LinkedIn’s terms of use as well as the Computer Fraud and Abuse Act (CFAA), the Digital Millennium Copyright Act (DMCA) and the California Penal Code law against trespass.

hiQ filed a declaratory judgment action. The court granted hiQ’s motion for preliminary injunction to stop LinkedIn from blocking its access to the LinkedIn website. LinkedIn appealed. The matter bounced up to the US Supreme Court who remanded the case back to the Ninth Circuit Court of Appeals.

The Ninth Circuit focused on, inter alia¸ whether hiQ would succeed on the merits against LinkedIn’s on violation of the CFAA. The CFAA prohibits accessing a computer “without authorization”. According to the Ninth Circuit, “the pivotal CFAA question here is whether once hiQ received the cease-and-desist letter, any further scraping and use of LinkedIn’s data was ‘without authorization’ within the meaning of the CFAA and thus a violation of the statute.” If so, LinkedIn asserted, hiQ would have no legal right of access to LinkedIn’s data and so could not succeed on the merits.

The Ninth Circuit held that hiQ raised serious questions about whether its web bot accessed information “without authorization”. hiQ only accessed publically available information that was uploaded by LinkedIn’s members. It didn’t try to circumvent a password or breach a demarcation wall that protected private information.

The Ninth Circuit affirmed the entry of the preliminary injunction and remanded the case back to the district court.

Why You Should Know This:  This opinion gives a succinct roadmap for data scraper bots. Stick to publically available information. Don’t try to reach protected private information.

Case Information: hiQ Labs, Inc. v. LinkedIn Corp., 31 F.4th 1180 (U.S. 9th Cir. 2022)

Leave a comment

Your Email will not be published with a comment

This website uses cookies to enhance your browsing experience and provide you with personalized services. By continuing to use this site, you consent to the use of cookies. See our Terms of Engagement to learn more.