Publications

What Recent Rulings in 'hiQ v. LinkedIn' and Other Cases Say About the Legality of Data Scraping

December 22, 2022 Articles
The Recorder

LinkedIn obtained a permanent injunction on Dec. 6 in its six-year-old lawsuit against data scraping company hiQ Labs, which LinkedIn quickly cheered as a “final, decisive victory” that established an “important legal precedent.” While the stipulated injunction does prevent hiQ Labs from scraping LinkedIn’s data, the outcome of the lawsuit notably does not affect previous rulings by the U.S. Court of Appeals for the Ninth Circuit in the case against LinkedIn and in favor of companies that wish to scrape (i.e., automatically collect) publicly available data.

In particular, neither the outcome in this case nor a similar recent victory by Meta Platforms against scraper BrandTotal impacts the principle that platforms may not wield the federal Computer Fraud and Abuse Act (CFAA, 18 U.S.C. §1030) to prohibit scraping publicly available data from their platforms.

The hiQ Labs case began when LinkedIn sent a cease and desist letter threatening hiQ with CFAA violations if it continued collecting publicly available data from the LinkedIn platform. In general terms, the CFAA is an anti-hacking statute that prohibits accessing protected computer systems “without authorization” or in excess of “authorized access.” 18 U.S.C. §1030(a)(2). For many years before this particular cease and desist, LinkedIn and other platform companies relied on the CFAA to crack down on collecting even the public-facing data on their websites.

After receiving the cease and desist, hiQ Labs sued and obtained a preliminary injunction that the Ninth Circuit later upheld. This important 2019 ruling (which the Ninth Circuit reaffirmed in April 2022 following a remand from the U.S. Supreme Court) narrowed the scope of the CFAA by finding that the law did not apply to the automatic collection of publicly accessible data. In other words, platforms such as LinkedIn and Meta could not designate portions of their public platforms as “off limits” to only certain individuals or companies.

Among other things, the Ninth Circuit found that interpreting the CFAA so broadly would allow “companies like LinkedIn free rein to decide, on any basis, who can collect and use” publicly available data, which would risk “possible creation of information monopolies that would disserve the public interest.”

Other high-profile cases decided since the Ninth Circuit’s ruling further narrowed the CFAA in other ways. For example, in Van Buren v. U.S., the Supreme Court refused to apply the “exceeds authorized access” prong of the CFAA to a police officer who accepted a bribe to access a state license plate registry for improper purposes in violation of police department policy.

Reading the CFAA so broadly would criminalize “every violation of a computer-use policy” with the likely consequences that “millions of otherwise law-abiding citizens are criminals.” Id. at 1661; see also Sandvig v. Barr, (“Criminalizing terms-of-service violations risks turning each website into its own criminal jurisdiction and each webmaster into his own legislature.”)

Nothing in the recent hiQ Labs v. LinkedIn permanent injunction or the summary judgment ruling that preceded it affects these principles. The trend initiated by the Ninth Circuit’s hiQ ruling in favor of open access to public data remains intact. Instead, the recent proceedings in the hiQ Labs case focused primarily on contract-based theories rather than the CFAA. LinkedIn did not even seek summary judgment on any affirmative CFAA claim—it instead obtained summary judgment on its contract and unfair competition claims.

The court granted summary judgment only as to one aspect of hiQ’s data collection activity: hiring contractors to create fake LinkedIn accounts for the explicit purpose of collecting logged-in data (referred to by the court as the “turkers” conduct). In another important summary judgment ruling in the scraping space, Meta Platforms. v. BrandTotal Ltd., the court also refused to grant summary judgment to Meta Platforms on the CFAA as to two categories of data collection.

Like the recent hiQ Labs ruling, the court’s detailed summary judgment opinion focused largely on contract-based theories for prohibiting scraping. The court then held that scraping publicly available data did not violate the CFAA (citing hiQ Labs), nor did an “unauthorized person hiring an authorized agent to extract information from a computer system.” Meta Platforms v. BrandTotal Ltd., Case No. 20-cv-07182-JCS, Dkt. No. 344 at p. 57 (N.D. Cal. June 6, 2022).

These rulings suggest that courts are much more comfortable restricting scraping activity where the parties have agreed by contract (whether directly or through agents) not to scrape. But courts remain wary of applying the CFAA and the potential criminal consequences it carries to scraping. The apparent exception is when a company engages in a pattern of intentionally creating fake accounts to collect logged-in data.

What does all this mean for scraping? The case law is still unsettled, but some rules of thumb are starting to emerge. First, collecting only public data where the scraper has not agreed by contract to refrain from doing so is very unlikely to be a CFAA violation.

Second, intentionally creating fake accounts to collect logged-in data exposes scrapers to contract-based liability and potentially CFAA liability, too (though the Sandvig case arguably says the CFAA does not prohibit this conduct). Platforms have recently begun attacking this conduct by alleging anti-circumvention claims under the Digital Millennium Copyright Act as well.

Third, there’s a broad range of activities in a legal gray area in the middle, such as collecting data for a user with the user’s access credentials and explicit permission. We’ll have to wait for future cases to determine the CFAA’s potential application to that activity.

Reprinted with permission from the 12/22/22 issue of The Recorder. © 2022 ALM Media Properties, LLC. Further duplication without permission is prohibited.  All rights reserved.

Firm Highlights

Publication

Copyright Law for Influencers and Brands: How Content Creators and Companies Hiring Them Can Navigate Copyright Law for a Successful Partnership

In recent years, the advent of the social media “influencer” has revolutionized advertising. Companies often partner with influencers to market their products, hoping to tap into the influencer’s devoted audience. Likewise, influencers create certain content...

Read More
Publication

Will the Supreme Court Limit Copyright Damages? Implications of Warner Chappell Music, Inc. et al. v. Sherman Nealy et al.

The U.S. Supreme Court heard oral arguments in Warner Chappell Music, Inc. et al. v. Sherman Nealy et al. (Case No. 22-1078) on February 21, 2024. On the surface, the case presents the opportunity...

Read More
News

Scraping Battles: Meta Loses Legal Effort to Halt Harvesting of Personal Profiles

Alex Reese spoke to Matt Fleischer-Black of  Cybersecurity Law Report about the Meta v. Bright Data decision and its impact on U.S. scraping case law. Read the article here (paywall or trial).

Read More
Publication

Is the Copyright Threat to Generative AI Overhyped? Implications of Kadrey v. Meta

In November 2023, Meta successfully had nearly all of the claims against it dismissed in the Kadrey v. Meta Platforms, Inc. suit, a victory with potential implications for other technology companies with generative AI tools...

Read More
News

JPMorgan Chase Accuses TransUnion of Stealing 'Trade Secrets'

Intellectual property practice chair Eugene Mar provided expert commentary to American Banker for the article "JPMorgan Chase Accuses TransUnion of Stealing 'Trade Secrets'." In the article, he said: "By filing this as a trade...

Read More
Publication

7 Ways Companies and Content Creators Can Navigate Copyright Law for a Successful Partnership

In recent years, the advent of the social media “influencer” has revolutionized advertising. Companies often partner with influencers to market their products, hoping to tap into the influencer’s devoted audience. Likewise, influencers create certain content...

Read More
News

Winston Liaw Named a Leadership Council on Legal Diversity Fellow

Northern California legal powerhouse Farella Braun + Martel is proud to announce that Winston Liaw has been named a Leadership Council on Legal Diversity (LCLD) Fellow for 2024. Winston joins a select group of...

Read More
News

Chambers USA 2024 Recognizes Farella Braun + Martel Lawyers, Practices

Farella Braun + Martel is pleased to announce that Chambers USA has recognized 16 lawyers and six practice areas in the legal directory’s 2024 edition. Individual California and Western U.S. Rankings: Sarah Bell &ndash...

Read More
Publication

Hsu Untied Interview With Dan Callaway

Dan Callaway, a partner specializing in intellectual property litigation, was a guest on Hsu Untied , an award-winning podcast hosted and produced by Richard Hsu featuring entrepreneurs, venture capitalists, best-selling authors, and more.  During...

Read More
Publication

No Three-Year Bar on Copyright Damages (For Now): SCOTUS Issues Opinion in Warner Chappell Music, Inc. et al. v. Sherman Nealy et al.

In a 6-3 majority decision in Warner Chappell Music, Inc. et al. v. Sherman Nealy et al. , the Supreme Court held that the Copyright Act entitles a copyright owner to recover damages for any...

Read More