Publications

hiQ’s Groundbreaking Injunction Against LinkedIn Reaffirmed: Scraping of Publicly Available Data Likely Does Not Violate CFAA

April 26, 2022

The U.S. Court of Appeals for the Ninth Circuit has affirmed its prior decision, holding that LinkedIn could not block hiQ, a scraping entity, from scraping public LinkedIn profiles. The court found it was unlikely that hiQ had violated the Computer Fraud and Abuse Act (CFAA), which is commonly understood to be an anti-hacking law. However, this opinion is only limited to publicly available information. Meaning, a scraping company could still be liable under the CFAA if it is scraping information from a website that requires authorization or access permission, such as password authentication. 

Additionally, the court noted that data aggregators could bring other, non-CFAA claims, against scraping entities even when those companies are scraping public information, such as breach of contract and copyright infringement claims. Thus, data scraping law is very nuanced and still in its early stages, making the guidance of counsel especially important before starting a data scraping business or cutting off access to data scrapers.

Farella Braun + Martel represented hiQ in obtaining the preliminary injunction and through its first appeal to the Ninth Circuit.

The Court’s Analysis

After the Ninth Circuit affirmed the preliminary injunction in 2019, LinkedIn filed a petition for writ of certiorari with the Supreme Court of the United States. The Supreme Court vacated the decision and remanded the case to the Ninth Circuit for further consideration in light of its decision in Van Buren v. United States, 141 S. Ct. 1648 (2021), a case concerning application of the Computer Fraud and Abuse Act (CFAA) in the criminal context. The Ninth Circuit once again affirmed the underlying hiQ Labs decision, largely mirroring its earlier analysis.

To obtain a preliminary injunction, a plaintiff must show that they are likely to succeed on the merits, likely to suffer irreparable harm in the absence of preliminary relief, the balance of equities tips in their favor, and an injunction is in the public interest. 

The Ninth Circuit found credible hiQ’s assertion that the survival of its business is threatened absent an injunction prohibiting LinkedIn from blocking hiQ from scraping publicly available information from LinkedIn’s website. Similarly, the balance of equities tipped “sharply” toward hiQ, given that LinkedIn’s interest in preventing data collection was outweighed by hiQ’s interest in continuing its business. Importantly, the court also determined that there was a strong public interest in preventing companies like LinkedIn from becoming “information monopolies” who could otherwise decide, on any basis, who can collect and use publicly available data.

The remainder of the Ninth Circuit’s decision explored how hiQ raised “serious questions” that supported its likelihood of success on the merits of its intentional interference with contract claim against LinkedIn. With respect to LinkedIn’s “legitimate business purpose” defense to this claim, the Ninth Circuit determined, inter alia, that hiQ’s interest in fulfilling its contracts with the customers of its data analytics products and services is stronger than LinkedIn’s comparatively weak “interest in protecting its members’ data and the investment made in developing its platform” and “enforcing its User Agreements’ prohibitions on automated scraping.”

The court also rejected LinkedIn’s further argument that blocking hiQ from scraping publicly available data was justified because such scraping violated the CFAA, 18 U.S.C. § 1030, which outlaws intentional access to a computer to obtain information “without authorization” from that protected computer (here, the LinkedIn servers would be the “protected computer”). Once again, the court agreed that hiQ had at least raised a “serious question” that its activities did not run afoul of the CFAA because LinkedIn’s information was accessible to the general public, and so data miners like hiQ were not accessing those servers “without authorization.”

The court explained that Congress created the CFAA with “hacking” and “breaking and entering” in mind, contemplating the existence of three kinds of computer system accessibility:

  1. access is open to the general public and permission is not required,
  2. authorization is required and has been given, and
  3. authorization is required but has not been given.

According to the Ninth Circuit, where information like a public LinkedIn profile is “available to anyone with an internet connection,” it falls under the first category, and thus the idea that anybody, including scraper entities, can access this information “without authorization” is “inapt.” The court added that Van Buren’s “gates-up-or-down inquiry”—“one either can or cannot access a computer system, and one either can or cannot access certain areas within the system”—is akin to categories (2) and (3). It held that Van Buren thus reinforces its conclusion “that the concept of ‘without authorization’ does not apply to public websites.”

Takeaways

Large data aggregators should not rely on the CFAA when bringing claims against scrapers of their publicly accessible data, or when defending against claims brought by those scrapers when the aggregators take measures to restrict access to the data. However, while the court closed one gate, it left several others open. In fact, it reminded readers that other causes of action including state law trespass to chattels, copyright infringement, misappropriation, unjust enrichment, conversion, breach of contract, or breach of privacy may still apply to such scraping activities. Indeed, plaintiffs in data scraping lawsuits routinely include such claims in their complaints. 

Firm Highlights

Publication

Fair Use Question Goes to Trial in AI Copyright Lawsuit – Thomson Reuters v. Ross Intelligence

On September 25, 2023, a United States Circuit Judge determined that fact questions surrounding issues of fair use and tortious interference required a jury to decide media conglomerate Thomson Reuters’s lawsuit against Ross Intelligence...

Read More
Publication

It Wasn’t Me, It Was the AI: Intellectual Property and Data Privacy Concerns With Nonprofits’ Use of Artificial Intelligence Systems

In today's rapidly changing technological landscape, artificial intelligence (AI) is making headlines and being discussed constantly. To be sure, AI provides a powerful tool to nonprofits in creating content and exploiting for countless cost-effective...

Read More
Publication

Major Decision Affects Law of Scraping and Online Data Collection, Meta Platforms v. Bright Data

On January 23, 2024, the court in Meta Platforms Inc. v. Bright Data Ltd. , Case No. 3:23-cv-00077-EMC (N.D. Cal.), issued a summary judgment ruling with potentially wide-ranging ramifications for the law of scraping and...

Read More
Publication

A Summary of New Laws Coming for California Employers in 2024

In 2023, California has adopted several new employment laws either introducing new employee protections or codifying existing practices into state law. With these changes, employers will need to examine and adjust some of their...

Read More
News

Scraping Battles: Meta Loses Legal Effort to Halt Harvesting of Personal Profiles

Alex Reese spoke to Matt Fleischer-Black of  Cybersecurity Law Report about the Meta v. Bright Data decision and its impact on U.S. scraping case law. Read the article here (paywall or trial).

Read More
Publication

California Proposes New AI & Automated Decision-Making Technology Regulations

The California Privacy Protection Agency (CPPA) released its draft  regulatory framework for automated decision-making technology (ADMT) on November 27. These regulations are a preview of what new requirements may look like for companies currently...

Read More
News

Winston Liaw Named a Leadership Council on Legal Diversity Fellow

Northern California legal powerhouse Farella Braun + Martel is proud to announce that Winston Liaw has been named a Leadership Council on Legal Diversity (LCLD) Fellow for 2024. Winston joins a select group of...

Read More
Publication

Is the Copyright Threat to Generative AI Overhyped? Implications of Kadrey v. Meta

In November 2023, Meta successfully had nearly all of the claims against it dismissed in the Kadrey v. Meta Platforms, Inc. suit, a victory with potential implications for other technology companies with generative AI tools...

Read More
News

Farella Wins Complete Defense Ruling at Trial for Smart Meter Technology Company

Northern California legal powerhouse Farella Braun + Martel secured a complete defense victory for a smart meter technology company following a two-week bench trial in the U.S. Bankruptcy Court for the Southern District of California...

Read More
News

Farella 2024 Partner Elevations: Cynthia Castillo and Greg LeSaint

Northern California legal powerhouse Farella Braun + Martel is pleased to announce the election of two lawyers to partnership effective Jan. 1: Cynthia Castillo and Greg LeSaint. “We are thrilled to elevate Cynthia and...

Read More