By affirming the grant of a preliminary injunction, the U.S. Court of Appeals for the Ninth Circuit ruled that LinkedIn cannot deny a data analytics company access to information that is publicly available on LinkedIn's website.
As described in hiQ Labs, Inc. v. LinkedIn Corporation, LinkedIn sent the data analytics company hiQ Labs, Inc. ("hiQ") a cease-and-desist letter seeking to stop the company from accessing and copying data (i.e., "scraping") from LinkedIn's website. (The data analytics company uses an algorithm that employs information scraped from LinkedIn's user profiles to make various forecasts, such as whether an employee may be likely to leave his employer.) In response to the cease-and-desist Order, the analytics company sought injunctive relief and a declaratory judgment that LinkedIn could not invoke the Computer Fraud and Abuse Act ("CFAA"), the Digital Millennium Copyright Act, California Penal Code 502(c) or the California common law of trespass. The analytics company asserted that LinkedIn had tortiously interfered with the company's contracts.
According to LinkedIn, hiQ violated the CFAA, which prohibits unauthorized access to a computer, by continuing to data-scrape its website after LinkedIn had instructed it not to do so. LinkedIn stated that permitting the data scraping to continue is against the public interest and would entice malicious actors to access LinkedIn's computers and attack its servers. The analytics company responded that the CFAA is not applicable in this instance because the information was publicly available and, therefore, could be accessed without any authorization at all. And since no authorization was required, its scraping could not be "unauthorized" within the meaning of the CFAA. Additionally, the analytics company argued that blocking data scraping would lead to the creation of "information monopolies," which are also against the public interest.
The Court ruled that the analytics company could continue data scraping, finding that:
- the survival of its business was threatened, establishing a likelihood of irreparable harm;
- "serious questions" were raised as to whether data scraping of public information is a violation of the CFAA; and
- the preliminary injunction was in the public's best interest.
Commentary
Though the ruling is not yet a final decision on the merits, the case is notable. The Court concluded that data scraping from a public website is probably not a violation of the CFAA and, therefore, such scraped information is not obtained in violation of law (or at least in violation of that law). From a financial regulation perspective, this holding may substantially undermine any claim by regulators or plaintiffs that an algorithmic trading firm that had improperly obtained data it used in trading from a public website violated SEA Rule 10b-5.
That said, there are a number of potentially limiting aspects to the scope of the decision: (i) most significantly, the data being scraped did not actually belong to LinkedIn (it belonged to the individuals who had posted it); and (ii) LinkedIn could not reasonably demonstrate that those individuals had any objection to the scraping of their data, given that they had determined to make it public. It is possible, though not at all certain, that a court could reach a different conclusion if the underlying data actually belonged to the owner of the relevant website.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
