Disclaimer:
This article does not, by any means, constitute legal advice. Views expressed are purely opinion and are not legally binding. Consult with your local legal counsel for advice specific to your project, country or application.
In our previous article, Is LinkedIn Scraping Legal?, we discussed two influential cases of legal action taken against web scrapers: LinkedIn v HiQ and Facebook v Power Ventures, which both involved tech giants confronting small companies in the court of law for attempts at scraping data from their website, claiming violations of the Computer Fraud and Abuse Act (CFAA), a law designed to to prevent hackers from accessing a computer system without “authorisation”.
The outcome, however, was starkly different; the district court found Power liable under all claims and was ordered to pay almost $3 million in damages, whereas HiQ was granted a preliminary injunction that allowed the analytics company to continue to collect LinkedIn’s public data.
For those unaware, web scraping is the act of extracting desired information and data from websites in order to make data mining more efficient and systematic. In the case of small companies like Power Ventures and HiQ, web scraping is seen as integral for their survival; their business model revolves around taking data and processing them for their consumers’ needs. But some website owners find web scraping ultimately harmful to their Internet presence. It could be because scrapers are infringing on copyrights and trademarks, or because they slow down the servers, hence negatively impacting their revenue streams.
Whatever the reason, it is inevitable that this issue will be brought to court. The two cases mentioned highlight the legal repercussions of bulk scraping and how it is seen in the eyes of the law. But LinkedIn seems to be unhappy with the outcome, so they have decided to escalate this matter further.
What has happened since then?
In March 2020, LinkedIn filed a petition for a writ of certiorari to Supreme Courts to challenge 9th circuit decision which says that HiQ scraping LinkedIn member profiles without LinkedIn’s permission did not make any violation against federal hacking laws.
LinkedIn put forth several arguments as to why the Court should grant its petition. LinkedIn argues that there is a circuit split regarding the interpretation of the CFAA’s “unauthorised access” provision with respect to scraping. Although the Ninth Circuit has stated that using automated means to scrape a public site is in no violation of the CFAA, the First Circuit may rule that acts of scraping can be seen as a CFAA violation if they are in direct breach of the website’s terms of use against such acts. LinkedIn makes it a point that the Internet recognises no borders and an inconsistency of how the CFAA is applied is unjustified.
LinkedIn also raises some concerns about data privacy. Users might be willing to share their personal information and have some control of the extent of how much of their data is shared on a site such as LinkedIn, but they wouldn’t expect such data to be used by third-parties without their knowledge. It posits that under the Ninth Circuit’s ruling, third-party scrapers can use users’ data in any way they like, against the wishes of the users.
In June 2020, HiQ put out a brief urging the Supreme Court to deny LinkedIn’s petition. It opposes a lot of the arguments given by LinkedIn. Regarding the circuit split, HiQ states that the First Circuit decision was done in the earlier stage of the Internet and did not interpret the same issue of unauthorised access as LinkedIn suggested. It also argues that the privacy issue was unfounded as HiQ claims they were previously allowed to scrape data from LinkedIn and only prohibited such actions after HiQ did some of its own processing on that data.
What does this all mean for web scraping?
Having a higher court to weigh in on the issue will certainly be huge. It will potentially provide some level of certainty regarding the relationship of web scraping and the CFAA. With the legal implications being murky at the moment, it is still too early to say that web scrapers have it safe. Generally, it is important to be cognisant of the how and where the data is being scraped. Whether or not that data is considered to be “public data”, that is for the court to decide.