Whether it’s referring to a bloody knee or just barely getting by, “scraping” isn’t usually associated with a positive action. However, according to the Ninth Circuit, popular professional networking site LinkedIn cannot protect users’ public profiles from data scraping.
On appeal, the Ninth Circuit affirmed a district court decision granting a preliminary injunction requested by hiQ, a data analytics company, to keep LinkedIn from barring access to public member profiles. The decision puts a limit on how far the Computer Fraud and Abuse Act can go when it comes to preventing unauthorized aggregation of user data.
Data scraping is the practice of importing information from a website into a spreadsheet or local file using automated bots. In general, it’s legal. Numerous online services use it to build databases, aggregate product data, and conduct market research. However, things get dicey when users haven’t permitted third parties to scrape their data.
The Computer Fraud & Abuse Act (CFAA) prohibits accessing a computer “without authorization.” For the most part, the CFAA aims at putting a stop to hacking. But, in recent years, courts have applied the CFAA to companies accessing data from social media sites.
LinkedIn sent a cease and desist letter to hiQ in 2017, demanding the company stop pulling information from LinkedIn users’ profiles. Facebook did the same thing ten years ago and successfully put a stop to the aggregation of users’ social media posts. However, the court distinguished LinkedIn’s case from Facebook’s. Because Facebook controlled access to the site by requiring users to log in with their username and password, data scraping constituted unauthorized access. The LinkedIn profiles hiQ accessed, on the other hand, were publicly available.
This decision draws a fine line between permitted data scraping and unauthorized access, especially since many users in Facebook’s case had granted access to the data scraping company. But, part of the problem here may be that courts are being tasked with applying a technology statute that is now 35 years old.
Stay tuned to FindLaw’s Technologist for more posts on how the CFAA developed, and how it may need to change to keep up in today’s technological landscape.