Yesterday, the Court of Appeals of the Ninth Circuit of the United States ruled (. pdf ) in favor of the data analysis company HiQ Labs which had collected data and built products from LinkedIn public profiles. This is a case that has many implications and can still be appealed.
CFAA and anti-piracy rules. LinkedIn attempted to stop HiQ using, among other things, the Computer Fraud and Abuse Act ( CFAA ), a federal law on cybersecurity and piracy prevention. In simple terms, the CFAA states that a computer can not be accessed without authorization or beyond an authorization.
Profile data on LinkedIn was and is public. But LinkedIn did not like HiQ to scratch its content and issued a cease and desist order in 2017. The letter indicated that HiQ was in breach of LinkedIn's use agreement as well as the laws of California and federal government, including CFAA. LinkedIn also stated that it would technically block HiQ's efforts to recover the site.
HiQ filed a lawsuit seeking a preliminary injunction against LinkedIn and was successful in the District Court. The court ordered LinkedIn to again authorize HiQ to access the content. LinkedIn has appealed to the ninth circuit.
Who is "authorized" to access the content of the website. One of the central issues in the case was to determine, once HiQ received LinkedIn's letter of formal notice, whether it was "without authorization" under the CAFA. The ninth circuit declared No.
. The CFAA contained information that was not publicly available (for example, protected by a password). Public LinkedIn profiles were not protected by a password. In simple terms: Only if LinkedIn's data was not public could the company invoke CFAA to block HiQ access.
Privacy and other potential ways to block scratching. LinkedIn argued that HiQ had violated the terms of its user agreement / terms of service. The ninth circuit pointed out that LinkedIn had terminated its "user" status with the termination letter and disclaimer. In addition, LinkedIn has not claimed any ownership rights to the content of the public profile. And while LinkedIn also said that he was also seeking to protect users' right to privacy by blocking HiQ, the court did not hold back this argument regarding public profile information – where expectations of privacy was minimal or nonexistent.
CFAA, although the court discussed other claims. In the end, it was not clarified that a website owner had no recourse against a wholesale appropriation of its public content. The court said other laws might apply: "State violations of the law relating to personal property may still be available. And other causes of action, such as copyright infringement, misappropriation, unjust enrichment, conversion, breach of contract or violation of privacy, may also be present. "
The Ninth Circuit did not analyze the application of any of these theories to the HiQ facts, however." He simply said that they could claim protection from scraping or appropriation of content.
Why We Should Care. This case may not be over and may eventually end up in the US Supreme Court, but its broadest interpretation seems to be the following: any "public" online data not owned by a publisher or protected by a password – and the facts can not be protected by copyright – can be captured free of charge by third parties.
At the end of the notice, the court expressed concern about "allowing companies like LinkedIn the freedom to decide who can collect and use data – data that companies do not have, that they bring itself to the public and the companies themselves collect and use – risk of creating monopolies of & # 39; information that would not be in the & # 39; public interest. "