LinkedIn, HiQ spar at Ninth Circuit in data scraping case
31 Mar 2020 3:34 pm by Joshua Sisco
LinkedIn is locked in a heated battle with a data analytics company trying to use the social network’s publicly available data as the basis for products sold to human resources departments.
LinkedIn wants to block HiQ Labs from using the data, but at a Thursday afternoon hearing in San Francisco, it was unclear where a three-judge panel on the US Court of Appeals for the Ninth Circuit would land.
The court seemed to side with HiQ’s position that LinkedIn had no qualms about HiQ accessing non-password-protected LinkedIn user accounts until LinkedIn wanted to roll out a competing product offering similar data analytics. But the court also disagreed with HiQ’s premise that it simply accesses publicly available data like other LinkedIn users.
Last year, LinkedIn took steps to restrict HiQ’s access to its website by blocking company-specific internet protocol addresses and sending out a cease and desist letter.
HiQ then sued LinkedIn, seeking, among other things, a court order that it is not violating the Computer Fraud and Abuse Act, a 1984 federal hacking law.
The lawsuit also alleged contract interference and unfair competition under California state law. HiQ says contracts with its own customers depend on LinkedIn data and were undermined by the company's actions.
At issue is just the LinkedIn content available to anyone with an internet connection, not content available only to LinkedIn members.
LinkedIn says that HiQ’s continued access of its site after being blocked violated the CFAA, and that nothing it did was anticompetitive.
In August, US District Judge Edward Chen issued a preliminary injunction ordering LinkedIn to stop blocking HiQ’s access.
“HiQ has raised serious questions as to whether LinkedIn, in blocking HiQ“s access to public data, possibly as a means of limiting competition, violates state law,” Chen wrote. Furthermore, “LinkedIn thus trumpets its own product in a way that seems to afford little deference to the very privacy concerns it professes to be protecting in this case."
There are several ways the judges could rule.
Judge John Clifford Wallace said he was concerned about HiQ’s unfair competition claim, but said Chen’s order could likely be upheld on its contract interference claim alone. That could hinge on the timing of when LinkedIn restricted HiQ’s access.
LinkedIn attorney Donald Verrilli said his client didn’t know about HiQ’s scraping until shortly before it restricted access. But LinkedIn actually knew for years -- it came to HiQ conferences and even accepted an award from HiQ, its attorney Brandon Wisoff told the court.
“That was my impression,” said Judge Marsha Berzon, agreeing with Wisoff.
LinkedIn still could circumvent the contract interference claim, if it proves a legitimate business interest such as wanting to save its data for its own competing product. However, Wisoff said that is an issue for trial.
The court also could uphold Chen’s ruling under the unfair competition claim. Verrilli acknowledged that was the basis for Chen’s ruling, but said his client took no anticompetitive actions.
But HiQ didn’t file an antitrust lawsuit, and companies can be found liable under California’s unfair competition law for violating the “spirit” of the federal antitrust laws.
Berzon suggested that the contract interference and unfair competition claims can’t be separated, and LinkedIn's desire to save its data for its own product could justify its conduct.
All of that could be trumped by the CFAA, which Verrilli argues preempts HiQ’s state law claims. Wisoff said there was no CFAA violation, but the law also doesn’t give companies carte blanche to break state laws, and competing business contracts and property rights must coexist.
The judges didn’t indicate if they thought the CFAA trumps all state laws, but Berzon challenged HiQ’s claim that no CFAA violation exists.
HiQ is only accessing fully public data, Wisoff said, and “if [LinkedIn is] allowed to send us as one of the billions of members of the public a cease and desist letter so that we can no longer view a website that everyone else can see…”
But Berzon cut him off. “You know, I don’t find that very helpful, in the sense that you’re not just viewing, you’re not just sitting there and looking at [the data]. You’re doing something else, so we at least have to deal with the something else.”
As the EU marks the second anniversary of GDPR, large US tech companies should prepare for regulatory enforcement in the months ahead.
22 May 2020 4:28 pm by Vesela GladichevaAs the Irish privacy watchdog sends its Twitter probe off to EU counterparts for review today, it will doubtless hope for quick, constructive feedback.
21 May 2020 7:29 pm by Amy MillerClearview AI is invoking a legal shield used by social media companies hoping to defeat Vermont privacy lawsuit