LinkedIn can't block hiQ scraping of public user data, appeals court says in affirming preliminary injunction
02 Apr 2020 12:38 pm by Mike Swift
LinkedIn can’t block a data analytics company from copying and scraping public profile data posted by users of the professional social network, a US federal appeals court ruled today in affirming a lower court’s preliminary injunction granted to analytics startup hiQ.
In a case that balances privacy interests against competition issues and the ability of companies to access and use information posted publicly to online platforms, a three-judge panel of the US Court of Appeals for the Ninth Circuit affirmed a 2017 district court decision that granted hiQ a preliminary injunction that allowed the analytics company to continue to collect data that LinkedIn’s users had posted in their public profiles.
“In short, even if some users retain some privacy interests in their information notwithstanding their decision to make their profiles public, we cannot, on the record before us, conclude that those interests — or more specifically, LinkedIn’s interest in preventing hiQ from scraping those profiles — are significant enough to outweigh hiQ’s interest in continuing its business, which depends on accessing, analyzing, and communicating information derived from public LinkedIn profiles,” wrote US Circuit Judge Marsha S. Berzon as part of the unanimous ruling.
Noting that hiQ does not scrape user information that is not part of users’ public LinkdedIn profiles, and that LinkedIn gives users other tools to shield personal data from becoming public, Berzon reasoned that “there is little evidence that LinkedIn users who choose to make their profiles public actually maintain an expectation of privacy with respect to the information that they post publicly, and it is doubtful that they do.”
Without access to that LinkedIn data, Berzon said in a ruling joined by Circuit Judge J. Clifford Wallace and US District Judge Terrence Berg, “hiQ will likely go out of business,” and the other harms claimed by LinkedIn do not “tip the balance of harms with regard to preliminary relief.”
While there is a “substantial interest” by Internet companies and the public in “blocking abusive users, identity thieves, and other ill-intentioned actors,” the appeals court said, “we do not view the district court’s injunction as opening the door to such malicious activity.”
Using automated bots, hiQ scrapes information that LinkedIn users have posted to their public LinkedIn profiles, such as name, job title, work history, and skills. The company feeds that information into its proprietary predictive algorithm to produce “people analytics” that it sells to business clients.
In a suit filed in 2017 in federal court in San Francisco, hiQ asked US District Judge Edward Chen to find that it didn't violate copyright laws by scraping public data from LinkedIn. The startup said in a request for declaratory judgment that LinkedIn had long been aware of hiQ’s scraping, and that the startup was not in violation of the Digital Millennium Copyright Act.
Chen granted hiQ a preliminary injunction two months later, saying LinkedIn could not use claims that hiQ had violated the Computer Fraud and Abuse Act as justification to block hiQ’s access to public profiles and that LinkedIn’s expansive view of the antihacking law “could profoundly impact” an open Internet.
"The Court is doubtful that the Computer Fraud and Abuse Act may be invoked by LinkedIn to punish hiQ for accessing publicly available data; the broad interpretation of the CFAA advocated by LinkedIn, if adopted, could profoundly impact open access to the Internet, a result that Congress could not have intended when it enacted the CFAA over three decades ago," Chen said.
LinkedIn, which was acquired by Microsoft in 2016, now has more than 645 million users in over 200 countries. The Ninth Circuit noted in today’s opinion that prior to their dispute in 2017, when LinkedIn blocked hiQ’s access to its website by blocking company-specific Internet protocol addresses, LinkedIn and hiQ had been on friendly terms, with multiple LinkedIn executives speaking at hiQ’s business conferences starting in 2015.
In oral argument last year, the Ninth Circuit judges appeared to side with hiQ’s position that LinkedIn had no problem with hiQ accessing non-password-protected LinkedIn user accounts until the professional social network was ready to roll out a competing product offering similar data analytics.
In June 2017, one month after LinkedIn sent a cease-and-desist letter to hiQ, LinkedIn Chief Executive Oficer Jeff Weiner appeared on CBS, the Ninth Circuit judges noted, saying that LinkedIn hoped to “leverage all this extraordinary data we’ve been able to collect by virtue of having 500 million people join the site.”
LinkedIn, the Ninth Circuit noted, later announced “a new product, Talent Insights, which analyzes LinkedIn data to provide companies with such data-driven information.”
LinkedIn said in a written statement from a spokeswoman that it would continue to litigate the case, which the Ninth Circuit remanded to Chen for further proceedings.
“We’re disappointed in the court’s decision, and we are evaluating our options following this appeal,” the company said. “LinkedIn will continue to fight to protect our members and the information they entrust to LinkedIn.”
29 May 2020 8:38 pm by Mike SwiftThe signatures submitted to election officials remains too close to call for a landmark privacy law to go before California voters in November.
As the EU marks the second anniversary of GDPR, large US tech companies should prepare for regulatory enforcement in the months ahead.
22 May 2020 4:28 pm by Vesela GladichevaAs the Irish privacy watchdog sends its Twitter probe off to EU counterparts for review today, it will doubtless hope for quick, constructive feedback.