A major decision on data scraping and blocking access to publicly available information on the web came this week in hiQ Labs, Inc. v LinkedIn, Inc., No. 3:17-cv-03301-EMC (N.D. Cal. Aug. 14, 2017). The decision enjoined LinkedIn from blocking access to its service.
hiQ gathers the workforce data that forms the foundation of its analytics by automatically collecting it, or harvesting or “scraping” it, from publicly available LinkedIn profiles. hiQ’s business model is predicated entirely on access to data LinkedIn users have opted to publish publicly.
On May 23, 2017, LinkedIn sent a letter demanding that hiQ “immediately cease and desist unauthorized data scraping and other violations of LinkedIn’s User Agreement.” LinkedIn also employed technological measures to block hiQ.
In response, hiQ filed for a declaratory judgment and injunction staying LinkedIn’s blocking of them since “if LinkedIn prevails, hiQ will simply go out of business”. This week the court granted hiQ’s request for a preliminary injunction.
Irreparable Harm to hiQ
Since LinkedIn is, in effect, putting hiQ out of business, the court concludes that
hiQ unquestionably faces irreparable harm in the absence of an injunction, as it will likely be driven out of business. The asserted harm LinkedIn faces, by contrast, is tied to its users‟ expectations of privacy and any impact on user trust in LinkedIn. However, those expectations are uncertain at best, and in any case, LinkedIn’s own actions do not appear to have zealously safeguarded those privacy interests.
The Court concludes that the balance of hardships tips sharply in hiQ’s favor.
It also found that the public interest favors hiQ since
conferring on private entities such as LinkedIn, the blanket authority to block viewers from accessing information publicly available on its website for any reason, backed by sanctions of the CFAA, could pose an ominous threat to public discourse and the free flow of information promised by the Internet.
Data Scraping and the Computer Fraud and Abuse Act (CFAA)
The Court framed the issue as
whether visiting and collecting information from a publicly available website may be deemed “access” to a computer “without authorization” within the meaning of the CFAA where the owner of the web site has selectively revoked permission.
Focusing on the CFAA’s history and intent, the court stressed that the statute is designed to address hacking “” onto private, often password-protected mainframe computers.” Since the CFAA preempts conflicting state law, the court warned that a broad reading of the CFAA
could stifle the dynamic evolution and incremental development of state and local laws addressing the delicate balance between open access to information and privacy – all in the name of a federal statute enacted in 1984 before the advent of the World Wide Web.
Under LinkedIn’s interpretation:
merely viewing a website in contravention of a unilateral directive from a private entity would be a crime, effectuating the digital equivalence of Medusa. The potential for such exercise of power over access to publicly viewable information by a private entity weaponized by the potential of criminal sanctions is deeply concerning.
The Court has “serious doubt” that Congress intended “these profound consequences” when it enacted the CFAA in 1984.
California Unfair Competition Law (UCL)
hiQ invoked two antitrust concepts – tying and the “essential facilities” doctrine. hiQ argues that:
- LinkedIn is unfairly leveraging its power in the professional networking market to secure an anticompetitive advantage in another market – the data analytics market”; and
- LinkedIn’s conduct violates the “essential facilities” doctrine, “which precludes a monopolist or attempted monopolist from denying access to a facility it controls that is essential to its competitors.”
The court agreed that “hiQ has raised serious questions . . . that LinkedIn is unfairly leveraging its power in the professional networking market for an anticompetitive purpose.”
While the First Amendment generally only applies to government restraint of speech, in Robins v. Pruneyard Shopping Ctr., 23 Cal. 3d 899, 905 (1979), the California Supreme Court held that attempts by a shopping mall to exclude individuals engaging in political speech violated the First Amendment since the mall was a de facto public square.
While the court was intrigued by the application of Pruneyard Shopping to the internet, it declines to adopt this since it “has doubts about whether Pruneyard may be extended wholesale into the digital realm of the Internet.”
The decision is below.