Are Terms of Use prohibitions on web scraping enforceable?

Original article 8/4/17-Updated 8/15/17

This is a key question at the heart of a recent lawsuit filed by a start-up hiQ Labs against LinkedIn.

HiQ scrapes LinkedIn data to help employers retain and identify talent.  LinkedIn has accused hiQ of violating LinkedIn’s user agreement and alleges that any circumvention of LinkedIn IP address blocking would violate the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act and California law.  LinkedIn, which was acquired by Microsoft in 2016 for $26 billion, may have been prompted to take action against hiQ due to Microsoft’s plan to leverage LinkedIn data for analytics.

On July 27, 2017, the District Court of Northern California held a hearing on hiQ’s Motion for a Preliminary Injunction to stop LinkedIn from blocking hiQ from collecting data from LinkedIn’s publicly available pages.  Per Law360, Harvard Professor Laurence Tribe argued on behalf of hiQ and claimed that LinkedIn violates hiQ’s First Amendment rights, characterizing LinkedIn as a modern equivalent of a “public square.”  LinkedIn emphasized that it is not a public forum but a private entity not subject to constitutional limitations.  LinkedIn further argued that its policies allow it to restrict the access of any third parties threatening the privacy of LinkedIn users, and noted that it has to block over 95 million web scraping calls a day, which would hinder performance on its sites if unimpeded.

The court is reviewing the matter.

UPDATE 8/15/17:  On August 14, 2017, the District Court granted hiQ’s Motion for a Preliminary Injunction to allow hiQ to continue to scrape publicly available data that can be accessed without a LinkedIn account, at least while the case progresses further.  The Court found that “the balance of hardships tips sharply in hiQ’s favor” because hiQ’s entire business depends on access to LinkedIn’s public profile data, while LinkedIn’s user privacy concerns were speculative.  The Court also found “serious questions on the merits” as to whether the CFAA may be used by LinkedIn to prohibit hiQ from accessing publicly available data and whether LinkedIn violated state law in blocking hiQ’s access to public data, possibly in order to limit competition.  The Court distinguished prior 9^th Circuit precedent Nosal II and Facebook v. Power Ventures that involved data that required a login/password for access.  The Court viewed web sites that are freely open as equivalent to a “modern public square” and indicated that, under appropriate balancing, access “without authorization” under the CFAA would occur only if an authentication system, such as password protection, was bypassed versus direct access to public data of the type hiQ was requesting in the Motion.  The Court did not agree with hiQ’s free speech claims under the California Constitution, but did find that hiQ had raised serious questions whether LinkedIn’s actions, including technological blocking measures, constituted anticompetitive conduct under California’s Unfair Competition Law given LinkedIn’s stated desire to leverage their data for analytics.  Finally, the Court found that the public interest favored hiQ.  Thus, the Court prohibited LinkedIn from blocking hiQ and required that LinkedIn withdraw its cease and desist letters to hiQ.

If you have any questions, please call or email your existing contact at GTC Law Group or [email protected].

Prepared by Mirjam Supponen (CIPP/E & CIPP/US) under the supervision of GTC Member Sayoko Blodgett-Ford (CIPP/US).  Mirjam is admitted to practice in Texas.  Sayoko is admitted to practice in Massachusetts, the District of Columbia, Hawaii and the U.S. Patent & Trademark Office.  This Update discusses certain legal and related developments and should not be relied upon as legal advice, or as legal guidance for particular circumstances. Readers are cautioned against making any decisions based on this material alone.