The hiQ Labs v LinkedIn case was a landmark lawsuit that challenged the ability of companies to block third-party access to publicly available data. The case centered around two tech companies – hiQ Labs, a data analytics startup, and LinkedIn, the professional social networking platform.
Background of hiQ Labs v LinkedIn Case
hiQ Labs specialized in analyzing employee data scraped from public LinkedIn profiles to predict employee attrition rates. In May 2017, LinkedIn sent a cease-and-desist letter to hiQ Labs, stating that further scraping of data violated the Computer Fraud and Abuse Act (CFAA) and demanded hiQ stop accessing LinkedIn data. HiQ Labs in turn filed for a preliminary injunction against LinkedIn’s ban.
At the core of the legal dispute was the question of who had rights to publicly viewable data on LinkedIn. While LinkedIn argued that allowing hiQ to continue scraping data amounted to “unauthorized access” and breached LinkedIn’s user agreement, hiQ contended that the CFAA applied only to “hacking” and that publicly viewable data on social media was fair game for aggregation and analysis.
District Court Ruling
In August 2017, the U.S. District Court for Northern California ruled in favor of hiQ Labs and ordered a preliminary injunction against LinkedIn, preventing them from denying hiQ access to publicly available LinkedIn member profiles. The court pointed out that hiQ, as an analytics company, served a different purpose from LinkedIn’s core business networking platform. It also stated that hiQ presented no security threat by scraping only public profile data. The court applied common law precedent that information publicly revealed cannot be subject to further restraints on access.
Key Points of District Court Ruling
- HiQ’s scraping of purely public profile data likely did not violate the CFAA, which is intended to prevent unauthorized hacking.
- HiQ presented no threats to LinkedIn members’ privacy or the integrity of LinkedIn’s platform.
- The public interest tilted in favor of allowing access to public data rather than restricting it.
- Denying injunction could cause hiQ irreparable harm by threatening its entire business model.
LinkedIn’s Appeal
LinkedIn appealed the district court’s preliminary injunction to the 9th U.S. Circuit Court of Appeals. LinkedIn maintained the injunction was improperly issued and that it should have full discretion to selectively block third-party access to public portions of its site as it saw fit. LinkedIn likened its right to control access to private property rights.
In the appeals court hearing, LinkedIn also revealed that it only wanted to prevent hiQ from selling data analytics products to LinkedIn customers, viewing hiQ as free-riding on its data. This suggested business competition rather than true privacy concerns motivated LinkedIn’s actions.
LinkedIn’s Main Arguments on Appeal
- It has the right to decide who can access any part of its website.
- Scraping public profiles despite its objections is “unauthorized access” under the CFAA.
- HiQ’s free-rider data harvesting threatens its business model.
Appeals Court Ruling
In September 2019, the 9th Circuit Court ruled to affirm the preliminary injunction against LinkedIn. The court ruled that hiQ had raised “serious questions” about whether LinkedIn was illegally misusing the CFAA to unfairly compete against hiQ’s data services rather than legitimately protect its members’ privacy or computer systems.
Key Aspects of Appeals Court Decision
- Scraping of public data is unlikely to qualify as “unauthorized access” under the CFAA.
- No evidence that hiQ’s actions threatened LinkedIn members’ privacy interests.
- Balancing test favored hiQ’s interest in access to public data for its business over LinkedIn’s property rights.
- Public interest was better served by allowing hiQ access than by blocking it.
The appeals court decisively affirmed that the CFAA was not intended to give companies unrestrained control over public data or enable anti-competitive business practices under the guise of privacy. Overall, it reinforced the legality of third-party aggregation and analysis of public social media data.
Implications of hiQ Labs v LinkedIn
The hiQ ruling established an important precedent upholding broad access rights to publicly viewable social media data. Some key implications include:
- Public data scraping does not inherently violate the CFAA anti-hacking law.
- Companies have limited rights to selectively block third-party access to public user data.
- Businesses can legally build services by aggregating public social media data.
- Users retain ownership rights over their individually posted public data.
- The ruling supported an open web and the use of public data for innovation.
By protecting scraping rights, the case enabled an entire data analytics industry reliant on open access to data on social platforms. Overall, it reinforced the legality and broad public benefit of data mining public social media information.
LinkedIn’s Response
LinkedIn expressed disappointment with the appeals court ruling and considered potential options like appealing to the U.S. Supreme Court. However, in February 2020 LinkedIn announced it would no longer pursue legal action, remove restrictions blocking hiQ’s access, and allow members to opt out of third-party data collection from public profiles going forward.
While LinkedIn could have further appealed, the company likely recognized the significant costs and uncertain prospects of continuing a prolonged legal fight. By settling, LinkedIn avoided a risky Supreme Court challenge that could cement access rights for third-party data scraping under the CFAA.
HiQ’s Response
HiQ Labs considered the final settlement a resounding vindication of its case. The ability to once again access public LinkedIn data was vital for continuing hiQ’s services for employers wishing to analyze workforce trends, which depended wholly on aggregating information posted publicly by users.
As part of the settlement, hiQ also agreed to abide by a scaled-back version of LinkedIn’s prior cease-and-desist, promising not to scrape profiles of any members choosing to opt out. This allowed both sides to claim a partial victory – hiQ retained scraping rights while LinkedIn gained opt-out control for its users.
Broader Impact on Data Scraping Rights
The hiQ ruling was seen as a blow to other tech firms hoping to leverage the CFAA to tightly control third-party access to public user data. By upholding a broad right to scrape public social media data, it had implications for industries from business analytics to academic research that rely on aggregating public information.
However, the need for user consent remained unclear. While supporting general access rights, the final settlement also recognized the ability of members to opt out. This suggested data aggregators may need to provide opt-out mechanisms even when scraping purely public pages.
Remaining Legal Uncertainty
Despite establishing an important precedent, legal uncertainty around data scraping persists. The hiQ case directly addressed only public profile pages. Scraping non-public user data like DMs could still potentially violate the CFAA in the absence of explicit user consent.
In addition, platforms like Facebook have advanced different arguments beyond the CFAA to block scraping, claiming it violates their Terms of Service. The contractual status of ToS as enforceable limits on access remains disputed. Overall, while affirming broad access rights, the hiQ ruling did not fully settle key questions around allowable data harvesting online.
Conclusion
The hiQ v LinkedIn lawsuit was a critical case affirming third-party access rights to user information publicly posted on social media platforms. The district and appeals court rulings largely vindicated hiQ’s core argument – scraping public profiles does not equate to illegal “hacking” under the CFAA.
The case established meaningful protections for third-party services that aggregate and analyze public social media data for research or commercial purposes. However, LinkedIn’s demand for user opt-out demonstrated that consent requirements around public data use remain unresolved. While a major precedent upholding open access to user data, the hiQ case did not fully settle key data scraping issues still disputed today.