Court Issues Injunction Barring Blocking of Scraping and Holds CFAA Likely Doesn’t Apply
Websites make information available to clients, users, customers and subscribers. Data aggregators, investors, competitors and others are always thinking of new and productive ways to use that data – typically, uses other than those for which the data is being made available. "Screen scraping" is one of the main technical tools used to harvest data from websites for such uses, and the federal Computer Fraud and Abuse Act (the "CFAA"), 18 U.S.C. §1030, has been one of the main legal tools used by website owners to challenge those scraping activities.
While the law relating to screen scraping is unclear, a recent landmark decision from the Northern District of California, hiQ Labs, Inc. v. LinkedIn, Corp., 2017 WL 3473663 (N.D. Cal. Aug. 14, 2017), appears to limit the applicability of the CFAA as a tool against scraping. Indeed, in granting injunctive relief against LinkedIn’s blocking of hiQ’s scraping activities, the hiQ court noted that, by invoking the CFAA, "[c]ompanies could prevent competitors or consumer groups from visiting their websites to learn about their products or analyze pricing." While the hiQ decision suggests that, at least in some circumstances, scraping of publicly available websites does not give rise to a cause of action under the CFAA, scrapers beware – the road may still have some rough patches ahead.
The hiQ Opinion
The hiQ case involves LinkedIn's challenge to hiQ's scraping of LinkedIn public profile data. Upon receipt of a cease and desist letter from LinkedIn alleging, among other things, hiQ's civil liability under the CFAA, hiQ sought a preliminary injunction barring LinkedIn from blocking hiQ’s access to LinkedIn public profiles. Significantly, LinkedIn sent the cease and desist letter to hiQ after years of tolerating hiQ's access and use of its data; in fact, hiQ's business model of employee data analysis, is wholly dependent on crunching LinkedIn data that users have elected to publish publicly.
The key question concerning the applicability of the CFAA in this case was whether, by continuing to access public LinkedIn profiles after LinkedIn explicitly revoked permission to do so, hiQ has "accessed a computer without authorization" within the meaning of the CFAA.
The court issued a preliminary injunction, finding that the balance of equities favored hiQ, and distinguished the Ninth Circuit precedent in Facebook, Inc. v. Power Ventures, Inc., 844 F.3d 1058 (9th Cir. 2016), that held that a commercial entity that accesses a website after permission has been explicitly revoked can, under certain circumstances, be civilly liable under the CFAA. The hiQ court found none of the data in the prior cases interpreting the CFAA...
