A company scraped information from public profiles on LinkedIn and LinkedIn sued it under the Computer Fraud and Abuse Act. LinkedIn lost, and now it loses again. Moreover, the court’s opinion takes aim at the company’s efforts to stop people from accessing information its users post publicly.
The panel affirmed the district court’s preliminary injunction forbidding the professional networking website LinkedIn Corp. from denying plaintiff hiQ, a data analytics company, access to publicly available LinkedIn member profiles. Using automated bots, hiQ scrapes information that LinkedIn users have included on public LinkedIn profiles. LinkedIn sent hiQ a cause-and-desist letter, demanding that hiQ stop accessing and copying data from LinkedIn’s server. HiQ filed suit, seeking injunctive relief based on California law and a declaratory judgment that LinkedIn could not lawfully invoke the Computer Fraud and Abuse Act (“CFAA”), the Digital Millennium Copyright Act, California Penal Code § 502(c), or the common law of trespass against it.
Note that this wasn’t a copyright infringement claim, as is easy to assume; LinkedIn wasn’t claiming ownership of the material being scraped. So the moral of the story is not “finders keepers” but “if you don’t want something to be publicly published, don’t let your users publish it publicly on your website”. Other ways of putting it may be “If you don’t want people to hear what your customers are saying, don’t be a pub.” Or maybe “If you’re the sleazest, spammiest, data-suckingest social network on the planet, get in the sea.”