It now seems certain that public data published on a site is indeed public. This, however, has never stopped some companies from claiming that “scraping”, i.e. copying data from public websites, is somehow illegal.
American justice has just given them wrong by rendering its final verdict in the case between hiQ Labs and Microsoft’s social network, LinkedIn. For the American judges, LinkedIn cannot prevent its competitor, hiQ Labs, from scraping the data made public by its users on the platform.
This is the end point for a case that has dragged on for nearly five years. LinkedIn had indeed demanded in 2017 that hiQ cease and refrain from “scraping” LinkedIn data. In the aftermath, LinkedIn then began blocking hiQ’s access and ability to exploit data posted on public LinkedIn profiles. The social network now owned by Microsoft argued that hiQ’s actions violated several laws, most notably the Computer Fraud and Abuse Act (CFAA) and LinkedIn’s Terms of Service.
A victory for the transmission of information
Initially, US courts ruled that LinkedIn could not block HiQ. Following an appeal in 2019, it drove home the point with a decision repeating that LinkedIn could not prevent the startup from doing data scraping. As Judge Marsha Berzon ruled at the time, “there is little evidence that LinkedIn users who choose to make their profiles public maintain an expectation of confidentiality with respect to the information they post publicly, and it is doubtful that they will.”
That didn’t stop LinkedIn from going all the way, taking the case to the US Supreme Court. It held that, since its 2021 decision in Van Buren v. United States showed that the federal computer crime law did not criminalize the scraping of publicly available data, the case between LinkedIn and hiQ Labs had to be reconsidered. As a reminder, the Van Buren affair exploited the analogy of the “open or closed door”. Either the data is open and the door is open, or it is not open and the door is closed.
HiQ on the other hand argued that – on a publicly accessible website – there are no doors or these are open due to the very nature of the website. An argument validated by justice, for which “the concept of” without authorization “does not apply to public websites”. This is a victory for the transmission of knowledge and companies using public data.
LinkedIn wants to counterattack
Still, LinkedIn has not yet finished with this case. “We are disappointed with the court’s decision. This is a preliminary decision and the case is far from over,” said LinkedIn spokesperson Greg Snapper. “We will continue to fight to protect our members’ ability to control the information they make available on LinkedIn,” he said.
For the Electronic Frontier Foundation (EFF) and the Internet Archive, if “LinkedIn is correct in recognizing the threat to individual privacy posed by actors who obtain personally identifiable information and misuse it to harm people”, it is not on the ground of the law on computer fraud and abuse that we must rely.
Instead, according to the EFF, LinkedIn should join the EFF in “pushing Congress and state legislatures to pass consumer privacy and biometric data protection laws that would prohibit services from collect people’s sensitive information without their consent.”
Source: ZDNet.com