The US Court of Appeal for the Ninth Circuit, located in San Francisco, California, has issued a long awaited
opinion upholding a previous decision from the District Court, forbidding LinkedIn from denying hiQ access to
its public professional social networks.

hiQ is a data analytics company which, using automated bots, scrapes information that LinkedIn users have
included on public LinkedIn profiles, including name, job title, work history, and skills. It then uses that
information, along with a proprietary predictive algorithm, to yield “people analytics”, which it sells to its
business clients. The business clients use these people analytics, to (1) determine when employees might
leave for another company, and (2) identify skill gaps in their workforces so that they can offer internal
training in those areas.

In May 2017, LinkedIn sent hiQ a cause-and-desist letter, asserting that hiQ was in violation of LinkedIn’s terms
of service and demanding that hiQ stop accessing and copying data from LinkedIn’s server. HiQ filed suit,
seeking injunctive relief based on California law and a declaratory judgment that LinkedIn could not lawfully
invoke the Computer Fraud and Abuse Act (“CFAA”), which makes it a crime to access a computer “without
authorization”.

Passed in 1986, the CFAA is the federal anti-hacking law, which imposes both criminal and civil liability on
anyone who accesses a computer connected to the Internet “without authorization” or “exceeds authorized
access.” Because the statute does not define “without authorization,” interpreting its meaning in the context
of modern Internet usages has been notoriously difficult for courts around the country.
hiQ filed a suit seeking injunctive relief in order to prevent LinkedIn from barring its access, claiming that
LinkedIn could not lawfully invoke the CFAA against its scrapping practices. The District Court granted hiQ’s
motion and ordered LinkedIn to withdraw its cease-and-desist letter and to remove any technical barriers
preventing hiQ’s access.

The main question raised by LinkedIn in the appeal was whether hiQ’s scraping of public data from LinkedIn’s
platform, after receiving LinkedIn’s cease-and-desist letter, is to be considered as accessing data “without
authorization” and thus being in violation of the CFAA.

The Ninth Circuit Court, in examining the legislative history and wording of the statute, ruled that the CFAA
was enacted to prevent intentional intrusion into someone else’s computer, and more specifically computer
hacking. The Court concluded that access “without authorization” refers to circumstances in which access is
not generally available and permission is required for access. Where data is public and access is open to the
public, such as applied is for LinkedIn users’ public profiles, the “without authorization” concept is not in
violation.

The court distinguished between the LinkedIn case and its previous precedent in the case of Power Ventures v.
Facebook, in which the court held that Power Ventures, a social media aggregation site, had violated the CFAA
by accessing Facebook’s computers “without authorization” after receiving a cease-and-desist letter. The court
emphasized that, while Power Ventures was gathering user data protected by Facebook’s access page, hiQ
was scraping only public data that was available to the public.

When considering the public interest involved in denying or granting the preliminary injunction, the Court
expressed its concern that allowing large internet platforms like LinkedIn to restrict the access and collection
of data available in their platforms might lead to the creation of information monopolies.
Despite the Ninth Circuit Court’s scraping-positive ruling, the future of data scraping is still the subject of fierce
debate, especially in light of the new GDPR which, in general, prohibits using public data of individuals and
reusing it commercially without notifying them.

This document provides a general summary and is for information purposes only. It is not intended to be
comprehensive nor does it constitute legal advice. If you are interested in obtaining further information
please contact our office at:

Schuman & Co. Law Offices

13 Sederot Hareches

Building A Suite 27

Modiin, Israel 7178628

Tel: +972-8-990-0445| Fax: +972-8-990-0446

schuman@schumanlaw.co.il

http://www.schumanlaw.co.il/