DayMindXPression

Thoughts Collected, Essays Expressed

Articles by Daniel Shin

    Privacy Implications from hiQ Labs v. LinkedIn

    The United States Court of Appeals for the Ninth Circuit recently affirmed a United States District Court's preliminary injunction that prevents LinkedIn from denying hiQ—a data analytics company—access to publicly available LinkedIn member profiles. The Ninth Circuit's ruling allows hiQ from continuing its web scraping activities while the litigation between the parties proceeds. For the facts of the case, see HIQ Labs v. LinkedIn, No. 17-16783, (9th Cir. 2019).

    Furthermore, the Ninth Circuit found that the Computer Fraud and Abuse Act (CFAA) does not apply to web scraping of publically available data. However, the Ninth Circuit notes that "entities that view themselves as victims of data scraping are not without resort, even if the CFAA does not apply: state law trespass to chattels claims may still be available."

    The actual litigation between hiQ Labs and LinkedIn is still ongoing, and the Ninth Circuit's review of the US District Court's preliminary injunction ruling does not ultimately guarantee that CFAA may not apply to web scraping activities of publically available data. Even if LinkedIn's argument that hiQ Lab's web scraping violates CFAA fails, the Ninth Circuit notes explicitly that other civil claims—mainly state law trespass to chattels—are available.

    While the litigation moves on, this dispute highlights the unanticipated dangers of recklessly posting personal information online. Web scrappers, whether law-abiding or not, will harvest publically available data for business purposes or even for datahoarding reasons. Once the data is scrapped, the true owner of the data would likely lose control over the accessibility and the deletion of the scraped information. Europe's legal notion of "the right to be forgotten" would lose practical effect as web scraping can be done surreptitiously by private individuals, and the true data owner would not even know who scrapped his or her data in the first place. If you do not know who scraped the data, then you do not know who to sue to get your scraped data back.

    If you have a publically accessible LinkedIn profile, then hiQ Labs and other data scrappers already have harvested it. It should be emphasized that the Ninth Circuit's ruling explicitly allows hiQ Labs to scrap publically available LinkedIn profiles until the litigation concludes. It might be a good time for everyone to reevaluate what personal information should be publically available online.

    Page 1 / 3 »

Main Pages

Categories