We’re all used to those segmented pictures that appear on websites asking us to click on squares with traffic lights, vehicles or some other object. They tend to appear before we can get access to the full content of a particular platform, and they are intended to root out data scrapers. That is, bots trying to pull out publicly available data from a website or social media platform.
Data scraping is not illegal in principle. And a court in the US has just confirmed that it’s permissible for a data scraping company to mine the networking site LinkedIn for the personal data of LinkedIn members – subject to the qualifications we discuss below.
At Nath Solicitors in London we believe this is a significant case that applies particularly to our clients in the US. Even if you are not a large data scraping company it’s likely that you may use data from websites such as LinkedIn for market research and targeted advertising purposes. The LinkedIn case sheds light on when you can and can’t do this.
The professional networking site LinkedIn allows members to determine how much of their personal/professional information is available to non-members. The company uses a range of methods to prevent data scraping of publicly available information. hiQ is a data analytics company that harvests LinkedIn data, including members’ employment history and skills. It then sells that information to third parties. In 2017 LinkedIn requested hiQ to cease its scraping of the platform. It argued firstly that the behaviour contravened LinkedIn’s terms and conditions of use and secondly that it was contrary to the Computer Fraud and Abuse Act (the CFAA).
hiQ’s profitability relied almost entirely on the information it took from LinkedIn. It successfully applied to the Californian District Court for an order that it wasn’t acting illegally and an injunction to prevent LinkedIn from thwarting hiQ’s access to the site.
LinkedIn appealed the injunction.
The professional networking platform put forward several arguments. Perhaps most importantly for our clients it argued that once it had sent a cease and desist letter to hiQ any subsequent accessing of LinkedIn by hiQ was unauthorised and therefore contrary to the CFAA.
In a decision that has attracted widespread commentary the Appeals Court in the US Ninth District has just rejected LinkedIn’s case. The court’s central thesis was this: when a computer network (like LinkedIn) permits public access to its data, a user (like hiQ) who accesses that publicly available data will not be engaging in unauthorised access under the CFAA. Effectively the court determined that the data being sought by hiQ was not actually owned by LinkedIn. Its use could not therefore be restricted by the CFAA.
The decision by the US Ninth District Appeals Court is certainly a move towards greater flexibility on how companies may lawfully use personal information that’s freely available on an online platform. And it would seem to go against current international efforts to give individuals much greater control of their personal information. But it doesn’t herald a free for all when it comes to using and monetizing this type of data. Whether or not data scraping is permitted will depend on the type of data in dispute. Is it owned by a platform for example, or located behind a paywall or password? Such data is much more likely to be viewed as property of the platform and unsuitable for data scraping.
It’s also worth noting that the case has further to run. The Ninth District decision merely confirmed the lower court’s injunction. In addition this decision relates mainly to whether the CFAA had been breached. It didn’t deal with other aspects of the dispute between the parties, including LinkedIn’s breach of contract and unjust enrichment claims.
GDPR applies to companies in the EU and companies elsewhere, including the US, where they process the data of individuals located within the EU. To comply with GDPR, data scraping must be consistent with GDPR which means establishing that the information is processed under one of the six legal bases for processing, including consent, legitimate interests and the purpose limitation principle.
If you use data that has been scraped or your business harvests data for its own commercial reasons you should keep in mind the limitations in the LinkedIn decision outlined above.
For companies subject to GDPR and those that come under the regulation of the UK Information Commissioner care should be taken when using harvested data purchased from third parties. As the Cambridge Analytica case showed in the context of political campaigns the ICO requires organisations to exercise due diligence when using data sets acquired externally. This includes carrying out impact assessments when processing data that may present a risk to the rights of individuals.
For more information in data protection law please contact Shubha Nath on + 44 (0) 203 670 5540 or contact us online.
"Shubha Nath is my go-to lawyer. She provided my department with commercial legal services for the best part of 10 years. She listens carefully to what the business requires, is clear in her explanation of complex legal agreements and frameworks and is incredibly fast at turning round documents. I was so impressed by her I've recommended her company Nath Solicitors to other businesses."Testimonial From Bernard McKeown
"Shubha, I'd just like to thank you for helping me to come to an amicable settlement with my former company co-directors so quickly and effectively. The advice and suggested approach certainly worked very well for me and I also felt a sense of safety and control being mentored through a very daunting process. You are brilliant at what you do and you helped me to cope with a very stressful situation. I would not hesitate to recommend you and Nath…Testimonial From Stephan Hepton
“I would like to thank and recommend Nath Solicitors and Shubha personally for all your professional advice and help. We have a variety of business interests from Medical and Dental to Analytics and Artificial Intelligence; I am extremely impressed how Shubha has been able to advise in all of these fields for a variety of unrelated projects. We have been particularly impressed with hard work, dedication, professional approach and personal touch. Dr Chetan.”Testimonial From Dr Chetan
I live in Saudi Arabia. Although thousands of kilometers separated us, I picked up the phone and talked to Shubha and I asked her to help me in what I believed was a fraud case. She answered gladly. She was smart, honest, and professional; she has been receiving my calls, letters and emails for more than one month did not seem to mind at what time I communicated with her and it was any time and she always responded quickly. Shubha…Dr Aldarwish ( International client)
We are pleased to note our satisfaction with the standard of service, offered to us by qualified and efficient team of Nath Solicitors. This is a Firm with high integrity and strong, traditional, values focusing on providing the utmost levels of customer satisfaction but don’t just take their word for it, take time to review their customer testimonials. Shubha Nath, who has been providing services to our company, has shown how passionate she is about her job and has delivered…MD of Security Company Dispute Resolution Testimonial
Client comment on company incorporation and advice on a shareholders agreement prepared by Shubha Nath. We felt well advised and Shubha protected our interests immaculately and we are truly very grateful to her for all her help in securing our interests. Director Food Company.Director of a Food Company