Scraping web content just got a little closer to legal in the US
posted Saturday Sep 14, 2019 by Scott Ertz
Data scraping has long been the scourge of website owners. You do a lot of work to produce a website that provides useful information to people, and someone else comes along and scrapes that data from your website and uses it for their gain. In some cases, it can simply be an annoyance that makes it feel like your work was violated. In other cases, it can be the basis of an entire business model, such as Hyp3r's scraping location data from Instagram. In that case, Instagram cut off access to the data, but that's not always possible.
Such is the case for LinkedIn, who has been dealing with a company called hiQ scraping data from public profiles for years. LinkedIn is not going to make you sign in to view a public profile, but they also don't want companies taking data from their platform. Because of this, LinkedIn sent hiQ a cease-and-desist letter in 2017, demanding that the company stop harvesting data from public profiles. Rather than comply, hiQ sued LinkedIn, arguing that their activity did not violate the Computer Fraud and Abuse Act, and asked for an order banning Microsoft from interfering in their activities.
At the time, the trial concluded that hiQ was within their rights to take data from public profiles. This week, the 9th Circuit Appeals Court agreed with that determination, saying that the Computer Fraud and Abuse Act does not apply to publicly available information. The three-judge panel wrote,
The CFAA was enacted to prevent intentional intrusion onto someone else's computer-specifically computer hacking.
This is far from a settled matter, however. Across the country, there are competing rulings on the topic of data scraping. In 2013, a California court held that two companies had violated CFAA when scraping data from Craigslist. Rather than taking it to the 9th Circuit Appeals Court, the same court that ruled in hiQ's favor, they agreed to stop their activities.