The ability of companies to prevent scraping of their publicly available information may now be limited.
In a highly anticipated decision, the Ninth Circuit ruled on September 9, 2019, that scraping data from the public portions of a website likely does not violate the Computer Fraud and Abuse Act ("CFAA"), even if the computer owner attempts to revoke access through a cease-and-desist letter or Terms of Use. The decision, hiQ Labs, Inc. v. LinkedIn Corp., No. 17-16783 (9th Cir. Sept. 9, 2019), may limit the ability for companies to invoke the CFAA to block scraping of their publicly available information.
In hiQ, LinkedIn argued that hiQ's use of automated tools to access and copy publicly posted data after receiving a cease-and-desist letter violates the CFAA's prohibition on intentional access of a computer "without authorization." However, the court held that the CFAA's "without authorization" provision applies to the circumvention of "permissions, such as username and password requirements" that "demarcate[]" certain data as private. The court thus found that hiQ's practices likely do not constitute an unauthorized access where LinkedIn does not prevent public access to the data at issue.
The impact of the hiQ decision could be significant. It potentially limits the ability of companies to rely on the CFAA to prevent scraping of publicly available data even if they send a cease-and-desist letter or try to restrict access through Terms of Use. However, the opinion identifies several possible alternative avenues for vindicating data-scraping claims, including trespass to chattels, copyright infringement, misappropriation, unjust enrichment, conversion, and breaches of contract or privacy.
It is important to note that the Ninth Circuit issued its opinion in a procedural posture that required it to decide only whether hiQ raised "serious questions" that its scraping complies with the CFAA. While the court did not issue a definitive ruling, the opinion suggests how the Ninth Circuit likely will ultimately interpret the CFAA in this context.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.