LinkedIn records a new judgment against it in its fight against a company collecting data from its public profiles.
Under California law, what does “unauthorized” access to computer systems mean? On site, the Court of Appeal had to judge. The context: a dispute in which it had already ruled in 2019. It pits LinkedIn against hiQ Labs.
This company founded in 2012 collects information on public profiles, formats it and markets it, from the angle of predictive analysis. Its target: employers. With products that should allow them to map skills (Skill Mapper) and detect personnel who plan to set sail (Keeper).
In 2017, LinkedIn formally requested hiQ to cease the practice, in the name of the Computer Fraud and Abuse Act (CFAA). The text, in force since 1986, punishes the fact of accessing a computer without permission or excessive use of authorized access.
Faced with this injunction, hiQ took legal action in California to try to prove that its activity was legal.
And had won. LinkedIn appealed. In September 2019, the Court of Appeal dismissed it. Among others for the following reasons:
– The social network does not have the rights to the data published by its members , the latter being the owners of their profiles.
– Users who choose a public profile “obviously” expect it to be accessible by third parties .
– The CFAA is supposed to govern cases of piracy ; it is all the more questionable to invoke it in a case concerning open access data.
– Letting LinkedIn control the use of public data could lead to an “information monopoly” detrimental to the public interest
– Without access to the data concerned, hiQ would face “irreparable damage”
LinkedIn evokes a legitimate economic interest…
The procedure went all the way to the Supreme Court, which ruled in favor of LinkedIn. In the background, a decision that she had rendered a few weeks earlier… and which involved a reading of the CFAA other than that of the Court of Appeal. In this case, from the angle of the misuse of authorized access – and, consequently, of the technical measures that LinkedIn had put in place against the hiQ bots The case involved a police officer who used a government database to conduct an investigation on his own initiative.
Asked again, the Court of Appeal maintained its initial position. She spoke out on two elements in particular. On the one hand, the existence of a disruption of the contractual relationship between hiQ and its customers. On the other, the applicability of the CFAA, LinkedIn's main line of defense.
On the first point, hiQ claims that the interference was intentional. And that it was manifested as much by the implementation of technical measures as by the invocation of the CFAA. LinkedIn does not dispute these observations, but asserts that according to the law, such interference can be justified by a legitimate economic interest.
How did the Court reason about this? She first considered that in the existence of a contractual relationship, the societal interest of stability was commonly favored over freedom of competition. Then took up elements of the Supreme Court's reasoning. More precisely: such interference cannot be justified by the sole fact that a competitor would seek to gain an economic advantage at the expense of LinkedIn. We must be able to prove that we have acted to “safeguard an interest of greater societal value than the stability of the contract”.
To assess whether this is the case, two things need to be checked. On the one hand, if the means of interference remain within the framework of “recognized commercial practices”. On the other, if they remain within the framework of fair competition.
… but comes up against the interpretation of the CFAA
Technical blocking is probably not a “recognized commercial practice” within the meaning of Californian case law, the Court considers . On the contrary, for example, advertising, price adjustment or poaching of employees. Which can indirectly influence contractual relationships, but without fundamentally disrupting an economic model.
It is also not certain, again according to the Court, that we are within the ropes of fair competition . One hiQ argument particularly hit the mark: LinkedIn formally attacked years after becoming aware of the incriminated practices. And it did so in the weeks following the announcement of potentially competitive Skill Mapper.
The second question then remains: once the formal warning was received, did the data collection continue “without authorization” within the meaning of the CFAA?
The blocking in itself cannot be considered as a lack of authorization, the Court clarifies from the outset. And to justify maintaining its “restrictive” interpretation of the text: a simple diversion is not sufficient to invoke it; the notion of intrusion is essential (see “hacking” above).
Is there anything akin to an intrusion in the “LinkedIn vs hiQ” case? The Court's response is negative. In broad terms, on the following bases:
– The notion of unauthorized access only applies to information made private by some form of password-type requirement
– Other texts than the CFAA – including the Stored Communications Act – go in the same direction
– LinkedIn clearly did not make data on its public profiles private
—————————
Magileads is prospecting automation software that allows you to easily manage all the complex aspects of your marketing processes.
Test Magileads for free in 14 days. Click here.
Or book a demo to see how it works. Click here .
