LinkedIn records a new judgment against it in its fight against a company collecting data from its public profiles.
Under California law, what does “unauthorized” access to computer systems mean? On site, the Court of Appeal had to judge. The context: a dispute in which it had already ruled in 2019. It pits LinkedIn against hiQ Labs.
This company founded in 2012 collects information on public profiles, formats it and markets it, from the angle of predictive analysis. Its target: employers. With products that should allow them to map skills (Skill Mapper) and detect personnel who plan to set sail (Keeper).
In 2017, LinkedIn formally requested hiQ to cease the practice, in the name of the Computer Fraud and Abuse Act (CFAA). The text, in force since 1986, punishes the fact of accessing a computer without permission or excessive use of authorized access.
Faced with this injunction, hiQ took legal action in California to try to prove that its activity was legal.
And had won. LinkedIn appealed. In September 2019, the Court of Appeal dismissed it. Among others for the following reasons:
- The social network does not have the rights to the data published by its members , the latter being owners of their profiles.
– Users who choose a public profile “obviously” expect it to be accessible by third parties .
– The CFAA is supposed to govern cases of piracy ; it is all the more questionable to invoke it in a case concerning open access data.
– Letting LinkedIn control the use of public data could lead to an “information monopoly” detrimental to the public interest
– Without access to the data concerned, hiQ would face “irreparable damage”
LinkedIn evokes a legitimate economic interest…
The procedure had come back to the Supreme Court, which had given right to Linkedin. In the background, a decision that she had made a few weeks earlier ... and which involved a reading of the CFAA other than that of the Court of Appeal. In this case, from the angle of the abusive use of authorized access - and, consequently, technical measures that Linkedin had set up against hiq bots The case concerned a police officer who had used a database to conduct an investigation of his own initiative.
Agree again, the Court of Appeal maintained its initial position. She spoke on two elements in particular. On the one hand, the existence of a disruption of the contractual relationship between Hiq and its customers. On the other, the applicability of the CFAA, the main defense axis of LinkedIn.
On the first point, hiQ claims that the interference was intentional. And that it was manifested as much by the implementation of technical measures as by the invocation of the CFAA. LinkedIn does not dispute these observations, but asserts that according to the law, such interference can be justified by a legitimate economic interest.
How did the court reason in this regard? It first considered that in the existence of a contractual relationship, we commonly favored the societal interest of stability rather than freedom of competition. Then resumed elements of the reasoning of the Supreme Court. More specifically: such interference cannot be justified by the mere fact that a competitor would seek to gain an economic advantage at the expense of LinkedIn . We must be able to prove that we acted to "safeguard an interest of greater societal value than the stability of the contract".
To assess whether this is the case, two things need to be checked. On the one hand, if the means of interference remain within the framework of “recognized commercial practices”. On the other, if they remain within the framework of fair competition.
… but comes up against the interpretation of the CFAA
Technical blocking is probably not a "recognized business practice" within the meaning of Californian case law, the Court considers . Unlike, for example, advertising, price adjustments or employee poaching. These may indirectly affect contractual relationships, but without fundamentally disrupting a business model .
It is not acquired either, still according to the Court, that we are in the ropes of fair competition . A hiq argument has particularly hit the bull's eye: Linkedin formally attacked years after being aware of the incriminated practices. And he did it in the weeks following the announcement of a product likely for competition Skill Mapper.
The second question then remains: once the formal warning was received, did the data collection continue “without authorization” within the meaning of the CFAA?
The blocking in itself cannot be considered as a lack of authorization, the Court clarifies from the outset. And to justify maintaining its “restrictive” interpretation of the text: a simple diversion is not sufficient to invoke it; the notion of intrusion is essential (see “hacking” above).
Is there anything akin to an intrusion in the “LinkedIn vs hiQ” case? The Court's response is negative. In broad terms, on the following bases:
– The notion of unauthorized access only applies to information made private by some form of password-type requirement
– Other texts than the CFAA – including the Stored Communications Act – go in the same direction
– LinkedIn clearly did not make data on its public profiles private
—————————
prospecting automation software that allows you to easily manage all complex aspects of your marketing processes.
Test Magileads for free in 14 days. Click here .
Or book a demo to see how it works. Click here .
