Last month, LinkedIn Corp. (“LinkedIn”) filed a petition for rehearing en banc of the Ninth Circuit’s blockbuster decision in hiQ Labs, Inc. v. LinkedIn Corp., No. 17-16783 (9th Cir. Sept. 9, 2019). The crucial question before the original panel concerned the scope of Computer Fraud and Abuse Act (CFAA) liability to unwanted web scraping of publicly available social media profile data and whether once hiQ Labs, Inc. (“hiQ”), a data analytics firm, received LinkedIn’s cease-and-desist letter demanding it stop scraping public profiles, any further scraping of such data was “without authorization” within the meaning of the CFAA. The appeals court affirmed the lower court’s order granting a preliminary injunction barring LinkedIn from blocking hiQ from accessing and scraping publicly available LinkedIn member profiles to create competing business analytic products.
On November 8, 2019, the Ninth Circuit denied Linkedin’s petition for rehearing en banc.
Thus, for now, the Ninth Circuit’s decision interpreting the scope of CFAA liability in the context of scraping public websites will stand (barring Supreme Court review). This development is certainly favorable to entities engaged in such data scraping. However, as we’ve stated in a prior post on the appeals court opinion, while the Ninth Circuit’s decision suggests that the CFAA is not an available remedy to protect against unwanted scraping of public website data that is “presumptively open to all,” entities engaged in scraping should remain careful. Moreover, this dispute is not over (as the litigation is only in the preliminary stages), and the case has been remanded to the lower court for further proceedings. We will watch carefully how LinkedIn proceeds from here, and whether it presses its remaining state law claims (e.g., breach of contract, trespass) or else reaches a settlement with hiQ.