Skip to content

menu

Proskauer Rose LLP logo
HomeAboutOur TeamContactSubscribe All Topics
Search
Close

New Media and Technology Law Blog

Trove of Online LinkedIn User Data Fuels LinkedIn’s Anti-Scraping Position

By Jeffrey Neuburger on April 13, 2021

Last week, the Italian data protection authority (the “GPDP”) opened an investigation after reports that a dataset allegedly containing data compiled from 500 million LinkedIn profiles and other websites was available for sale on a hacker forum.  Apparently, this data represents more than two-thirds of LinkedIn’s estimated 740 million users.  The hacker reportedly posted approximately two million records visibly online as evidence of the dataset, and offered to sell the rest for an undisclosed bitcoin payment.

According to a statement by LinkedIn, the company investigated the posting and determined that it is “an aggregation of data from a number of websites and companies,” including publicly viewable LinkedIn member profile data that apparently was scraped from LinkedIn’s site. LinkedIn stated that it was not a data breach because no private member profile data was included in the dataset it was able to review. LinkedIn stated that such scraping of data violated its terms.

The posting of this scraped data immediately reminds us of the ongoing scraping dispute between LinkedIn and data analytics start-up hiQ, Inc. (“hiQ”).  The principal issue in the case concerns the scope of Computer Fraud and Abuse Act (CFAA) liability associated with web scraping of publicly available social media profile data. In a prior ruling, the Ninth Circuit affirmed the lower court’s order granting a preliminary injunction barring LinkedIn from blocking hiQ from accessing and scraping publicly available LinkedIn member profiles.

The current incident and the hiQ-LinkedIn dispute are distinguishable in at least one major way – one involves an unknown party that scraped and posted for sale a massive trove of public LinkedIn profile data and the other involves a start-up company that scraped specific public LinkedIn profile data germane to its clients and crunched it internally for data analytic products about employee mobility and other tendencies of LinkedIn users. Still, both evoke similar big picture issues about potential data privacy and other issues associated with the scraping of public social media data.  Throughout the litigation and most recently in its Counterclaims filed against hiQ in the case, LinkedIn has outlined the data privacy considerations and the potential loss of user trust it would suffer if scraping of public user profiles, which violates its site’s terms, is freely permitted:

“[O]nce a scraper has scraped a member’s data, the members have no recourse to stop the scraper from copying, archiving, and forever keeping any information…. The member cannot stop the scraper from, among other things, using that data to target spam, selling or inadvertently exposing that data to scammers…. In short, once data has been scraped, member data can end up in any number of databases controlled and used for any purpose.”

hiQ has countered this narrative by suggesting, in its Motion to Strike, that LinkedIn is merely attempting to “pose as a defender of user privacy by characterizing hiQ as a ‘scraper’” in a veiled attempt to “shut down fair competition” for creating data analytic products from its users’ data and that LinkedIn has demonstrated no user harm from hiQ’s activities regarding data that users have already made public.

Regardless of which side of the foregoing argument one takes, the current scraping attack calls to mind the data privacy concerns LinkedIn has expressed about indiscriminate scraping and may give LinkedIn added momentum in the pending dispute.

This current development also evokes some of the issues that are being debated surrounding the practices of Clearview AI, Inc., an entity that scraped billions of photographs from public websites without consent and created a commercial service that allowed certain entities to upload a photograph to instantly identity the person depicted via its facial recognition matching technology. Even though the images scraped by Clearview AI had been publicly posted by users, the State of Vermont, a civil liberties organization and a class of users, among others, have brought various privacy and consumer protection-related suits against Clearview AI over its data collection and usage.

Given the unsettled area of law surrounding data scraping, there are no clear answers in this area yet.

Posted in Computer Fraud and Abuse Act, Data Security, Privacy, Screen Scraping, Social Media
Tags: hiQ litigation, PUBLIC SOCIAL MEDIA DATA, scraping attack, user privacy, web scraping
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jeffrey Neuburger Jeffrey Neuburger

Jeffrey Neuburger is co-head of Proskauer’s Technology, Media & Telecommunications Group, head of the Firm’s Blockchain Group and a member of the Firm’s Privacy & Cybersecurity Group.

Jeff’s practice focuses on technology, media and intellectual property-related transactions, counseling and dispute resolution. That expertise…

Jeffrey Neuburger is co-head of Proskauer’s Technology, Media & Telecommunications Group, head of the Firm’s Blockchain Group and a member of the Firm’s Privacy & Cybersecurity Group.

Jeff’s practice focuses on technology, media and intellectual property-related transactions, counseling and dispute resolution. That expertise, combined with his professional experience at General Electric and academic experience in computer science, makes him a leader in the field.

As one of the architects of the technology law discipline, Jeff continues to lead on a range of business-critical transactions involving the use of emerging technology and distribution methods. For example, Jeff has become one of the foremost private practice lawyers in the country for the implementation of blockchain-based technology solutions, helping clients in a wide variety of industries capture the business opportunities presented by the rapid evolution of blockchain. He is a member of the New York State Bar Association’s Task Force on Emerging Digital Finance and Currency.

Jeff counsels on a variety of e-commerce, social media and advertising matters; represents many organizations in large infrastructure-related projects, such as outsourcing, technology acquisitions, cloud computing initiatives and related services agreements; advises on the implementation of biometric technology; and represents clients on a wide range of data aggregation, privacy and data security matters. In addition, Jeff assists clients on a wide range of issues related to intellectual property and publishing matters in the context of both technology-based applications and traditional media.

Read more about Jeffrey Neuburger
Show more Show less
Related Posts
App Store Protected by CDA Immunity (and Limitation of Liability) for Losses from Fraudulent Crypto Wallet App
September 16, 2022
DOJ Revises Policy for CFAA Prosecution to Reflect Developments in Web Scraping and Other Matters
May 24, 2022
English High Court Clarifies Appropriate Causes of Action in Data Claim Where Defendant Was a Victim of Third-Party Cyber-Attack
October 5, 2021
Subscribe to the New Media and Technology Law Blog
Subscribe to this Blog
The Proskauer Blog Network
View All Proskauer Blogs

New Media and Technology Law Blog

Proskauer Rose LLP logo
Follow on Twitter View LinkedIn Profile Subscribe to this blog via RSS
Privacy Policy

About Proskauer Rose LLP

We are 800+ lawyers serving clients from offices located in the leading financial and business centers in the Americas, Europe and Asia. The world’s leading organizations, companies and corporations choose us to be their representatives in their most critical situations. Moreover, they consider Proskauer a strategic partner to drive their business forward. We work with asset managers, private equity and venture capital firms, Fortune 500 companies, major sports leagues, entertainment industry legends and other industry-redefining companies.

Visit Proskauer.com

Topics

Archives

Copyright ©2025, Proskauer Rose LLP. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo

Proskauer and our platform provider LexBlog each use cookies to personalize content and ads, to provide social media features and to analyze traffic. Each of us also share information about your use of our site with our social media, advertising and analytics partners. If you are happy for us to store these cookies on your device please click ‘Accept Cookies.' For more information, please see here and here.

OK