U.S. District Court Grants a Preliminary Injunction Allowing Data Harvesting on LinkedIn’s Public Profiles
By Valerio Cosimo Romano
On 14 August 2017, the U.S. District Court for the Northern District of California (“Court”) granted a motion for a preliminary injunction against the professional social networking site LinkedIn (“Defendant”), enjoining the company from preventing access, copying, and use of public profiles on LinkedIn’s website and from blocking access to such member public profiles.
HiQ Labs (“Plaintiff”) is a company which sells information to its clients about their workforces. This information is gathered by analyzing data collected on LinkedIn users’ publicly available profiles, which are automatically harvested by Plaintiff. HiQ is entirely dependent from LinkedIn’s data.
Plaintiff resorted to this legal action after Defendant attempted to terminate the Plaintiff’s ability to access the publicly available information on profiles of Linkedin users (after years of apparently tolerating hiQ’s access and use of its data). Plaintiff contends that Defendant’s actions constitute unfair business practices, common law tort and contractual liability, as well as a violation of free speech under the California Constitution.
Irreparable harm and the balance of hardships
First, the Court evaluated the existence of a potential irreparable harm for the parties. The Court concluded that, without temporary relief, hiQ would go out of business and that LinkedIn does not have a strong interest to keep the privacy of its users, who made their respective profiles publicly available on purpose. Therefore, the court recognized that the balance of hardships weighs in hiQ’s favor.
Likeliness to prevail on the merits
The Court went on to establish the parties’ respective likeness to prevail on the merits. It considered four claims.
Computer Fraud and Abuse Act (“CFAA”)
LinkedIn argued that all of hiQ’s claims failed because hiQ’s unauthorized access to LinkedIn violates the CFAA. The CFAA establishes civil and criminal liability for any person who intentionally accesses a computer without authorization or exceeds authorized access and thereby obtains information from any protected computer. Defendant explicitly revoked the Plaintiff’s permission to acquire data on its systems. According to Defendant, the CFAA is violated when permission has been explicitly revoked by the data’s provider. Plaintiff contended that applying the CFAA to the access of public websites would expand its scope well beyond what was intended by the Congress at the time it enacted the statute since, under Defendant’s interpretation, the CFAA would not leave any room for the consideration of either a website owner’s reasons for denying authorization or an individual’s possible justification for ignoring such a denial.
The Court sided with hiQ, asserting that the CFAA is not intended to police traffic to publicly available websites. According to the Court, a broad reading of the Act would set aside the legal evolution of the balance between open access to information and privacy. Given that the CFAA was enacted well before the advent of the internet, the Court refused to interpret the statute in that manner. The Court further clarified that this does not impair the possibility for a website to employ measures aimed at preventing harmful intrusions or attacks on its servers.
According to Plaintiff, LinkedIn also violated California’s constitutional provisions on free speech, which confer broader rights than those provided by the First Amendment. In Pruneyard Shopping Center v. Robbins, the California Supreme Court held that the state free speech right prohibited private owners from excluding people from their property when their property is an arena where constitutionally valuable actions take place, like engaging in political speech or sharing fundamental parts of a community’s life. The internet, hiQ contends, can be therefore interpreted as a “public space”, and thus be subject to such doctrine.
However, The Court found that no court had expressly extended Pruneyard to the internet. Thus, it concluded that no serious question had actually been raised with regard to constitutional rights under the California Constitution.
Unfair competition law
HiQ also argued that Defendant’s actions had the anticompetitive purpose of monetizing the data with LinkedIn’s competing product and that this conduct amounted to unfair competition under California’s unfair competition law, which broadly prohibits “unlawful, unfair or fraudulent” practices, including those practices that do not explicitly violate antitrust laws, but threaten the spirit of such laws.
According to Plaintiff, Linkedin is violating the spirit of antitrust laws in two ways: first, it is leveraging its power in the professional networking market to secure advantage in the data analytics market. Secondly, it is violating the essential facilities doctrine, which precludes a monopolist or attempted monopolist from denying access to a facility it controls that is essential to its competitors, by precluding them to enter the market.
The Court concluded that Plaintiff had presented some evidence supporting its assertions, but also remarked that during the proceedings LinkedIn may well be able to prove that its actions were not motivated by anticompetitive purposes.
The Court did not recognize any basis for a further common law promissory estoppel claim based on an alleged promise made by Defendant to make the data as public as possible and even available to third parties.
According to the court, there was no proof of such a promise and Plaintiff did not cite any authority applying promissory estoppel made to someone other than the party asserting that claim.
Lastly, the Court considered the public interest. Plaintiff argued that a private party should not have the unilateral authority to restrict other private parties from accessing information that is otherwise available freely to all. Defendant, in contrast, argued that if the users knew that this data was freely available to unrestricted collection and analysis by third parties for any purposes, they would be far less likely to make the information available online.
The Court concluded that granting blanket authority to platform owners to block access to information publicly available on their websites may pose a serious threat to the free and fair flow of information on the Internet and that the questions related to antitrust enforcement leaned further in favor of granting the motion for the preliminary injunction.