LinkedIn enters legal battle with data-scraping company
Image credit: Dreamstime
LinkedIn Corporation, which owns the eponymous social network for professionals, is being sued by a data scraping company after sending a cease-and-desist letter warning against collecting information from its profiles.
A San Francisco-based company, hiQ collects data from the hundreds of millions of public profiles on LinkedIn. By identifying employees who are undergoing increased activity by updating their profiles, hiQ then assigns a ‘flight risk’ to each profile. The data is then sold to employers who want to identify staff who may be looking elsewhere for employment.
In response to the discovery of hiQ’s activities, LinkedIn sent a cease-and-desist letter, warning that the company’s activities constituted computer hacking.
LinkedIn referred to the 1986 Computer Fraud and Abuse Act, which criminalises “[accessing] a computer without authorisation or [exceeding] authorised access”. LinkedIn’s lawyers are likely to argue that by accessing its profiles after being formally asked to desist, hiQ is violating the law.
“If LinkedIn members knew that hiQ was accessing and collecting their data in this manner, many would not update their profiles,” LinkedIn stated. There are currently 500 million profiles hosted on LinkedIn.
HiQ responded by suing LinkedIn, arguing that data scraping without consent does not violate the Computer Fraud and Abuse Act. The case is being heard in the Northern District of California.
If the court rules in favour of LinkedIn, this could have significant implications for data scraping enterprises such as hiQ, given that LinkedIn is a public website.
In a similar ruling last year, the 9th Circuit Court of Appeals found that a small company called Power Ventures – which allows users to log into multiple social networks to access information – had violated the Computer Fraud and Abuse Act and other federal and state laws when it collected information from Facebook’s servers following a cease-and-desist letter from Facebook.
“[Following the receipt of the cease-and-desist letter] Power knew it no longer had authorisation to access Facebook’s computers, but continued to do so,” the court concluded.