A federal appeals court ruled on Monday that scraping of publicly available data does not violate the anti-hacking statute known as the Computer Fraud and Abuse Act.
The move by the Ninth Circuit in HiQ Labs v. LinkedIn is a win for researchers and journalists who have long pulled extensive data from public sources, but may represent a setback for massive tech platforms who previously argued that U.S. law helped them protect their users' data by declaring it off limits.
In a 2019 appeal, the circuit court in San Francisco had previously backed hiQ, which scrapes data on workers from LinkedIn and packages it into analytics about skills and susceptibility to recruitment. LinkedIn, which is owned by Microsoft, had sought to block hiQ's access to public profiles, citing in part the CFAA's prohibition on accessing a computer "without authorization." HiQ, however, won a preliminary injunction in district court.
Last year, in a separate case, the Supreme Court issued its first ruling on the CFAA, in a decision that was seen as narrowing the famously broad statute and giving legal cover to users who access information that's available to them. Although that decision, in Van Buren v. United States, focused primarily on a separate issue, the high court said weeks later that the Ninth Circuit should revisit the hiQ case in light of the justices' ruling.
The appeals court panel found on Monday that "the reasoning of Van Buren reinforced its interpretation of the CFAA." The three judges reaffirmed scraping rights, ruled again that the preliminary injunction against LinkedIn was proper when considering potential harm to hiQ, and sent the case back to the district court for any further proceedings.
LinkedIn said in a statement it would "continue to fight to protect our members’ ability to control the information they make available on LinkedIn" and said it continues to "prohibit unauthorized scraping on our platform.”