August 16, 2017

LinkedIn Loses First Battle on Privacy Law in Californian Court

For some months now, Linkedin and San Francisco-based HR platform hiQ have been arm-wrestling on the legitimacy of hiQ’s practice to collect and process data belonging to LinkedIn users’ publicly available profiles – without LinkedIn’s authorization.

On August 15, hiQ won his first legal round before the U.S. District Court – Northern District of California.

The Court has stated that hiQ’s activity of harvesting and scraping individual workers’ data from public profiles of LinkedIn does not violate the Computer Fraud and Abuse Act (CFAA). Also, as hiQ heavily relies on LinkedIn data to pursue its business, preventing the platform to access and use LinkedIn data would drive hiQ out of business.

Among various services, hiQ sells Keeper, a “human capital management tool that provides predictive attrition insights about an organization’s employees using public data” (source: hiQ website): as highlighted in the California Court’s Order, this tool tells employers which of their employers are likely to leave their company, based on the information published on LinkedIn by the concerned employee.

After five years of hiQ’s activity, in early 2017 LinkedIn sent hiQ a cease and desist letter and restricted the latter’s account. Among various claims, LinkedIn contested that the counterpart’s access to the site violates state and federal law, including the CFAA.

Furthermore, it was argued that over 50 million LinkedIn users currently prefer not to notify other users about changes by enabling the Do Not Broadcast feature. This choice would prove, according to LinkedIn, that even users with a public profile “retain a significant interest in controlling the use and visibility of their data”.

The California Court has not upheld such interpretation of the law. According to the judges, the Computer Fraud and Abuse Act was, and is still, meant at preventing and punishing hacking activities, that is the unauthorized access to private and/or password protected systems. 

Hence, the Court has enjoined LinkedIn from preventing hiQ’s access, copying or use of public profiles on LinkedIn and blocking or putting in place any mechanism with the effect of blocking hiQ’s access.

While we can expect new legal initiatives by LinkedIn on this matter, two aspects are quite clear:

–      The number of digital businesses who rely, entirely or almost entirely, on the data and activities of much larger, third-party platforms is increasing year after year;

–      New legislative measures are needed to address situations and relationships such as the one concerned by the case; the CFAA was introduced in 1984, when the internet did not exist.

The Court Order also addresses free of speech and competition rights. The full version can be found here: https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf