In an order issued Monday, the Supreme Court has given LinkedIn another opportunity to prove it's entitled to prevent analytics company hiQ Analytics from scraping data.
LinkedIn claims that hiQ's scraping violates the 1986 Computer Fraud and Abuse Act, an anti-hacking law that prohibits companies from accessing servers without authorization. The Supreme Court recently narrowed the scope of that law in a separate case, and directed the 9th Circuit to reconsider LinkedIn's argument in light of the new decision.
Monday's order doesn't mean LinkedIn will prevail, but leaves the Microsoft-owned company in a position to continue its fight.
The dispute between the two companies began in 2017, when LinkedIn demanded that hiQ stop using automated tools to gather data about users for a service that it sells to employers. hiQ collects information about users from LinkedIn's publicly available pages, analyzes it to determine which employees are at risk of being poached, and sells the findings to employers.
LinkedIn argued both that it has the right to control its servers, and that HiQ was disregarding LinkedIn users' privacy. The social networking service said more than 50 million people used its "do not broadcast" tool, which allows people to change their profiles without having other users notified about the revision. LinkedIn said hiQ's scraping deprives users of their ability to control how their data is shared, or to remove their data altogether.
After LinkedIn sent a cease-and-desist letter to HiQ, the analytics company sued LinkedIn for allegedly acting anti-competitively. HiQ sought a declaratory judgment that it wasn't violating the Computer Fraud and Abuse Act, and asked for an injunction requiring LinkedIn to stop blocking HiQ.
U.S. District Court Judge Edward Chen in the Northern District of California sided with hiQ and granted the company a preliminary injunction, ruling that its business faced the prospect of irreparable harm if it couldn't access publicly available data.
LinkedIn then appealed to the 9th Circuit, where the company argued it's entitled to protect the data on its servers, and that hiQ has no valid antitrust claim.
In 2019, a three-judge panel of the 9th Circuit upheld the injunction, ruling that hiQ's scraping probably didn't violate the Computer Fraud and Abuse Act because LinkedIn profiles aren't password-protected.
LinkedIn asked the Supreme Court to review that ruling. hiQ opposed the request, arguing that the data it collects is already public.
Outside advocacy groups weighed in on different sides of the dispute. The digital rights group Electronic Frontier Foundation sided with hiQ, arguing in a friend-of-the-court brief that the criminal anti-hacking law was never intended to cover scraping data from public sites.
But the watchdog Electronic Privacy Information Center weighed in on behalf of LinkedIn, arguing in a friend-of-the-court brief that users didn't necessarily know their data would be acquired and used in material that was sold to employers.