back to article Welcome to The Reg's poetry corner... hiQ once again / beats LinkedIn on web scrape case / more appeals await

A US appeals court has upheld the 2017 ruling allowing netizens to scrape public profile data from social networking sites, including LinkedIn. The 9th US Circuit Court of Appeals ruled (PDF) on Monday in favor of hiQ, an analytics firm that sells advice based on data that it gathers from LinkedIn profiles. The ruling is the …

  1. elDog Silver badge

    So web pages visible in my browser aren't free to be scraped?

    I have an easy solution (patent to be pending.)

    Anyone who wants to look at a LinkedIn site (or all the rest of that crowd that steal your privates and sell to others who will resell, steal, ad nauseam) should be made to wear a special set of goggles that convert the Snow Crash image into something like your target's real posted information.

    Goggles can be ordered through Amazon, PayPal, or Google (natch); but you have to be wearing the goggles to view these pages.

    I do predict that eventually, only closed circuits will be available to see any content worthwhile. Wikipedia soon. Youtube sooner, Netflix - oh, already there.

  2. I ain't Spartacus Gold badge

    Odd decision.

    I'm fine with the whole, it's public data what are you complaining about thing. That just seems sensible. Anything that's open to the internet on a site like that is obviously for public consumption - so you can't have an expectation of privacy.

    But the second argument strikes me as very odd. Are the courts ruling that the survival of a company trumps the law - or users' privacy concerns? Because that's what they seem to be saying. That something that might not be allowed normally, suddenly becomes perfectly fine once someone's done it - and is now employing people to do it? And at that point you have to fulfill a higher standard to stop them, than if they'd asked permission first?

    It certainly explains the whole Silicon Valley attitude to the law - but I'm rather surprised that a court has endorsed it.

    1. The Mole

      Re: Odd decision.

      Would be interesting to see how the case pans out in the UK (and I'm sure if they wanted to linked in could make some of the profiles only available by servers in the UK and therefore cause a move jurisdiction).

      Firstly it will clearly violate GDPR - there's personal data in those linked in profiles and users haven't consented to the third party firm holding and processing it.

      Secondly there is the concept of 'database rights' in UK law. FA cup match results are public knowledge, however the collection and aggregation of that data merits protection, services that provide result summary's can't legally just have the content immediately copied by their competitors whilst the news is still 'hot'. LinkedIn have invested a significant amount of effort in gathering their data so I imagine the UK courts would consider that it is protected even though it is publically accessible.

      I'm surprised even under US copyright law that there isn't a case of violation - afterall the contents of books are in the public domain and you can't just copy that.

      1. Mike 137 Bronze badge

        Re: Odd decision.

        The GDPR doesn't require the data subject to consent unless the data falls within the Article 9 categories.

        If a "scraper" collects personal data other than from the data subject, they have to inform the data subject under Article 14. In such a case as this, working out how to do this in accordance with the regulation might require some thought, but collecting the data in this way is not intrinsically unlawful.

        The database right might not apply in this case. As the data subjects (not LinkedIn) provide the data, and only under T&Cs requiring accuracy, Linked would probably have difficulty arguing a substantial investment in either "obtaining" or "verification", so the only basis open for claiming the right would likely be "presentation". It would be interesting to consider whether that right were applicable if the data were scraped without preserving the presentation.

      2. FrogsAndChips Silver badge

        Re: Odd decision.

        I was with you until this: "the contents of books are in the public domain and you can't just copy that". No, generally speaking, book contents are not in the public domain, unless their copyright has expired or has never been set. Being allowed to read a book in a public library doesn't make the content public. Once a book has entered public domain, you are free to copy the contents as you want.

        1. ForthIsNotDead

          Re: Odd decision.

          Agreed. Public Domain has a very specific legal definition.

          1. The Mole

            Re: Odd decision.

            Agreed, but surely LinkedIn's pages are also in the same category, I can go into a library and access a book for free but still can't copy the contents. Just because LinkedIn exposes their pages on the internet doesn't (shouldn't) equate to Public Domain either - particularly if you need to log in to access that data.

            1. Arthur the cat Silver badge

              Re: Odd decision.

              I can go into a library and access a book for free but still can't copy the contents.

              In the UK you can copy at least parts of the book (or any other copyright work) for "fair use" purposes and that includes whole copies for data mining and/or “computational analysis”. For the data mining case see the last section of the British Library web page on Fair Use. Note that the use must be non-commercial (that's in the onward link).

            2. eldakka Silver badge

              Re: Odd decision.

              But LinkedIn doesn't own the data or the copyrights. Those are owned by each individual user who has a profile.

              Also, since this case is under US law and not EU/UK law, under US law facts cannot be put under copyright, that is, there is no 'database rights' equivalent in US law. Since a LinkedIn profile is a list of facts - name, job history, education history, etc. - then much of what is on there that would be being scraped (I imagine, not knowing exactly how hiQ works) is uncopyrightable facts.

              Under US law, you could go into a library, borrow a copy of the telephone book, and copy out all the names/address/phone number information in there. I believe this would be illegal under EU/UK law, because it would fall under a 'database right', which doesn't exist in US law.

    2. Benson's Cycle

      Re: Odd decision.

      Technically the argument that the rights of a corporation to exist and do business outweigh treading on someone else's business is fascism, as defined by Mussolini (and not Trotskyites).

      Trump's mixing his business with government to the extent of Pence having to stay in a Trump hotel in Ireland is also technically fascism.

      Silicon Valley just didn't notice when things shaded from Ayn Rand to fascism, because facilis descensus averno.

      1. ForthIsNotDead
        Headmaster

        Re: Odd decision.

        "Technically the argument that the rights of a corporation to exist and do business outweigh treading on someone else's business is fascism, as defined by Mussolini (and not Trotskyites)."

        Incorrect. It's capitalism. The rights of a corporation to exist and tread on *individual personal* rights is Fascism as espoused by Mussolini.

        The definition of Fascism (much like the definition of racist or misogynist) has been corrupted in recent times by lunatics on the extreme left fringes. It gives moderate, left-leaning folk with critical, free-thinking skills a bad name, which is a shame.

  3. Anonymous Coward
    Anonymous Coward

    So sounds like when the Cambridge Analytica data was scraped from Facebook accounts whose owners had allowed "friends of friends" access then it may have been (at least in US law) legal.

    1. Gonzo wizard

      "May have been (at least in US law) legal"

      Article 3 of the GDPR states "This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union".

      So if the data subject is an EU citizen this is illegal under European law if hiQ does not have a legal footprint in the EU (by which I mean if it does not have any companies - incorporated entities - registered there).

      If hiQ has a legal footprint in the EU, the situation is no different (except that legal action is probably easier to take).

      1. Nick Ryan Silver badge

        Re: "May have been (at least in US law) legal"

        It's complicated, which is the whole basis of this case, by the content being publicly accessible.

        Linked In has non-publicly accessible content where a signed in user, who has somehow agreed to the terms of use of the use service, has access. Control of this content is entirely within the contract terms, although organisations should remember that while they can write whatever they want within these contract terms, these terms being legally acceptable is entirely different...

        Because Linked In has "private" content, it also means that what it publishes outside of this is "public" content. As in freely available to all. The presentation of this content is subject to Linked In's copyright, however the content itself is provided and therefore (co)owned by the data subject, who has "chosen" to make this information about themselves freely available to the public. Linked In benefits from this content being freely/publicly available as it drives searches to the Linked In service through search engines. Linked In cannot have it both ways unless they want to specifically go down the route of licensing search engines to access content and to also have the data subjects (users) of the service agreee to this.

        It's an interesting situation that largely benefits lawyers, who without this kind of thing would doubtless struggle to maintain their (frugal) lifestyles.

        1. Doctor Syntax Silver badge

          Re: "May have been (at least in US law) legal"

          Yes, it surprised me. I thought it sound have been covered by T&Cs/contract terms.

      2. Doctor Syntax Silver badge

        Re: "May have been (at least in US law) legal"

        Article 3 of the GDPR states "This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union".

        So if the data subject is an EU citizen

        No. By virtue of what you quoted, all the subject has to be is in the EU. It doesn't matter whether or not they're a citizen. Of course if the Prime Numpty gets his way it won't make any difference to those of us in the UK after October 31st.

        1. Nick Ryan Silver badge

          Re: "May have been (at least in US law) legal"

          Yep. While some parts of the GDPR are rather misunderstood, and possibly misapplied too, in general it is rather good. In this case it is making no distinction between EU citizens and others, there are no "aliens have no rights" intended in this regulation, the aim is to protect all people equally. Quite different to certain "1st world" (hahahaha) regimes in the world.

  4. taxman

    Take control

    So if LinkedIn used, say, a WAF in front of their services that utilised rate limiting and repetition request rules to protect their customers being able to access their services how would the Courts deal with that? Could also go by reputation rules so that anything that looked like a scraper would be blocked if the browser action continued for several minutes it would get blocked for a cool down period.

    All in the interest of protecting their service availability and customer access of course.

    1. Gonzo wizard

      Re: Take control

      I think LinkedIn is free to take whatever action it wants to prevent screen scraping. If hiQ were to raise this in the courts, LinkedIn would point out that their use contravenes the terms of use of their web site. I can't see anyone siding with hiQ in this situation (price comparison screen scraping is a far more valuable activity and we'd have seen cases before now if there was the slightest chance of winning).

  5. MarkCX

    Just because something is freely accessible, doesn’t mean it’s ok to copy it and use it for commercial gain. If I go into an exhibition, museum or gallery which is free and open to the public, it may be possible to take photos. If I then go and use those photos to print and flog on T-shirts, posters etc., that’s not right.

    1. Nick Ryan Silver badge

      It's more complicated than this...

      When going to such an exhibition or gallery you are contractually agreeing to the terms of your access - which may or may not prohibit you from taking photos.

      This is entirely separate to copyright law. For example a four hundred old painting is thoroughly out of copyright and you as an individual or a business are free to make copies of it and exploit and use it in almost any way that you feel fit to, including printing the images on T-Shirts, posters and so on and selling these. Aquiring access to the image in order to produce these copies is quite separate and usually you have no specific rights to do so.

  6. Nugry Horace

    A far as I can see from the ruling, the case now goes back to the district court rather than up to the Supreme Court:

    "We AFFIRM the district court’s determination that hiQ has established the elements required for a preliminary injunction and remand for further proceedings"

  7. Teiwaz Silver badge

    "LinkedIn will continue to fight to protect our members and the information they entrust to LinkedIn.”

    Should read:

    "LinkedIn will continue to fight to protect our members and our information, us and only us, all ours, mine mine mine.”

    Well, who'd want to actually sign up to LinkedIn to use their resource? The buggers and their desperate Top Trump collecting 'please add me to your network' users are best dealt with at a distance, and HiQ sounds like an adequate barge pole.

    1. ForthIsNotDead

      Inclined to agree. I was on LinkedIn just this morning, and the number of virtue-signalling posts and just 'noise' is a pain in the ass. Which is why I don't use it.

    2. Pascal Monett Silver badge

      Agreed

      LinkedIn may be "protecting" its customers, but its ex-customers can sit on it and smile.

      I closed my LinkedIn account when Microsoft took over. I'm still getting invites (or friend requests, whatever I don't care). Why ? If my account is closed, nobody should be able to invite me and you can't invite someone.

      I raised the issue with LinkedIn chat people and the response was I could go to my profile and uncheck receive invites. Guys, I closed my profile, I shouldn't have to need to do that.

      I'm still waiting for an answer on that point.

  8. paulf Silver badge
    Coat

    "Should the Supremes agree to take on the case,..."

    I was wondering what Diana Ross's former backing group was up to these days.

    (Sorry)

  9. Anonymous Coward
    Anonymous Coward

    I had to look up what LinkedIn was - apparently it's facebook for twunts

  10. Alister Silver badge

    even if some LinkedIn users retain some privacy interests in their information notwithstanding their decision to make their profiles public, those interests did not outweigh hiQ’s interest in continuing its business

    That's a loaded statement, right there. An individual's right to privacy doesn't outweigh a business' choice to ignore it.

  11. adam payne Silver badge

    In 2017, the court found that there wasn't much to the CFAA claim as the information was already public...

    You can't really have an expectation of privacy when the data is already public and free to see by anyone who wants to.

  12. Milton Silver badge

    Not a Linked In user—all my work comes through word of mouth and recommendation, so joining up might benefit Microsoft, but just opens me up to yet another Internet-Borne Pest Vector—but I accept that it maybe works for some others. But surely, as soon as you've agreed to the T&Cs, your data is fair game? If you and/or MS have agreed that your details will be on the equivalent of a billboard by the motorway, how can you possibly claim to exclude anyone else from (a) seeing it, and (b) using it for any legal purposes?

    I saw mention of GDPR, but how does that relate to data that a person knowingly and purposely submits for public display? Didn't you just say: 'To heck with my privacy, I want work'?

    Colour me curious.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019