On Monday, December 20, Meta (f/k/a Facebook) filed a complaint in the Northern District of California against Social Data Trading Ltd. The crux of the issue, according to Meta, is that Social Data scrapes data without permission from accounts on websites such as Instagram (which is owned by Meta) and other popular sites. Specifically, Social Data allegedly uses bots to scrape public profile information from Instagram, and then analyzes this information to provide insights about “influencers and their audiences.” See Complaint.
Facebook has had prior success restricting access to its website, see Facebook, Inc. v. Power Ventures, Inc., 844 F.3d 1058, 1067 (9th Cir. 2016) and Facebook, Inc. v. BrandTotal Ltd., No. 20-CV-07182-JCS, 2020 WL 6562349 (N.D. Cal. Nov. 9, 2020). But data scraping cases are highly fact specific, and questions about how the data was accessed and whether that data was public or private (e.g., password protected) will be critical in the current litigation. In BrandTotal, the court acknowledged the difference between password protected and “public” data: “…Facebook’s general interest in policing access to the password-protected portions of its networks is far greater than LinkedIn’s interest in restricting access to otherwise public pages in hiQ.”
Recently, the Supreme Court limited the reach of the CFAA based on similar considerations. See “SCOTUS narrows the Computer Fraud and Abuse Act in Van Buren v. United States” (distinguishing between information that is “off-limits” as opposed to information otherwise available to a user but obtained for improper reasons). Notably, Meta does not advance a CFAA claim here, but instead relies on California state computer access law—a likely attempt to avoid the recent jurisprudence narrowing the protections of the CFAA when dealing with public or quasi-public data. Ultimately, disputes such as Meta and hiQ may clarify rights of access (or lack thereof) to public or semi-public data that is curated by major websites, such as LinkedIn, Instagram, YouTube, TikTok, and others.
Nixon Peabody’s Cybersecurity & Privacy team will continue to monitor legal developments regarding web scraping.