Welcome to another episode of A Little Privacy, Please! Our guest today is our colleague Jason Kunze, a Cybersecurity & Privacy attorney in our Nixon Peabody Chicago office. Kunze gives us an overview of the web scraping landscape with a look at recent rulings and whether they help to clarify some of the legal questions surrounding web scraping activities.
Watch A Little Privacy, Please! on web scraping
What is web scraping? Is it legal?
Web scraping uses automated tools to pull down data from a website.
No rule in the United States expressly allows web scraping. Although, I think it's akin to speeding in a sense, where if you're eight over on the interstate, you will probably not get pulled over. But if you do, you can't look at the cop and say, "You weren't supposed to pull me over. I'm going with the flow of traffic."
What would some common causes of action be in a web scraping case?
It's very fact-specific. You may see causes of action under the Computer Fraud and Abuse Act, or CFAA, copyright infringement, state computer crime statutes, unfair competition, unjust enrichment, and others depending upon the salient facts.
Did the Supreme Court's decision in the Van Buren case drive a stake through the heart of a CFAA claim in the context of web scraping?
It didn't kill it, but it limited it. At a very high level, the Supreme Court said that you can't use the CFAA to restrict somebody from scraping when they have permission to access your website. It has to be a gate-up or gate-down situation. In other words, your access is expressly prohibited, and you got around that.
Did hiQ Labs vs. LinkedIn give us the right to web scrape?
People often get confused about the hiQ Labs case because it's very long-running. It's gone way up and down from the California district courts to the Supreme Court and back. At the beginning of that case, hiQ Labs got a preliminary injunction allowing it to scrape LinkedIn's website, which was exciting for those who wanted to do web scraping. However, as that case went on, some bad facts came out, expressly that hiQ Labs was hiring third parties to set up fake emails and fake accounts on LinkedIn to enable and continue their scraping even when LinkedIn was trying to cut them off. A recent consent decree in that case, which happened in the fall, prohibits hiQ from doing any scraping. So the hiQ Labs case doesn't give us a definitive answer on scraping either way. It's just limited to those two companies and the facts of that case.
How does copyright protection fit into the web scraping puzzle?
It's not just the fact that you're scraping but also what you're scraping. For example, scraping facts from a website, such as salary information on a career website, will not be protectable under copyright law. But expression, if I'm pulling down paragraphs of text from a website, for example, absolutely will be. So there may be a copyright claim or even a Digital Millennium Copyright Act action to try to take down material from your website based on the actual content that you're scraping. And we also need to take a close look at that when we dig into the facts.