Does ‘Scraping’ Data Violate the Computer Fraud and Abuse Act?
We live in a world where data has become an increasingly valuable asset and huge companies are built on the collection and analysis of publicly available data. Yet, there is no federal statute that directly protects this type of information or even directly addresses how this information should be treated. Instead, businesses are often forced to rely on the Computer Fraud and Abuse Act (CFAA) in order to protect this valuable asset or commodity, which originally only provided criminal sanctions and was enacted to address computer hacking. Most recently, the Ninth Circuit in hiQ Labs, Inc. v. Linkedin Corp., 938 F.3d 985 (9th Cir. 2019), addressed under what circumstances a company may legally “scrape” data from another company’s website. There, the court determined on hiQ’s motion for preliminary injunction that “scraping” publicly available information from LinkedIn likely is not a violation of the CFAA because the LinkedIn computers are publicly accessible and hiQ thus did not access the computers “without authorization” as required by the CFAA. Under these circumstances, the court determined that it did not matter that LinkedIn had sent a cease and desist letter to hiQ prohibiting such access. This is a potentially very important decision for companies on both sides of this issue and for the general public, at least in the Ninth Circuit.