Meta, the parent company of Facebook, has sued Hong Kong based Social Data Trading Ltd. for scraping data from millions of Instagram and Facebook profiles. Meta alleges that after it blocked Instagram and Facebook access to Social Data Trading, the company continued to surreptitiously pull profile information from both websites. Meta alleges that Social Data Trading violated the terms of service for both Instagram and Facebook and that, because of circumventing Meta’s block Social Data Trading’s use of those websites, defendant also engaged in illegal hacking under Section 502 of California’s Penal Code. Finally, Meta seeks recovery for unjust enrichment, in addition to its claims for breach of contract and hacking under Section 502.
The complaint does not contain any claims under 18 U.S.C. § 1030, the Computer Fraud and Abuse Act (“CFAA”). This is an issue we are watching closely as, generally speaking, CFAA no longer supports claims for data scraping that merely violate a website’s terms of service. Presently before the Ninth Circuit, on remand from the Supreme Court, is the question of whether, once a website revokes permission and takes technical steps to block access, a subsequent act of scraping a public website constitutes a violation of CFAA. LinkedIn Corp. v. hiQ Labs, Inc., No. 19-1116, 141 S. Ct. 2752, 210 L. Ed. 2d 902, 2021 U.S. LEXIS 2997, 2021 WL 2405144, at *1 (U.S. June 14, 2021). The Ninth Circuit heard oral argument on this case in October. We anticipate a ruling soon. As always, watch this space for an update.