LinkedIn and hiQ Labs agreed to a consent judgment and permanent injunction to resolve all data scraping related claims after six years of litigation. This news follows last month’s summary judgment win by LinkedIn on its breach of contract claim against hiQ, based on a finding that hiQ’s data scraping and use of fake profiles violated LinkedIn’s user agreements.
hiQ, a now-defunct data science company, relied on web data collected from public LinkedIn profiles. After LinkedIn served a cease-and-desist letter demanding that hiQ halt its unauthorized data scraping, threatened litigation and informed hiQ that it had implemented technical measures to prevent hiQ from accessing LinkedIn’s site, hiQ filed a lawsuit against LinkedIn in 2017 alleging that LinkedIn’s anti-scraping actions resulted in unfair competition, economic torts, and sought injunctive and declaratory relief. A preliminary injunction was issued by the district court in 2017 and upheld on appeal by the Ninth Circuit in 2019. But the injunction was ultimately vacated (LinkedIn Corp. v. hiQ Labs, Inc., 141 S.Ct. 2752 (2021)) by the United States Supreme Court and remanded for further consideration in light of Van Buren v. United States, 141 S.Ct. 1648 (2021). (For more background on this 6-year litigation, see here.)
In a November 2022 summary judgment order, the United States District Court for the Northern District of California ruled that the provisions of a website user agreement prohibiting data scraping and fake profiles are enforceable in a breach of contract claim. hiQ Labs, Inc. v LinkedIn Corporation, Case 17-cv-03301-EMC, November 4, 2022.
Following LinkedIn’s November 2022 win, on December 7, 2022, the parties agreed to a stipulation that calls for a $500,000 judgment to be entered against hiQ for (1) a breach of contract based on LinkedIn’s user agreement; (2) a violation of the Computer Fraud and Abuse Act (CFAA) “based on hiQ’s data collection practices and based on hiQ’s direct access to password-protected pages on LinkedIn’s platforms using fake accounts;” (3) a violation of California’s law prohibiting unauthorized computer access; (4) violations of the common law torts of trespass to chattels and misappropriation; and (5) a sanctions awarded to LinkedIn based on hiQ’s spoilation. The permanent injunction will require hiQ to cease all data scraping on LinkedIn’s websites and destroy all source code, data, and algorithms created from hiQ’s scraped profile data. The injunction also binds all “present and former officers, agents, servants, employees, and attorneys; and other persons who were or are in active concert or participation with hiQ, hiQ’s officers, agents, servants, employees, and attorneys.” All other outstanding claims were resolved by a confidential settlement agreement.
Although the law related to data scraping remains less than certain, the November 2022 summary judgment together with the December 7 proposed consent judgment and injunction, offer businesses some tools to combat data scraping on their websites and enforce their user agreements.
Reach out to the authors or your relationship partner at the firm for more information. And for more, stay tuned. CPW will be there to keep you in the loop.