Alternative Data

hiQ v. LinkedIn: Breach of Contract and CFAA Claims Proceed to Trial

Published: Nov. 11, 2022

For those following web scraping caselaw, the hiQ Labs v. LinkedIn Corporation case has been one to watch. While prior decisions largely involved a preliminary injunction, the federal district court in California has now ruled on LinkedIn’s remaining claims under the Computer Fraud and Abuse Act (CFAA) and breach of contract. On November 4, 2022, the court decided that some of these claims should proceed to trial because there remained genuine disputes of material fact, and denied the bulk of both hiQ’s and LinkedIn’s motions for summary judgment.

However, the court did find hiQ liable for breach of contract in connection with its hiring of “turkers,” temporary, crowdsourced workers, who made fake LinkedIn profiles to manually view and verify the identities of LinkedIn profiles. 

For context on the case’s extensive litigation history, check out our previous coverage

Breach of Contract Claims

LinkedIn alleged a breach of contract on two issues: (1) hiQ’s automated web scraping of LinkedIn profiles, and (2) hiQ’s use of turkers to log into LinkedIn with fake profiles to conduct quality assurance for hiQ. 

First, the court held that hiQ was subject to LinkedIn’s User Agreement, which expressly prohibits web scraping without LinkedIn’s permission and the creation of fake profiles. But while it concluded that hiQ breached LinkedIn’s User Agreement by scraping the platform and using the scraped data, the court nonetheless denied summary judgment to LinkedIn so that a jury may consider hiQ’s affirmative defenses—whether LinkedIn waived the claim, whether hiQ relied on LinkedIn’s acquiescence over the years in developing its business, and whether LinkedIn employees’ knowledge of hiQ’s activities may be imputed to the company. 

Second, the court held that hiQ breached its contract with LinkedIn through its use of turkers to access LinkedIn account data through fabricated profiles: “Regardless of whether the turkers scraped LinkedIn’s site, they breached the User Agreement’s prohibition on creating false identities.” The success of this legal theory illustrates how a vendor’s conduct – and specifically violation of a website’s terms of use – can be imputed to the company that retains them.

Computer Fraud and Abuse Act (CFAA) Claim

The Ninth Circuit recently affirmed the preliminary injunction precluding LinkedIn from blocking hiQ’s access to public profiles following the Supreme Court’s remand in light of Van Buren v. United States

Back at the district court, hiQ argued that LinkedIn’s CFAA claim was precluded by the two-year statute of limitations. Based on two email chains where LinkedIn employees discussed hiQ’s scraping activity, hiQ asserted that LinkedIn had reasonable notice of hiQ’s scraping activity in 2014 but failed to file its complaint until June 2017. The district court declined to grant summary judgment on this basis, identifying several factual disputes concerning the employees’ scope of employment and whether their knowledge could be imputed to LinkedIn.

Implications of Decision

This decision adds to the growing universe of caselaw addressing web scraping. First, this opinion shows how a court may interpret and apply website terms of use, especially when they include anti-scraping provisions. Specifically, knowledge of relevant terms continues to be an important consideration in assessing the viability of breach of contract claims. Second, the court’s finding of liability for hiQ in connection with the turkers’ conduct illustrates how a vendor’s conduct may be imputed to the hiring entity, and specifically how it might create exposure for how an outsourced vendor performs scrapes. Third, timing may matter. While the circumstances of this case may be unique, the court’s emphasis on the duration of the scraping activity and length of time before LinkedIn brought suit suggests that courts may consider these factors in evaluating claims against scrapers. In addition to takeaways from this decision, the potential outcome of the remaining claims may further inform the understanding of webscraping risks and considerations. Stay tuned!