Brooklyn Journal of Corporate, Financial & Commercial Law

First Page



In September 2019, the United States Court of Appeals for the Ninth Circuit granted plaintiff-startup hiQ Labs a preliminary injunction allowing it to “bot scrape” off of defendant-social networking service LinkedIn’s public profiles without triggering liability under Section 1030(a)(2)(C) of the Computer Fraud & Abuse Act (CFAA) for accessing a website “without authorization.” Differing judicial interpretations demonstrate the lack of clarity as to the legality of third-party bot scraping against the website owner’s consent, which causes irreparable harm to businesses that rely on such practices to operate, and antitrust issues when website owners like LinkedIn and Facebook can selectively ban third-parties from collecting data on their public websites for their own private gain, while facing no comparable competition. Further, while hiQ Labs received a favorable result in the Ninth Circuit, that decision has since been vacated by the Supreme Court, and hiQ Labs ceased business operations in 2018. Hence, the tumultuous litigation’s fatal business impact on hiQ Labs creates a blueprint for how other social media sites can hamstring smaller private companies’ bot scraping on their sites through lengthy litigation. Thus, this Note proposes that Congress clarify the CFAA by (1) allowing any public social media profile data viewable without a log-in to be free of CFAA liability; and (2) for public profile data that can only be viewed after passing through a log-in threshold, triggering CFAA liability only if the data being collected isn’t accessible after merely creating an account. Therefore, information that can be accessed by anyone with internet access, whether fully public or viewable after easily creating an account on the site, should be deemed public information that private social media companies have no authority to prevent collection of under the CFAA.