US Court Rules that Scraping Data from Public Websites Without Permission is Legal

Last updated September 18, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

The California District Court has decided that scraping a public website without asking for the permission of the website owner does not constitute a violation of the Computer Fraud and Abuse Act (CFAA). The plaintiff of this legal battle is “hiQ Labs Inc.” and the defendant is “LinkedIn Corporation”, a Microsoft company. Apparently, the latter tried to prevent the former from scrapping their user data by using automated bots. The court rules that this prevention is illegal, and concluded that it threatens the survival of hiQ as a business.

The court identified that LinkedIn users retain some privacy interests although they do make their profiles in the platform public, it ruled in favor of hiQ’s interests nonetheless. As the judge stated, LinkedIn users are offered the choice to make portions of their profile hidden from the general public. Based on that, the available info should be treated as accessible and shareable by anyone, without limitations, and without the need for the acquisition of consent, either from the user or from the platform (LinkedIn).

LinkedIn, however, has a system in place called “Quicksand”, and which is capable of detecting non-human activity that is usually an indication of data scraping. The system throttles or even blocks the activity that is connected to the bot’s IP address, and even puts that address on its blacklist for future reference. In total, Quicksand is blocking 95 million automated data scraping attempts every day. Obviously, this doesn’t play well with hiQ’s bots, whose business relies on the retrieval of LinkedIn profiles, including user names, job title, work history, and professional skills. The company is selling this data as bulk, or analyzes them and offers insightful reports to those who are interested in services of this kind.

The battle between the two entities started in May 2017, when LinkedIn sent hiQ a cease-and-desist letter, accusing them of violating the User Agreement. They warned hiQ that if they tried to access LinkedIn’s data again, they would sue them for violating the CFAA and DMCA laws. The recent court ruling, however, doesn’t vindicate LinkedIn, so hiQ must be removed from the blacklist and allowed to scrap all publicly available user data freely. This will have huge repercussions to the platform, as many other data scraping agencies will now ask to be excluded from Quicksand's filtering. For the users, it’s time to review your LinkedIn privacy settings thoroughly.

Are you using the LinkedIn social media platform, or do you prefer another job-seeking channel? Let us know in the comments section down below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: