In a case that could have major implications for data security in social apps, the US Supreme Court has dismissed a lower court ruling which had previously barred LinkedIn from denying recruitment software company hiQ access to information which LinkedIn members had made publicly available in its app.
The case is a precedent-setting example in the battle against data scraping. Back in 2017, LinkedIn sought to cut off hiQ Labs from its service after discovering that hiQ had been scraping LinkedIn user data – harvesting personal information on publicly available profiles of LinkedIn users – in order to build its own recruitment information service.
hiQ Labs uses LinkedIn profile information in order to build data profiles which can predict when an employee is more likely to leave a company.
As per hiQ’s pitch:
“There is more information about your employees outside the walls of your organization than inside it. hiQ curates and leverages this public data to drive employee-positive actions. Our machine learning-based SaaS platform provides flight risks and skill footprints of enterprise organizations, allowing HR teams to make better, more reliable people decisions.”
Note the mention of ‘public data’ here – at the core of hiQ’s case is the fact that anyone can access this information on LinkedIn, and therefore, LinkedIn has no right to restrict its usage.
Nevertheless, LinkedIn informed hiQ that such usage was in violation of its terms, and also violated user rights, as they’ve signed up for LinkedIn, not for other platforms. As a result, LinkedIn threatened to cut off hiQ’s access, which then lead to hiQ seeking a legal injunction to stop LinkedIn from cutting off its data access.
Which hiQ won. LinkedIn then sought to appeal the decision in 2019, but was denied by the US Circuit Court of Appeal. Which, essentially, meant that the court’s decision was that it is indeed legal for any company to access and utilize publicly available user data, from any platform, with users’ having no rights to govern this expanded usage.
Which seems a little off, especially considering the expanding focus on user data privacy. As a result, LinkedIn has since been seeking expanded legal recourse to address its concerns, which has lead to this latest decision by US Supreme Court, which essentially refers the decision back to Court of Appeal for reassessment.
Which is a big win for LinkedIn – yet even so, there’s no guarantee that the Court of Appeal will find reason to change its original ruling, with broader questions around who owns publicly available data not covering this specific type of usage.
It’s an important case, not just for LinkedIn, but for social media platforms in general. Last year, Facebook also launched legal proceedings against two companies over similar data scraping, through which these organizations were found to be extracting Facebook user data for use in their own digital intelligence tools.
On one hand, there is some logic to the fact that if this information is publicly available, then there’s no legal reason why others can’t use it – though LinkedIn did note that hiQ’s software bots are able to harvest data on a massive scale, “far beyond what any individual person could do when viewing public profiles”.
Yet even so, it is publicly available data. But then again, as noted, users sign up to the guidelines and usage rules of each individual platform, so they’re not giving their consent for that same information to be used by other companies.
Is that enough of a stance to create new rules around such, or will the same finding be applied once again?
The answer is not definitive, but in the evolving age of data protection, it does seem that laws need to also evolve to cover such instances.
It’ll be an important case to note, which could have significant implications on how social platforms operate moving forward, including potential restrictions on what data is made available to the non-user public.