The ruling by the Ninth Circuit Court of Appeals in favor of hiQ Labs, Inc. v. LinkedIn Corp affirmed that the automated scraping of publicly accessible data likely does not violate the Computer Fraud and Abuse Act. Call this a true David (hiQ) vs. Goliath (LinkedIn) story. The decision upholds the right to innovate and develop new ways of gaining analytical insights. While hiQ may be one small private company with 12.4M in estimated funding, it isone of many businesses whose operational model is based on using publicly accessible data rather than collecting their own user data as Intellectual Property.
The landing page on the hiQ website transparently says that is “informed by public data sources” (including LinkedIn). How is this any different than using data from Wikipedia? Or citing market analytics data from the U.S. Bureau of Labor and Statistics? Both are free to access publicly. HiQ is not an enigma. In 2018, it is estimated that American companies spent over 19B in the collection and analysis of consumer data, according to the IAB. That’s a 17 percent growth rate from the year prior across all segments of business:
- Real estate listings & MLS companies
- Sales — lead generation for emails, phone numbers, etc.
- Social media companies — comparative analytics to ascertain what is “trending”
- eCommerce — monitor competitor pricing
- Government — CISA authorizes cybersecurity monitoring of topics impacting national security
- Google Jobs aggregates job postings from various sources in a centralized forum including LinkedIn, Monster, Glassdoor, and individual company websites
What is significant in the hiQ v. LinkedIn case is that user profiles were intentionally created to be shared. Within the LinkedIn platform, that is. Growing privacy concerns with Facebook (and Cambridge Analytica), and the advent of Amazon’s Alexa and Google Home devices, have brought to light the very real concerns of what data is being gathered, who it is being shared with, and how is it being used. In the case of LinkedIn, users consent for their information to be viewed. But this case brings to light the reality that if data is shared in a public forum, it leaves the control of the host site.
The ruling in the case enabled hiQ to continue its business practice but raises questions of corporate responsibility and user privacy that LinkedIn and all companies of similar nature need to be acutely aware of. LinkedIn has over 645M global users. That is a user base that has chosen to be there based on trust, on credibility of brand, and on the understanding that they have elected to put their information out to be seen and shared within the platform. While these users can control their data and request that it be removed from LinkedIn, they do not have control over what happens to that data once it is scraped and housed on other sites. The ruling in this case highlights that risk.
While there is a movement in the Silicon Valley to bring forward user-control legislation around the management of personal data, the U.S. lags behind the EU and Canada with regard to controls around these practices. Many people are simply unaware of how their data can be accessed and used.
A 2018 study conducted by Pew Research Center demonstrated the growth in use of social media from 5 percent of adults in 2005 to 69 percent. Findings also discovered more than half of American adults’ lack trust for how these websites and companies protect and use their personal data.
A survey conducted by TrustE validates that the concern over data privacy is a paramount and a rising concern in consumer mindsets — even transcending concern that individuals have about losing their primary source of income!
The hiQ case is one visible example of how businesses scrape and aggregate data not only for AI but for insights and predictive analytics. As awareness of such practices grows, and individuals begin to harness their angst into action, only they will hold the power to drive change. This will not be through legislative petitions so much as through consumer behaviors. Data is the most sought-after commodity. If they stop participating in and using social online mediums until more user control and protection is guaranteed, the access to their data goes away, which ultimately affects the companies who are benefitting financially from categorizing the user’s online sentiment and behaviors into monetized business insights.
