Table of Contents
It is unclear, but a long legal battle has resulted in some positions being upheld in the US courts.
What is the problem?
It is necessary to note some of the premises and facts relevant to both disputing parties.
- LinkedIn is not the owner of the personal data of users added to the platform. The owner is the user.
- For years, hiQ has used software solutions to harvest data from LinkedIn public profiles.
- hiQ has consistently attempted to avoid LinkedIn’s technical safeguards, attempted to redesign the platform’s information systems, and disguised its activities through the appearance of human behaviour.
- LinkedIn has recently won a similar lawsuit against Mantheos, a Singapore company.
As regards the possible violation of the CFAA, the question of whether the automatic harvesting of publicly available personal data by software can be interpreted as access without authorisation is still in dispute. The court has so far held that this is not the case and has granted hiQ the right to do so. However, LinkedIn is now moving forward with challenging this.
Also noteworthy in this case is the debate about the general position of users, platforms, and public data harvesters and the presumptions of data privacy. The court noted that LinkedIn users could choose not to publicly share their profile and any changes to it. An example is when an employee does not want their current employer to know that the employee is looking for a new job.
The court noted that LinkedIn’s arguments regarding the protection of user privacy are invalid since, for example, LinkedIn’s Recruiter service allows a client, as a recruiter, to mark, monitor, and receive notifications of profiles of users who have been added to a list by the recruiter, as well as a full export of that data. If LinkedIn didn’t want to do this, it could remove the ability to access public profiles. Still, in this case, it only wants to remove the ability to process data from competing companies.
Finally, the court considers that giving companies such as LinkedIn complete discretion to decide who has the right to collect and use the data that LinkedIn does not own but which it collects and uses and has made publicly accessible risks creating information monopolies and does not serve the public interest.
What happens next?
It is still unclear whether hiQ’s activities also break the law simultaneously, but LinkedIn has expressed the desire to find out.
We will need to wait for further developments in this dispute and probably new cases shortly, which may give confidence to certain business models or make them illegal.
Should you have any further questions, please contact our Specialist Data Privacy Counsel, Andres Ojaver.
Can data from publicly available LinkedIn profiles be utilised for business purposes?
As of yet, this is unclear within legal limits. However, it is important to note that LinkedIn does not own the personal data of users added to the platform. The owner remains the user.
Is prospecting through LinkedIn a breach of GDPR?