Hiq Labs, Inc. v. Linkedin Corporation
938 F.3d 985
| 9th Cir. | 2019Background
- LinkedIn operates a public professional networking site; users control profile visibility and retain ownership of their profile content under LinkedIn’s User Agreement. HiQ scraped publicly accessible LinkedIn profiles to create people-analytics products (Keeper and Skill Mapper) sold to employers.
- LinkedIn used technical measures (robots.txt, IP throttling/blocks, anti-bot systems) and its User Agreement to prohibit scraping; it sent hiQ a cease-and-desist letter in May 2017 threatening CFAA, DMCA, California Penal Code § 502(c), and trespass claims and then blocked hiQ’s bots.
- HiQ sued and obtained a district-court preliminary injunction requiring LinkedIn to restore access to public profiles and withdraw its cease-and-desist; LinkedIn appealed.
- The Ninth Circuit reviewed the four preliminary-injunction factors under the sliding-scale approach and affirmed the injunction, focusing on irreparable harm, balance of equities, likelihood of success on merits (serious questions), and public interest.
- The court found hiQ likely to suffer irreparable harm (business extinction) without access; the balance of equities tipped sharply to hiQ because LinkedIn users’ privacy expectations in public profiles were uncertain and LinkedIn itself exposes/uses public profile data (e.g., Recruiter, Talent Insights).
- On the merits, the court held hiQ raised serious questions on its tortious-interference claim and that LinkedIn likely cannot rely on the CFAA to show hiQ’s access was “without authorization” for publicly available data.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Irreparable harm (prelim injunction) | HiQ: loss of access will force it out of business; money damages inadequate | LinkedIn: economic harm is speculative; alternatives exist | Held: HiQ likely faces irreparable harm (business extinction); factor favors hiQ |
| Balance of equities / privacy interests | HiQ: public profiles are open and widely used; injunction preserves hiQ’s business and public data access | LinkedIn: injunction risks user privacy (Do Not Broadcast users) and goodwill; prevents LinkedIn from protecting users | Held: Equities tip sharply to hiQ; users’ privacy expectations in public profiles are uncertain; LinkedIn’s own products undermine its privacy argument |
| Tortious interference with contract (CA law) | HiQ: LinkedIn intentionally induced disruption of hiQ’s contracts by threatening legal action and blocking access | LinkedIn: actions serve legitimate business purposes (protecting members, enforcing User Agreement) | Held: HiQ raised serious questions on merits; LinkedIn’s justification is weak given timing and possible competitive motive |
| CFAA “without authorization” defense | LinkedIn: hiQ’s continued scraping after cease-and-desist was unauthorized under CFAA, preempting state claims | HiQ: public pages are open to all; CFAA targets intrusion into restricted systems, not scraping of publicly accessible data | Held: Serious questions exist whether CFAA applies to publicly accessible data; CFAA best read as anti-intrusion statute, so LinkedIn likely cannot invoke CFAA to preempt hiQ’s state claims at this stage |
| Public interest | HiQ: preserving open access to public web data benefits research, competition | LinkedIn: injunction could invite malicious scraping and server attacks | Held: Public interest favors hiQ on balance; injunction still permits LinkedIn to block malicious actors |
Key Cases Cited
- Winter v. Natural Resources Defense Council, 555 U.S. 7 (2008) (establishes the four-factor test for preliminary injunctions)
- Alliance for the Wild Rockies v. Cottrell, 632 F.3d 1127 (9th Cir. 2011) (sliding-scale approach where serious questions can offset weaker likelihood of success)
- United States v. Nosal, 844 F.3d 1024 (9th Cir. 2016) (interpreting “without authorization” in CFAA in an employee-access context)
- Facebook, Inc. v. Power Ventures, Inc., 844 F.3d 1058 (9th Cir. 2016) (holding post-cease-and-desist access to password-protected accounts violated CFAA)
- Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir. 2002) (distinguishing public from nonpublic websites under analogous SCA provisions)
- LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009) (noting § 1030 is primarily a criminal statute and counsels narrow interpretation)