Earlier this month, the United States Supreme Court decided Van Buren v. United States. In that decision, the Court took a narrow interpretation of the Computer Fraud and Abuse Act (CFAA), holding that the CFAA “does not cover those who . . . have improper motives for obtaining information that is otherwise available to them.” At the time, we observed that the Supreme Court’s decision is an encouraging step in providing more certainty around the legal risks surrounding the use of web-scraped data.
In a new development this week, the Supreme Court teed up a case that specifically will address the application of Van Buren to web scraping. In 2019, the Ninth Circuit held in hiQ Labs, Inc. v. LinkedIn Corp. that it is not a violation of the CFAA for a data analytics company to use information that it scrapes from public LinkedIn profiles to provide its clients with insights on their workforces. On Monday, the Supreme Court vacated the Ninth Circuit’s decision and directed to the Ninth Circuit to further consider the case in light of Van Buren. When the Ninth Circuit re-decides hiQ on remand, it likely will provide more specific guidance on the permissibility and risks of collecting and using web-scraped data.