The U.S. Supreme Court has made a case that could have significant implications for the security of social applications dismissed the judgment of the lower court who had previously prevented LinkedIn from denying recruitment software company hiQ access to information that LinkedIn members had made publicly available in their application.
The case is a precedent-setting example in the fight against data scraping. In 2017, LinkedIn attempted to disconnect hiQ Labs from its service after discovering that hiQ had phrased LinkedIn credentials – collecting personal information from publicly available profiles of LinkedIn users – to build its own recruitment information service.
hiQ Labs uses LinkedIn profile information build data profiles which can predict when an employee is likely to leave the company.
As per pitch of hiQ:
“There is more information about your employees outside the walls of your organization than within the organization. HiQ curates and leverages this public information to promote positive action by employees. A SaaS platform based on machine learning provides flight risks and skill footprints for corporate organizations.
Please note that mentioning public information here – at the heart of hiQ is that anyone can access this information on LinkedIn, so LinkedIn has no right to restrict its use.
Nevertheless, LinkedIn informed hiQ that such use was against its terms and also its rights as they are Logged in to LinkedIn, not other platforms. As a result, LinkedIn threatened to stop hiQ from accessing, leading hiQ to seek a legal ban to prevent LinkedIn from stopping data use.
Which hiQ won. LinkedIn then tried to appeal the decision in 2019, but the U.S. Circuit Court denied it. Which essentially meant that the court’s decision was that it is indeed legal for every company to use and use publicly available user data from any platform, and users do not have the rights to control this extended use.
Which feels a bit off, especially given that the privacy of user data has expanded. As a result, LinkedIn has since sought wider legal recourse to address its concerns, which has led to this latest decision of the U.S. Supreme Court, which essentially returns the decision to the Court of Appeal for reconsideration.
Which is a big win for LinkedIn – but there is still no guarantee that the Court of Appeal will find a reason to change its original decision and ask broader questions about who owns publicly available information that does not cover this particular use.
That’s an important case, not just for LinkedIn, but for social media platforms in general. Last year, Facebook too initiated legal proceedings against two companies for similar data collection, through which these organizations were found to extract Facebook credentials for use in their own digital intelligence tools.
On the other hand, there is some logic to the fact that if this information is publicly available, there is no legal reason why others cannot use it – even though LinkedIn stated that hiQ’s software bots are capable of gathering data on a huge scale, “far beyond what any individual could do when looking at public profiles”.
Still, it is publicly available information. But once again, as noted, users sign the instructions and rules of use for each platform, so they do not consent to other companies using the same information.
Is this a sufficient attitude to create new rules around them, or is the same observation being reused?
The answer is not definitive, but in the evolving era of data protection, it seems that laws must also evolve to cover such cases.
It is an important case to consider that can have a significant impact on the future performance of social platforms, including possible restrictions on what information is placed on non-user audiences.