Scraping LinkedIn profiles could be legal. Is that creepy?
An interesting American court ruling discusses whether the company hiQ Labs may legally scrape public LinkedIn profiles and sell analyses based on that information.
LinkedIn tries to portray this as an attack to its efforts to protect the privacy of its users. Some media seem to buy this line: Having a public profile just got more risky (the Independent); Is your boss checking up on you? Court rules software IS allowed to look for changes to your LinkedIn profile that suggest you’re quitting your job (Daily Mail).
It’s worthwhile to read the actual ruling. Judge Edward M. Chen pretty much trashes LinkedIn’s argument:
LinkedIn’s professed privacy concerns are somewhat undermined by the fact that LinkedIn allows other third-parties to access user data without its members’ knowledge or consent.
LinkedIn specifically refered to users who use the don’t broadcast feature, which prevents the site from notifying other users when these users make profile changes. hiQ could be violating these users’ privacy by informing their employers about profile changes, which may be an indication that they’re looking for another job.
However, hiQ presented marketing materials from LinkedIn suggesting LinkedIn does exactly the same:
Indeed, these materials inform potential customers that when they ‘follow’ another user, «[f]rom now on, when they update their profile or celebrate a work anniversary, you‘ll receive an update on your homepage. And don‘t worry – they don‘t know you‘re following them.»
All in all, LinkedIn has credibility issues when it claims it’s protecting its users’ privacy. Perhaps what hiQ does is creepy, but not more creepy than what LinkedIn is doing itself. (It’s a bit reminiscent of Facebook, which limited access to user data through it’s public API, claiming it was protecting its users’ privacy.)
There’s more to the case than just the privacy issue. For example, can a website owner prohibit the automated retrievel of otherwise public information? Can they sanction specific users for even looking at their website («effectuating the digital equivalence of Medusa»)? And is it ok for LinkedIn to use it’s dominant position in the professional networking market to stifle competition in a different market? It will be interesting to see how this develops.