Does data scraping violate the Computer Fraud and Abuse Act?
Very interesting write up on two legal cases that asked whether data scraping publically available sites violate the Computer Fraud and Abuse Act.
In hiQ Labs v. LinkedIn the court held that “[a] user does not ‘access’ a computer ‘without authorization’ by using bots [to scrape data].... when the data it accesses is otherwise open to the public.” In other words it is perfectly legal for a company to data scrape your LinkedIn public profile page. :-)
In the Sandvig v. Sessions case out of the District of Columbia the court stated that "Employing a bot to crawl a website or apply for jobs may run afoul of a website’s ToS (terms of service), but it does not constitute an access violation when the human who creates the bot is otherwise allowed to read and interact with that site” as “bots are simply technological tools for humans to more efficiently collect and process information that they could otherwise access manually.” That is a very interesting statement.
It is important to note that these cases were very narrowly written to the facts in the respective cases and they draw a distinction between public "access" and requiring authentication, i.e. username and password for access.