Hmm, I suspect we’ve had a terminology problem…
You’re right that “private” is an ambiguous term. Instead, let’s create a clear distinction by using the terms “public” (in the traditional sense) and “non-public”:
Non-public data: data that is made available only to those who sign in with a password
Public data: data that is made available to anyone without requiring them to sign in with a password
Courts seem to be leaning towards this password-based approach for determining whether data is public.
If you have to sign in with a password to get it, it is non-public — the visibility settings, user expectations, and the user’s intentions are irrelevant. If you can get it without a password, it’s public.
“Does a company have the legal right to control who can access its non-public data?”
If I understood your comments correctly, I think that you were often talking about control over non-public data (like FB posts that are shared with friends of friends, or even everyone on FB).
I find your argument that control is necessary so that companies can protect user privacy and expectations to be unpersuasive. In general, I think recognizing or enforcing legal rights based primarily on what anyone says/thinks, intends, or expects to do is a bad idea.
I instead use the basic “property rights” argument (it’s their site, they get to control who accesses it). But we get to the same place:
if the site puts it behind a password, it is non-public and the site legally controls who can or can’t access it.
So, we fully agree on that point — as do the courts (including the court in the hiQ case).
“Does a company have a legal right to control who can access its public data?”
Your original post references a case that is about the separate issue of control over public data. That’s what I’ve been talking about.
Right now, LinkedIn can legally prevent hiQ and anyone else from scraping its profiles without its permission — it’s as simple as making the data non-public by sticking the profiles behind a password (or API).
The decision to make something public comes with benefits and costs. It is well-established and understood that if you choose to make something public (like, say, a trade secret, or the first publication of a song), you lose certain legal rights that exist specifically to protect things that are not public.
LinkedIn’s complaint was basically that it wants to make its data public and still retain the rights that we recognize for data that is non-public.
To do this, LinkedIn asked the court to apply the law in a way that would effectively give any site the absolute right to prevent, for literally any reason and with no oversight, a single person or business from accessing information that is freely available to everyone.
Further, LinkedIn’s requested outcome would allow a private company to unilaterally make it federal offense — a felony — for a single person to do something that everyone else can lawfully do.
That’s a big ask, and raises a bunch of really big issues, simply to avoid playing by the rules.
This is an especially bold request with the particular facts of hiQ’s case — even if LinkedIn does generally have a right to exert this control over public data, there is a compelling argument that it would not be fair to let it do so in this instance … purely as a result of LinkedIn’s own actions.
Hypothetical Injuries
“if all the information it gets is scraped from LinkedIn and users find out and start reducing the data they put into LinkedIn, then HiQ has actually hurt LinkedIn in the market while they have market success.”
Yes, that would be unfair to LinkedIn.
But another possibility is that users find out and start increasing the data they put into LinkedIn because they want to have all their awesomeness fully represented in hiQ’s Skill Mapper product.
LinkedIn can act now based on its prediction, but it’s unreasonable to ask anyone else (including a court) to do so.
If LinkedIn is ever actually harmed by hiQ’s scraping, then at the very first sign of actual (or even imminent) harm LinkedIn can ask a court to make hiQ stop and compensate LinkedIn for the harm caused.
In the meantime, unfair things happen all the time as a normal result of competition.
The default rule is that economic harm resulting from lawful business activities is not “unfair” in the sense that it warrants correction or compensation under the law. There are exceptions, but none that allow the court to remedy problems that are still completely speculative.
