HiQ Labs, Inc. v. LinkedIn Corp. – reflections from the 9th Circuit
Can LinkedIn prevent a software company from turning your public profile into a people analytics product?
I’d like to take a big broader of a view of the assignment here, focusing on “other public source of information,” and discuss a recent federal lawsuit related to people analytics. While much of the world of people analytics remains fairly unregulated in the United States, there has been some notable litigation between private corporations that centers on people analytics. In this post, I will discuss hiQ Labs, Inc. v. LinkedIn Corp, 938 F.3d 985 (9th Cir. 2019), a “recent” decision from the federal bench directly involving a people analytics company.
HiQ Labs is people analytics company. The two main products it offers that were at issue in the case could perhaps be considered “traditional” people analytics uses:
- “Keeper” – modeling that tries to predict which employees are likely to leave a company, in part informed by data scraped from LinkedIn. (On the website, the company writes: “Keeper is the first HCM tool to offer predictive attrition insights about an organization’s employees based on publicly available data.”)
- “Skill Mapper” – a combination of topic modeling and network analysis that tries to aggregate information about skills, as reported in LinkedIn, with the goal of identifying relative gaps and relative strengths. (On the website, the company writes: “Because Skill Mapper is based on publicly available data, you can explore the full scope of your workforce’s skills, including skills from previous and current roles.”)
A former HiQ Labs employee (Genevieve Graves, Chief Science & Product Strategy Officer) actually had an article related to the work published in Harvard Business Review.
Importantly, HiQ only accessed LinkedIn data that was publicly shared by site users. As you probably have experienced, there are a variety of privacy settings available to LinkedIn users, and if you set your profile to private, the HiQ scrapers would not pick it up. LinkedIn demanded that HiQ cease this activity, claiming that it was violating a variety of federal and state statutes, including the Computer Fraud and Abuse Act (entering a system without authorization) and the Digital Millennium Copyright Act. HiQ, in response, asserted a right to access publicly available information on LinkedIn profiles, and brought a claim to federal court seeking inductive relief that LinkedIn could not actually bring a cause of action under the federal statues it had claimed it could.
For the purposes of people analytics, the 9th Circuit’s most important finding was that HiQ did not violate the CFAA – since the “public” LinkedIn profiles are most closely associated with freely available information, LinkedIn is not able exclude HiQ from access the information, even with an automated/bot process. The court found “that giving companies like LinkedIn free rein to decide, on any basis, who can collect and use data—data that the companies do not own, that they otherwise make publicly available to viewers, and that the companies themselves collect and use—risks the possible creation of information monopolies that would disserve the public interest.”
What does this mean for the broader world of people analytics? I think there are a few incredibly important consequences that will follow from this decision (assuming it is not overturned or otherwise modified by the Supreme Court or other federal proceeding). First, our “digital exhaust” is large, perhaps much bigger than the average person thinks it is. LinkedIn is really only one (salient) piece of a much larger set of information “freely” available on the internet. All of that information is, essentially, inputs for people analytics, and there is no reason to believe that other companies would not seek to (legally) exploit this data to offer a people analytics product.
Another important thing to consider: there is a certain sense of “publicness” rooted in the real world – for example, if I am standing on public property, anyone may take my picture. I think we are embarking on journey of discovering what this “publicness” is in the virtual world, where the equivalent photograph is probably something more akin to people analytics. Taking a “snapshot” of a someone in a public virtual space is, inherently, an exercise in people analytics. While we may see GDPR-like regulation in the United States that addresses these issues somehow, in the short term we must remember that there is, essentially, a federal right for companies to access “public” data about you and create people analytics products from it.
Thanks for sharing, this is super interesting. My first reaction was wow, as a LinkedIn user, I’m definitely not thinking about (or even aware of!) these types of uses of my public profile data. While HiQ won this case, I wonder what types of “people v company” cases may follow (rather than “company v company.”) I imagine those will have broader scope and get to the issue you raise around the ambiguity of what it means to be “public” in a virtual world, and what a company like LinkedIn is allowed to do with the data on its own platform, let alone what an outside party can do.