Thanks in part to the Facebook-Cambridge Analytica data sharing opprobrium, there has been renewed interested in domestic U.S. privacy law by the general public. ~David Williams, CIPP/US, CIPM
In the wake of the Cambridge Analytica scandal, it remains to be seen if meaningful privacy legislation will be presented. Nonetheless, issues such as the one presented in hiQ v. LinkedIn, suggest that it is time for user-centric privacy legislation to be in place. In many ways, the requirements of the GDPR are already making an impact, but the issue here is unique in that the service provider is being forced to allow the scraping.
I believe that a codified right over personal data in the U.S. would be ideal solution.
However, at a minimum, there should be a requirement for a contract to exist between the scraper and the service provider being scraped. A requirement such as this could prompt service providers to ensure that proper consent and notice have been provided to their users, as well as provide service providers with grounds upon which they ensure that the data of individuals who do not want their data scraped can be respected. In many ways, this is how business is currently done. Yet, mandating that scraping require a contract to exist will ensure that instances like the one in hiQ v. LinkedIn will be eliminated, thereby protecting the privacy of users.
I am not in any way trying to profess to have knowledge of all of the issues that could arise from such a requirement. I believe that it is crucial that companies like LinkedIn, Facebook and Google to name a few, are involved in the drafting of user-centric privacy legislation.
I am a huge believer in privacy controls and rules because I believe that they help to ensure that services like LinkedIn continue to be empowering. While ultimately this case does not turn on this privacy issue, I think that there are major privacy implications that could arise depending on the outcome of this case that remains to be seen.
Ironically, the implications of the Facebook-Cambridge Analytica scandal might impact this case as well. Even as the GDPR quickly approaches its enforcement date and the Facebook issue continues to dominate the news cycle, I, for one, will be closely watching the results of LinkedIn v. hiQ. I hope that this piece has put the case on your radar if it was not already.