The ability of companies to prevent scraping of their publicly available information may now be limited.
In hiQ, LinkedIn argued that hiQ's use of automated tools to access and copy publicly posted data after receiving a cease-and-desist letter violates the CFAA's prohibition on intentional access of a computer "without authorization." However, the court held that the CFAA's "without authorization" provision applies to the circumvention of "permissions, such as username and password requirements" that "demarcate" certain data as private. The court thus found that hiQ's practices likely do not constitute an unauthorized access where LinkedIn does not prevent public access to the data at issue.
It is important to note that the Ninth Circuit issued its opinion in a procedural posture that required it to decide only whether hiQ raised "serious questions" that its scraping complies with the CFAA. While the court did not issue a definitive ruling, the opinion suggests how the Ninth Circuit likely will ultimately interpret the CFAA in this context.