The legality of scraping LinkedIn is a nuanced question with significant legal precedents. While LinkedIn's Terms of Service prohibit scraping, recent court rulings have established important limitations on what LinkedIn can enforce.

The short answer: Scraping publicly accessible LinkedIn data is generally legal, but you must follow specific guidelines to stay compliant with federal law.

Web scraping is the automated process of extracting data from websites. For LinkedIn, this typically means collecting publicly visible profile information such as:

• Names and job titles
• Company affiliations
• Work history and education
• Public posts and activity

flux.report uses ethical scraping practices to monitor profile changes, only accessing information that users have chosen to make public.

The most significant legal precedent comes from hiQ Labs, Inc. v. LinkedIn Corporation, a case that fundamentally changed how we understand web scraping legality.

Background

hiQ Labs created analytics tools by scraping publicly available LinkedIn profiles. LinkedIn sent cease-and-desist letters claiming this violated the Computer Fraud and Abuse Act (CFAA) and threatened to block hiQ's access.

Court Ruling

The Ninth Circuit Court of Appeals ruled in favor of hiQ Labs, establishing that:

• Public data is not protected by the CFAA - If information is publicly accessible without a login, scraping it does not constitute "unauthorized access"
• Terms of Service alone cannot create CFAA violations - Simply violating a website's Terms of Service does not automatically make scraping illegal under federal law
• Website owners have limited control over public data - Once data is made public, the website owner's ability to restrict access is constrained

In 2021, the Supreme Court further clarified the CFAA in Van Buren v. United States, a case that has important implications for web scraping.

The Ruling

The Supreme Court held that the CFAA's "exceeds authorized access" provision applies only when someone accesses information they're not entitled to access at all, not when they access authorized information for an improper purpose.

Impact on Web Scraping

This ruling reinforces that:

• Accessing publicly available data is not a CFAA violation
• Using data in ways the website owner dislikes doesn't constitute "unauthorized access"
• The CFAA is not a "sweeping Internet-police mandate"

The Computer Fraud and Abuse Act (CFAA) is the primary federal law LinkedIn and other websites cite when trying to prevent scraping. Here's what you need to know:

What the CFAA Actually Prohibits

The CFAA makes it illegal to:

• Access a computer without authorization
• Exceed authorized access to obtain information
• Cause damage through unauthorized access

What the CFAA Does NOT Prohibit

Based on recent court rulings:

• Accessing publicly available information
• Violating Terms of Service (TOS violations alone are not CFAA violations)
• Using automated tools to collect public data

Key Takeaway: If LinkedIn data is publicly accessible without login, accessing it does not violate the CFAA, regardless of what LinkedIn's Terms of Service say.

While scraping public LinkedIn data is legal, following these best practices ensures you stay compliant and ethical:

1. Only Access Public Data

• Don't scrape profiles or information that require login
• Respect privacy settings - if someone made their profile private, don't try to access it
• flux.report only monitors publicly visible profile information

2. Respect Rate Limits and Server Resources

• Don't make excessive requests that could burden LinkedIn's servers
• Implement reasonable delays between requests
• Use caching to minimize redundant requests

3. Identify Your Bot Properly

• Use a clear User-Agent string
• Provide contact information for your scraping service
• Respect robots.txt guidelines where appropriate

4. Don't Misrepresent Your Activity

• Don't use deceptive practices to access data
• Don't attempt to circumvent security measures
• Be transparent about your data collection practices

5. Comply with Data Protection Laws

• Follow GDPR requirements if handling EU residents' data
• Comply with CCPA for California residents
• Provide mechanisms for data subjects to request deletion

flux.report is designed with legal compliance as a core principle:

• Public Data Only: We only monitor information that users have chosen to make publicly visible on LinkedIn
• No Authentication Circumvention: We don't attempt to access private profiles or bypass LinkedIn's access controls
• Reasonable Rate Limiting: Our monitoring infrastructure respects server resources and implements appropriate delays
• User Control: Users explicitly choose which profiles to monitor, and can delete monitoring data at any time
• Data Protection Compliance: We follow GDPR and CCPA requirements for handling personal data
• Legitimate Business Purpose: flux.report helps sales and recruiting professionals maintain relationships by staying informed of career changes

The legal landscape for web scraping has evolved significantly, with courts consistently holding that scraping publicly accessible data does not violate the CFAA or constitute unauthorized access.

Key Legal Principles:

• Public data can be legally scraped (hiQ v. LinkedIn)
• Terms of Service violations alone don't create CFAA liability (Van Buren v. US)
• Website owners have limited ability to restrict access to public information
• Ethical practices and compliance with data protection laws remain important

flux.report operates within these legal boundaries, providing a valuable service while respecting both legal requirements and ethical standards.

• hiQ Labs, Inc. v. LinkedIn Corp., 938 F.3d 985 (9th Cir. 2019) - Court Opinion (PDF)
• Van Buren v. United States, 593 U.S. ___ (2021) - Supreme Court Opinion (PDF)
• Computer Fraud and Abuse Act, 18 U.S.C. § 1030 - Full Text
• Electronic Frontier Foundation: hiQ v. LinkedIn Analysis - Article