California Court: Facebook Can Enforce No Scraping Prohibition in Terms of Service in Password-Protected Section of Site


Facebook aggressively monitors web scraping on its platforms. And they aren’t shy about sending out cease and desist letters when they believe someone is violating their terms of service.

After the Ninth Circuit’s decision in hiQ Labs, Inc. v. LinkedIn Corp. in 2019, however, there might have been some question whether a court (and, in particular, a court in the Ninth Circuit) would enforce that cease-and-desist letter. Well, we have our answer. As Facebook Inc. v. BrandTotal Ltd., 2020 WL 6562349 (N.D. Cal. Nov. 9, 2020) shows, Courts still seem to open to Facebook to enforce its terms of service agreement against web scrapers. 

This case involved a company named BrandTotal that “offered programs called UpVoice and Ads Feed that users could install as extensions for the Google Chrome.” The company would receive users’ permission to scrape the information, “and send the scraped data to the user’s computer, and then to servers that [BrandTotal] controlled.”

In distinguishing the case from hiQ Labs, the court found the following to be persuasive:

Facebook’s general interest in policing access to the password-protected portions of its networks is far greater than LinkedIn’s interest in restricting access to otherwise public pages in hiQ. See Stackla, 2019 WL 4738288, at *6 (concluding that “Facebook’s ability to decisively police the integrity of its platforms is without question a pressing public interest”); cf. hiQ, 938 F.3d at 992 (rejecting an argument that the plaintiff could collect suitable data from sources other than LinkedIn, because “Facebook data, by contrast, is not generally accessible”). Users on Facebook’s networks choose [sic] share information with specific people, and could reasonably be expected to rely on Facebook’s privacy settings and terms of use to prevent automated collection of that information by third parties. See, e.g., Clark Decl. (dkt. 41) ¶¶ 5(b)-(d).

Facebook Inc. v. BrandTotal Ltd.

That part of the ruling wasn’t surprising to me. But I think it might be surprising to some in the web scraping community.

But there is one thing I did find unusual about this case. The court noted that the FTC had an order in place obligating Facebook to place certain restrictions on third-party usage of its data. The court considered this important in reaching its conclusion in denying BrandTotal’s Temporary Restraining Order to permit access to Facebook’s data. In essence, Facebook’s prior allegations of misconduct with data privacy were used as persuasive evidence of restricting others’ access to data. In essence, because Facebook allegedly made a mess of things with the Cambridge Analytica scandal, it was able to use its past issues as an argument in favor of limiting competitor access to data. That’s a novel argument and surprising it worked here. I anticipate, however, that the result would have been the same even without that argument, but the trial court sought to bolster its decision with additional rationale for a potential appeal.

If you’re a web scraper, you need to be aware to know that the laws of web scraping are nuanced and changing. And that prohibitions on scraping password-protection sections of websites may be enforceable, depending on the facts and circumstances of the case.

This blog post is for informational purposes only. The views expressed in this post may not reflect the opinions of other attorneys at the firm or the firm’s clients.