LinkedIn vs HiQ Aftermath: Ninth Circuit Doctrine in 2026
HiQ Labs lost at trial 2024. Ninth Circuit's public-data scraping doctrine reshaped by Bright Data v. Meta SJ + district rulings. Public-data scraping protected against CFAA; contract and tort claims remain. Scrapers safer on access, more exposed on downstream use.
The HiQ Labs vs LinkedIn litigation closed in 2024 with HiQ losing at trial. The case had been the most-watched piece of public-data scraping case law since its 2017 origin. The trial loss did not, however, settle the broader Ninth Circuit doctrine — the Bright Data vs Meta summary judgment in January 2024 and several subsequent district-court rulings have continued to shape the rules around what scrapers can and cannot do.
The current Ninth Circuit doctrine, two years post-HiQ-trial-loss, is more nuanced than either side’s advocates argued during the case. Scrapers have meaningful protection against CFAA (Computer Fraud and Abuse Act) claims when targeting public data. They have meaningful exposure under contract, trespass-to-chattels, and unfair-competition theories. The net effect is that the access question (can you scrape) is largely settled in scrapers’ favor; the downstream-use question (what you do with the scraped data) remains actively litigated.
The post-HiQ legal landscape
Three threads of case law continue to develop in the Ninth Circuit.
CFAA claims against public-data scraping mostly fail. The Supreme Court’s 2021 Van Buren decision narrowed CFAA’s “exceeds authorized access” provision to circumstances closer to traditional computer crime. The Ninth Circuit’s HiQ rulings interpreted this narrowly for scraping: accessing public-facing data without bypassing technical access controls is not a CFAA violation, even when the target platform’s ToS prohibits scraping. This part of the doctrine is now stable. Plaintiffs filing CFAA claims against public-data scraping lose.
Contract claims against scraping with prior ToS acceptance succeed more often. A scraper that previously created a platform account (and therefore accepted the ToS) faces a viable contract-based claim if it then scrapes against ToS terms. The HiQ case turned partly on this — HiQ’s prior interactions with LinkedIn created a contract relationship that complicated the public-data defense. Bright Data sidestepped this by carefully maintaining a logged-out posture throughout its scraping of Meta. The contract-vs-public-data distinction is now the operative line.
Tort claims (trespass to chattels, tortious interference) remain available but face high bars. A platform can sue under tort theories for scraping that causes measurable system harm (server load, infrastructure costs) or that interferes with the platform’s relationships with its users. These claims are harder to win than CFAA but easier than they were pre-Van Buren. The post-2024 cases show plaintiffs increasingly using these theories where CFAA claims would have been used in 2018-2020.
What HiQ’s trial loss actually meant
The 2024 trial loss for HiQ was on contract grounds. The jury found that HiQ had violated LinkedIn’s User Agreement by continuing to scrape after LinkedIn revoked its API access. The CFAA claim was already off the table by that point because of the Ninth Circuit’s earlier rulings.
The trial outcome narrowed the practical scraping playbook in three ways:
Stay logged-out throughout the engagement. Any prior account creation or API usage creates contract exposure. The “Bright Data move” — explicit avoidance of any logged-in interaction with the target — became the canonical posture.
Don’t bypass technical access controls. The CFAA protection is narrow. Bypassing rate limits, evading IP bans, or circumventing CAPTCHAs may not be CFAA violations directly, but they reduce the public-data defense’s effectiveness if litigation goes to trial.
Document the data-use carefully. HiQ’s downstream use of LinkedIn data was an aggravating factor at trial. A scraper that documents lawful-basis processing under applicable privacy laws, that respects opt-out signals, and that does not resell data into clearly competitive channels has a better defensive posture than one that does not.
The Bright Data v. Meta synthesis
The Bright Data SJ in January 2024 was the cleanest post-HiQ data point. Meta sued Bright Data for scraping Facebook and Instagram public data. The court granted summary judgment for Bright Data on Meta’s contract claims, because Bright Data had never logged into the platforms — the scraping operated entirely from a logged-out posture.
The ruling crystallized the “logged-out doctrine” that the Bright Data v. Meta aftermath analysis covers in detail. A scraper that maintains a strict logged-out posture against a target sits in the most defensible legal position the Ninth Circuit currently offers. The price is that some data is only available behind login (Facebook private posts, LinkedIn private profile fields), but the public-facing surface is large and protected.
The subsequent district-court rulings in 2024-2025 have reinforced this distinction. Logged-out scraping of public-facing data wins. Logged-in scraping or scraping after prior account interaction loses on contract grounds.
What it means for Apify publishers
For Apify Store publishers building actors that scrape LinkedIn, Facebook, Instagram, or other Ninth Circuit-governed platforms, the operational guidance is now clear.
Build for logged-out scraping wherever possible. The legal protection is materially stronger. The Bright Data infrastructure pattern is the canonical example. Actors that require user credentials should be marketed as user-credential-required rather than as scraping in the broader sense — different legal regime applies.
Document the actor’s data-use posture. README documentation that explains lawful-basis processing, opt-out compliance, and data minimization reduces the litigation risk if the actor’s output ever surfaces in a downstream legal proceeding.
Be wary of “No Cookies” branding. The Q1 2026 lead-extractors census on this site documented that “No Cookies” emerged as the canonical positioning move in the LinkedIn-scraping segment. The branding signals logged-out scraping, which is the defensible posture. But the branding also signals to platform legal teams that the actor is deliberately positioning for the protected zone, which can attract additional defensive attention.
The longer-term implication for the LinkedIn-scraping segment specifically: the Ninth Circuit doctrine protects the activity, but the platforms continue to invest heavily in technical defenses that make the activity expensive even when legal. The combination of “legally allowed but technically hard” is the equilibrium the segment has reached. The travel-scraping pattern of consolidating to well-resourced operators is starting to apply to LinkedIn scraping as well — the legal protection is real but does not by itself make the operation cheap.
The Ninth Circuit doctrine will continue to develop. The next consequential ruling will likely come from a case combining the logged-out scraping posture with a clearly commercial downstream use that the platform argues constitutes unfair competition. The outcome of that case will set the next boundary on what logged-out scrapers can do with the data they collect.
Sources