Web Scraping can be Misappropriation of Trade Secrets featured image

Web Scraping can be Misappropriation of Trade Secrets

by John DiGiacomo

Partner

Internet Law

A recent decision from the US Court of Appeals for the 11th Circuit has held that web scraping data from a public website can, under some circumstances, be deemed a misappropriation of trade secrets. See Compulife Software, Inc. v. Newman, Case Nos. 18-12004, 18-12007 (11th Cir. May 20, 2020). The case was decided under the Florida version of the Uniform Trade Secrets Act (“UTSA”). 47 states have enacted the UTSA, so the case has potential applicability in most jurisdictions in the country and is relevant also for cases filed pursuant to the federal Defend Trade Secrets Act (DTSA).

Web Scraping is a technique for extracting data from publicly accessible websites. It is not a traditional form of “hacking,” which involves breach of some security protocol. In theory, web scraping is done “with permission” in the sense that access to the website and the data is allowed. The person engaged in web scraping uses a code software application, or a “bot,” to request information from a server using ordinary commands. An individual can use these commands to obtain data and information from the website’s server. The bot, however, can use the commands to obtain data from the website at the rate of several queries per second. Each query is technically made one at a time, but the automated nature of the bot allows the web scraper to extract tremendous amounts of data in a very short amount of time. As the court explained in Compulife, by formulating queries in an orderly fashion and recording the resulting information, the bot can create a copy of a database underlying a website.

That is what was alleged in the Compulife case. Compulife operates a web-based life insurance quote service that allows registered users to compare life insurance quotes offered by various insurance companies. The plaintiff alleged that the web scraper, an individual hired by a competitor, used a bot to run millions of queries that effectively duplicated the relevant Compulife databases in about four days.

In the lawsuit, among many legal causes of action, Compulife alleged that the defendants misappropriated Compulife’s trade secrets through this web scraping technique. To state a cause of action for trade secret misappropriation, the trade secret owner must allege and prove

  • Possession of a trade secret and
  • That the secret was misappropriated by improper means

In response to the trade secret claim, the defendants argued that the data was not “secret” since it was available to the public, and that web scraping was not “improper” because it was just an automated version of what users were allowed to do.

At the trial level, the assigned Magistrate Judge agreed with the defendants. The Magistrate held that the data was not protectible under the trade secret laws because each quote obtained by the web scraping queries was publicly available and, therefore, not “secret.” Likewise, even if the quotes were subject to the trade secret laws, there was no misappropriation because there was no “improper means.” If an individual could make the query, then using a bot to make the same queries was not misappropriation of trade secrets.

On appeal, the 11th Circuit disagreed. It was conceded by Compulife that the result of a single query was not a trade secret. However, the court held that the status of an individual query as a “secret” might be different from the status of the entire database. Reasonable security measures are needed for data to be deemed a “trade secret.” Although public availability was one factor suggesting that the data was not securely protected, public availability did not automatically strip the database of its trade secret status. More evidence was needed on other security measures put in place by Compulife.

Likewise, on the question of misappropriation, the court held that more evidence was needed. The legal issue is whether the web scraping can be deemed as an “improper means.” Trade secret law has long held that activities which might otherwise be independently lawful, such as aerial reconnaissance, might still constitute improper means for purposes of trade secret misappropriation. Further, while executing one query might not be misappropriation, at some point, executing a sufficient quantity of queries might be. The court also reasoned that intent and permission were relevant in that Compulife might have consented to multiple queries by an individual or company — even thousands of queries — but that consent did not automatically mean that Compulufe consented to millions of queries. All of these factors were relevant to whether web scraping was an “improper means.” The case was returned to the Magistrate Judge for further proceedings.

This is an important case since web scraping has become more and more common. The case provides some practical lessons for companies allowing public access to their data. For example, at a minimum, the relevant Terms of Service Agreement should explicitly limit the allowable access to the data and forbid duplication and storage. Such contractual limitations will constitute a form of “reasonable security measure” that will help protect the database as a “trade secret.” If you have questions about protecting your trade secrets or if you need to initiate trade secret litigation, contact the trade secret lawyers at Revision Legal at 231-714-0100.

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side