Web Scraping can be Misappropriation of Trade Secrets featured image

Web Scraping can be Misappropriation of Trade Secrets

by John DiGiacomo

Partner

Internet Law

A recent decision from the US Court of Appeals for the 11th Circuit has held that web scraping data from a public website can, under some circumstances, be deemed a misappropriation of trade secrets. See Compulife Software, Inc. v. Newman, Case Nos. 18-12004, 18-12007 (11th Cir. May 20, 2020). The case was decided under the Florida version of the Uniform Trade Secrets Act (“UTSA”). 47 states have enacted the UTSA, so the case has potential applicability in most jurisdictions in the country and is relevant also for cases filed pursuant to the federal Defend Trade Secrets Act (DTSA).

Web Scraping is a technique for extracting data from publicly accessible websites. It is not a traditional form of “hacking,” which involves breach of some security protocol. In theory, web scraping is done “with permission” in the sense that access to the website and the data is allowed. The person engaged in web scraping uses a code software application, or a “bot,” to request information from a server using ordinary commands. An individual can use these commands to obtain data and information from the website’s server. The bot, however, can use the commands to obtain data from the website at the rate of several queries per second. Each query is technically made one at a time, but the automated nature of the bot allows the web scraper to extract tremendous amounts of data in a very short amount of time. As the court explained in Compulife, by formulating queries in an orderly fashion and recording the resulting information, the bot can create a copy of a database underlying a website.

That is what was alleged in the Compulife case. Compulife operates a web-based life insurance quote service that allows registered users to compare life insurance quotes offered by various insurance companies. The plaintiff alleged that the web scraper, an individual hired by a competitor, used a bot to run millions of queries that effectively duplicated the relevant Compulife databases in about four days.

In the lawsuit, among many legal causes of action, Compulife alleged that the defendants misappropriated Compulife’s trade secrets through this web scraping technique. To state a cause of action for trade secret misappropriation, the trade secret owner must allege and prove

  • Possession of a trade secret and
  • That the secret was misappropriated by improper means

In response to the trade secret claim, the defendants argued that the data was not “secret” since it was available to the public, and that web scraping was not “improper” because it was just an automated version of what users were allowed to do.

At the trial level, the assigned Magistrate Judge agreed with the defendants. The Magistrate held that the data was not protectible under the trade secret laws because each quote obtained by the web scraping queries was publicly available and, therefore, not “secret.” Likewise, even if the quotes were subject to the trade secret laws, there was no misappropriation because there was no “improper means.” If an individual could make the query, then using a bot to make the same queries was not misappropriation of trade secrets.

On appeal, the 11th Circuit disagreed. It was conceded by Compulife that the result of a single query was not a trade secret. However, the court held that the status of an individual query as a “secret” might be different from the status of the entire database. Reasonable security measures are needed for data to be deemed a “trade secret.” Although public availability was one factor suggesting that the data was not securely protected, public availability did not automatically strip the database of its trade secret status. More evidence was needed on other security measures put in place by Compulife.

Likewise, on the question of misappropriation, the court held that more evidence was needed. The legal issue is whether the web scraping can be deemed as an “improper means.” Trade secret law has long held that activities which might otherwise be independently lawful, such as aerial reconnaissance, might still constitute improper means for purposes of trade secret misappropriation. Further, while executing one query might not be misappropriation, at some point, executing a sufficient quantity of queries might be. The court also reasoned that intent and permission were relevant in that Compulife might have consented to multiple queries by an individual or company — even thousands of queries — but that consent did not automatically mean that Compulufe consented to millions of queries. All of these factors were relevant to whether web scraping was an “improper means.” The case was returned to the Magistrate Judge for further proceedings.

This is an important case since web scraping has become more and more common. The case provides some practical lessons for companies allowing public access to their data. For example, at a minimum, the relevant Terms of Service Agreement should explicitly limit the allowable access to the data and forbid duplication and storage. Such contractual limitations will constitute a form of “reasonable security measure” that will help protect the database as a “trade secret.” If you have questions about protecting your trade secrets or if you need to initiate trade secret litigation, contact the trade secret lawyers at Revision Legal at 231-714-0100.

Extra, Extra!
Recent Posts

2025 Changes to Trademark Fees

2025 Changes to Trademark Fees

Trademark

There are some significant changes coming to the United States Patent and Trademark Office (USPTO) that will affect trademark filings beginning January 18, 2025. These changes include the introduction of the Trademark Center, new fees, and revised application requirements. Here is an overview of the key changes: The USPTO will retire the TEAS system, which […]

Read more about 2025 Changes to Trademark Fees

Automated Decision-Making Technology: California Releases Proposed Regulations

Automated Decision-Making Technology: California Releases Proposed Regulations

Internet Law

In today’s competitive e-commerce landscape, automated decision-making technology is becoming more and more important. From personalized product recommendations to targeted advertising and streamlined logistics, these systems help ecommerce businesses adapt and grow. But new regulations are on the horizon, and these changes could reshape the way e-commerce businesses use automation. The California Privacy Protection Agency […]

Read more about Automated Decision-Making Technology: California Releases Proposed Regulations

FTC Adopts Final “Click to Cancel Rule”

FTC Adopts Final “Click to Cancel Rule”

Internet Law

The Federal Trade Commission (FTC) has issued final amendments to its trade regulation rule concerning negative option plans, also known as the “click to cancel rule.” This rule aims to address widespread deceptive practices that prohibit customers from cancelling services in the same manner in which they signed up. Here’s a detailed summary of the […]

Read more about FTC Adopts Final “Click to Cancel Rule”

Put Revision Legal on your side