IsWebScrapingLegal

Is It Legal to Scrape LinkedIn? What hiQ v. LinkedIn Actually Decided

Scraping publicly visible LinkedIn profiles while logged out does not violate the Computer Fraud and Abuse Act — that is the core holding of hiQ Labs v. LinkedIn. But the same case ended with hiQ losing on a different claim: scraping while logged in breached LinkedIn's User Agreement. The legal line runs between public, logged-out access and authenticated access.

"Can I scrape LinkedIn?" is probably the single most-asked question in web scraping, and most answers get the case law half right. The famous 2022 ruling was a win for scrapers — but the end of the same lawsuit was a win for LinkedIn. Both halves matter if you want to stay on the right side of the line.

The half everyone quotes: public scraping is not "hacking"

hiQ Labs built analytics products on data scraped from public LinkedIn profiles. LinkedIn sent a cease-and-desist and argued that continued scraping violated the Computer Fraud and Abuse Act (CFAA) — the federal anti-hacking statute. In 2022, after a trip to the Supreme Court and back, the Ninth Circuit held that accessing data the public can see without logging in is not "access without authorization" under the CFAA. A page with no password gate has no gate to break.

This is the holding that made "web scraping is legal" headlines, and for public data it remains the controlling rule in the Ninth Circuit. It fits a broader pattern: in Meta v. Bright Data (2024), a federal judge granted summary judgment to the scraper on Meta's contract claims because Bright Data scraped Facebook and Instagram while logged out, and Meta then dropped the case.

The half everyone forgets: hiQ still lost

The CFAA ruling did not end the lawsuit. Back in the district court in late 2022, it came out that hiQ had also scraped while logged in — including through fake accounts ("turkers") — and the court found this breached LinkedIn's User Agreement. The case ended in a settlement and a permanent injunction against hiQ. The company that "won" the most famous scraping case in history was barred from scraping LinkedIn and later shut down.

The lesson: creating an account means accepting the User Agreement, and LinkedIn's agreement prohibits automated collection. Logged-in scraping is a contract problem even when it is not a CFAA problem.

Where the line sits in 2026

  • Public profiles, logged out: not a CFAA violation (hiQ), and under Meta v. Bright Data, platform terms generally cannot bind a scraper who is not using an account.
  • Logged-in scraping: breaches the User Agreement you accepted — this is exactly how hiQ ultimately lost. Account bans and contract claims are real risks.
  • Privacy law still applies: profile data is personal data. If you scrape profiles of EU or California residents, GDPR and CCPA obligations attach regardless of how you accessed the page — see our GDPR/CCPA compliance guide.
  • Technical countermeasures: LinkedIn aggressively rate-limits, fingerprints, and blocks scrapers. Legality and feasibility are different questions.

What this means for sales teams

Most teams don't actually need to scrape LinkedIn themselves — they need compliant contact data. Platforms like Sales.co provide B2B contact data collected through compliant methods, so your outreach is built on data with a defensible provenance instead of a logged-in scraper running against LinkedIn's terms.

For the broader legal framework — robots.txt, copyright, and the privacy statutes — start with our definitive legal guide and the case law history.

Get new benchmarks & guides by email

Fresh data and tactical guides as we publish them. Monthly at most, unsubscribe anytime.