A New Common Law of Web Scraping
25 Lewis & Clark L. Rev. 147 (2021)
61 Pages Posted: 18 May 2020 Last revised: 4 Jun 2024
Date Written: April 21, 2020
Abstract
The Clearview AI facial recognition scandal is a monumental breach of privacy that arrived at a particularly inopportune time. A shadowy company reportedly scraped billions of publicly-available images from social media platforms and compiled them into a facial recognition database that it made available to law enforcement and private industry. To make matters worse, the scandal came to light just months after the Ninth Circuit’s decision in hiQ v. LinkedIn, which held that scraping the public web probably does not violate the Computer Fraud and Abuse Act (CFAA). Before hiQ, the CFAA would have seemed like the surest route to redress against Clearview. This Article analyzes the implications of the hiQ decision, situates the Clearview outrage in historical context, explains why existing legal remedies give aggrieved plaintiffs little to no recourse, and proposes a narrow tort to empower ordinary Internet users to take action against gross breaches of privacy by actors like Clearview: the tort of bad faith breach of terms of service.
Part I argues that the Ninth Circuit’s hiQ decision marks, at least for the time being, the reascension of common law causes of action in a field that had been dominated by the CFAA. Part II shows that the tangle of possible common law theories that courts must now adapt to cyberspace resembles the strained property and contract concepts that jurists and privacy plaintiffs reckoned with at the turn of the 20th century. It suggests that modern courts, following the example some of their predecessors set over a century ago, may properly recognize some common law remedies for present-day misconduct. Part III catalogs familiar common law claims to argue that no established property, tort, or contract claim fully captures the relational harm that conduct like Clearview’s wreaks on individual Internet users. Part IV proposes a new tort, bad faith breach of terms of service, that can provide aggrieved plaintiffs with a proper remedy without sacrificing doctrinal fidelity or theoretical coherence.
Keywords: facial recognition, law, privacy, tort, clearview, scraping, cyberlaw, internet law, intellectual property
JEL Classification: K10, K11, K12, K13, K24, O34
Suggested Citation: Suggested Citation