In this webinar with the experts Chiara Agostini, from the Italian law firm RP Legal & Tax and Yugo Nagashima, from the US-based law firm Frost Brown Todd, We compare the Italian Data Protection Authority (“DPA”) decision of the Clearview AI case to the HiQ Labs v. LinkedIn case decided by the United States Court of Appeals for the Ninth Circuit (“Ninth Circuit”).
Both decisions concern “data scraping”, meaning the extraction of data from a website and copying it into a structured format, allowing for data manipulation or analysis. However, despite the similarity of the action, the decisions of the two authorities are diametrically opposite. While the Clearview AI case in Italy ended with the Italian DPA assessing a fine of €20 million, the Ninth Circuit decision affirmed the district court’s decision that LinkedIn could not prohibit HiQ Labs from data scraping LinkedIn’s websites.
Why are these decisions so different?
After a quick introduction to the main elements of the two cases presented by Chiara and Yugo, it becomes clear that there are reasons. The most relevant reasons are summarized as follows:
1.The different fields of law:
The US-based HiQ case addresses tort and criminal law issues focusing on whether business conduct harms a competitor by collecting data from a publicly available website. On the contrary, the Clearview AI case addresses a violation of privacy laws that businesses must abide by. So, we are comparing apples to oranges, or to be more specific tort and criminal law to privacy laws, which does not work.
2.The difference in the conduct:
The HiQ case focuses on data subjects/consumers making their information available to the public, thereby reducing the reasonable expectation of privacy for the data found on the website. The Clearview AI case focuses on the controller/processor’s conduct and whether they provided the requisite notice (i.e., did the controller/processor inform the data subject of its data processing?).
3.The difference in the protected rights:
The two cases analyzed the data scraping issue from two different perspectives. In the Italian case, the protected right was the privacy right of the individuals whose personal data have been processed. Thus, the case was evaluated under the data protection discipline by the Italian data protection authority. In the US case, the protected right was the business interest of the company (LinkedIn) to protect its customers’ data from a competitor. Thus, the court evaluated the harm to LinkedIn, a business, under tort and criminal law principles.
4.The different approach to privacy in the two countries:
While the HiQ case may appear as though the U.S. is more focused on protecting the market competition and promoting free use of publicly available personal data and EU being the vanguard of protecting personal data, this is not necessarily the entire story. According to Chiara, if the Clearview AI case would have been discussed under the Italian criminal law, the decision may have been more aligned to the conclusions of the US Court. Similarly, Yugo notes that if a US regulator was enforcing personal privacy laws and regulations, the regulator could have assessed a fine for data scraping activities.
To learn more, receive tips and listen to the main takeaways from this comparative exercise, watch the full video.