Is LinkedIn Scraping Legal? Key Laws and Best Practices
LinkedIn has over 1 billion members worldwide and is responsible for 80% of B2B leads generated on social media.
This makes LinkedIn a goldmine of leads waiting to be tapped into.
But is it legal to scrape LinkedIn data?
Thatâs what weâre going to find out today.
Disclaimer
This content is based on publicly available information and does not constitute legal advice. The opinions expressed are solely those of the author and are not a substitute for legal guidance.
For advice tailored to your specific project, country, or legal needs, please consult with a qualified legal professional.
In this article, Iâll help you understand the legality of LinkedIn scraping, the key laws involved, and best practices.
Weâll learn:
But before that, letâs settle the debate.
The short answer is Yes. Though LinkedIn doesnât allow it, it's legal if done properly.
Scraping public data â is fully legal.
Scraping private data?
Didnât get my point?
Letâs dive into the details, starting with understanding web scraping.
Web scraping means automating data collection from a website using a bot.
A web scraper eliminates the need to manually copy information into a spreadsheet, allowing you to extract data quickly and at scale.
This data can include anything publicly available on a website, such as names, contact information, or product information.
A web scraper (aka crawler or bot) visits web pages, extracts the HTML code, and identifies the data you need based on predefined rules.
These scrapers are designed to navigate pages just like humans, but much faster.
Once the scraper retrieves the data, it can save it in a structured format like a spreadsheet or database for further use.
For example, if you're scraping LinkedIn, a scraper could pull data such as names, job titles, company information, or profile URLs from public profiles or search results.
But why do we need a LinkedIn scraper?
LinkedIn is a goldmine of professional data. Many businesses scrape LinkedIn for various reasons like:
But why parse HTML code instead of using the official LinkedIn API?
The first question is â Is there no LinkedIn API for collecting data officially?
Well LinkedIn does have an API called People API for profile data collection.
But itâs basically useless due to reasons like:
Many developers on StackOverflow complain that itâs too difficult to use due to poor documentation.
The documentation is so poorly written, the developers find scraping data by parsing HTML code easier.
Even if you understand the documentation, it only provides very basic profile data. Access to data like contact details is not allowed.
Even if thatâs OK for you, thereâs another limitation.
You can only retrieve data from users who have explicitly authorized your application.
And if thatâs also manageable, thereâs another catch.
The API is exclusively available to developers approved by LinkedIn and the approval process is also a mystery.
The only option left is using a LinkedIn data scraper to collect data at scale.
But does LinkedIn allow it?
The short answer is no. LinkedIn does not allow any sort of automated access to its platform and itâs clearly mentioned in LinkedInâs user agreement.
But whatâs the reason?
LinkedIn has some pretty good reasons to restrict web scraping or automated access to its platform like:
So does that mean I can get banned for scraping LinkedIn?
Yes, LinkedIn can temporarily suspend or even permanently ban your account for scraping its data.
To stop businesses from scraping data, LinkedIn takes legal action, including issuing cease-and-desist orders and pursuing litigation when necessary.
This is what happened in the LinkedIn vs. Mantheos case too. Iâll cover it in the next section.
Wait, can I face legal action for collecting data from LinkedIn? This clearly means itâs illegal to scrape LinkedIn data.
Well thatâs what LinkedIn says, thereâs more to the story.
Letâs start with the case I mentioned above â the LinkedIn vs. Mantheos lawsuit.
In 2022, LinkedIn sued Mantheos Pte. Ltd. and its founders for scraping data from millions of LinkedIn profiles.
Mantheos is a business intelligence company that provides insights on individuals and companies.
LinkedIn claimed that the company used hundreds of fake profiles and virtual debit cards with fake names to fraudulently obtain LinkedIn Sales Navigator subscriptions.
The company used these to scrape member profile information that was only available to real and logged-in LinkedIn members.
The case was settled, with Mantheos agreeing to a permanent ban from scraping LinkedIn or using its data.
They also had to destroy all the LinkedIn data they had collected.
So what did we learn from this lawsuit?
Sales Navigator is a premium product and a big chunk of LinkedInâs revenue comes from this product. Only paying users are allowed to view its data.
Mantheos accessed Sales Navigator data through fake accounts and distributed it commercially to those who didnât pay for Sales Navigator.
This obviously hurts LinkedInâs business. Whyâd I pay for Sales Navigator if Mantheos is providing me the same data without a LinkedIn premium account?
So it indeed falls under illegal web scraping and has serious consequences.
Basically we learned:
But does this mean scraping LinkedIn data is illegal?
Not exactly. The LinkedIn vs HiQ case shows a different side of the story.
In 2017, LinkedIn Corp. sent HiQ Labs Inc. a cease-and-desist letter, accusing them of scraping LinkedIn public profiles.
HiQ Labs, a data analytics company, used this data to help businesses with employee retention strategies.
LinkedIn claimed this violated the Computer Fraud and Abuse Act (CFAA) and LinkedInâs terms of service.
In response, HiQ Labs filed a lawsuit against LinkedIn, requesting the court to stop LinkedIn from blocking its access to public LinkedIn profile data.
They claimed that publicly available data should remain accessible to anyone, and LinkedIn could not stop them from using it.
The District Court sided with HiQ, allowing them to continue scraping public profiles.
The court said LinkedIn couldnât block access to publicly available information using the CFAA.
In 2019, the Ninth Circuit agreed with the lower courtâs decision, saying public profiles donât fall under CFAA protection.
In 2021, after the Van Buren vs United States case clarified how the CFAA should be applied, the Supreme Court asked the appeals court to take another look at the decision.
Then, in 2022, the Ninth Circuit court of appeals reaffirmed its decision, ruling that scraping publicly available data from LinkedIn didnât violate the CFAA.
The case ended with an out of court settlement between LinkedIn Corp and HiQ Labs Inc.
So what did we learn from this case?
It clearly established the fact that public social media profiles are not private data. This legal battle also gave us 2 important learnings about legality of scraping LinkedIn data.
But LinkedIn used CFAA to sue HiQ, whatâs CFAA?
Letâs learn some key laws related to data privacy.
There are a ton of laws out there when it comes to data privacy and protection. In this section, I'm focusing on the most important ones in the U.S. and EU.
The CFAA mostly applies in the U.S. It was originally passed to fight hackers and unauthorized access to computers.
Under the CFAA), it's illegal to access a computer or network "without authorization" or to go beyond what you're allowed to access.
From the HiQ vs LinkedIn case, we know that scraping public data doesn't violate CFAA.
But there are some rules you must follow to scrape data.
Another important law regarding data privacy in the US is CCPA.
The CCPA is a privacy law that applies to businesses handling the personal data of California residents.
It was introduced to give people more control over how their data is collected, stored, and shared.
As per CCPA, businesses must inform users about the types of data they collect and provide an option to opt out of data collection.
It also allows California residents to request deletion of their data.
This law doesnât directly deal with scraping. It doesnât restrict scraping of publicly available data.
But it does put some restrictions on how the data can be collected and stored.
Here are some other key laws in the U.S. related to web scraping:
But what about web scraping in the EU?
The General Data Protection Regulation (GDPR) is a crucial privacy law in the European Union that protects personal data.
It sets strict rules on how businesses can collect, store, and use data from individuals, including when scraping publicly available information.
According to GDPR Article 5, data collection needs to be done fairly and for legitimate reasons.
Also you must get clear consent before collecting any personal data as explained in Article 6.
Personal data, defined in Article 4(1), includes anything that can identify someone, like their name, email, or even their IP address.
GDPR also gives people the right to ask you to delete their personal data.
GDPR doesnât prohibit scraping public data. It mainly defines personal data and rules of collecting and storing personal data.
Here are some other EU data protection and privacy laws that could impact web scraping activities.
Copyright laws, especially in the U.S., protect original works of authorshipâlike creative writing or images.
Companies like LinkedIn and Meta often try to use this law against web scrapers.
They might argue that their user-generated content, databases, and structured information are protected by copyright.
In fact in the LinkedIn vs HiQ case, LinkedIn also pressed charges against HiQ claiming they violated DMCA (Digital Millennium Copyright Act).
Copyright doesnât protect facts or basic data points.
The Feist Publications v. Rural Telephone case made it clear that raw data canât be copyrighted, only the creative arrangement of that data can be.
Laws like DMCA might help companies stop scrapers from redistributing content without permission.
But DMCA does not stop companies from scraping non-creative data, like facts.
In the European Union, the Database Directive gives more protection to databases.
But this applies only if thereâs been a substantial investment in creating or maintaining the database.
It still doesnât protect the individual data pointsâonly the structure and organization.
So in the U.S. or EU, copyright law doesnât cover the data itself. The facts and information can be scraped.
So what weâve learned from these laws?
But how do I differentiate between data I can scrape and data I canât scrape?
So far we know data can either be public or private. Letâs see what type of data can be scraped and where to draw the line.
Public data is information anyone can access without needing special permission. You donât need to have any special access to see it.
This data is often found on websites, public records, or anything the owner chooses to share openly.
Social media profiles are often considered publicly available data sources even if you need to login to the social media platform.
On LinkedIn, public data includes info users have made visible to everyone on their profile, like names, job titles, education, experience, and company details.
Users often make this public to help with networking and increase their visibility.
Private data, on the other hand, is restricted. Itâs something that a user wonât want to share with everyone. You need permission or special access to view it.
On LinkedIn, private data can include messages, private posts, group activities, etc.
So can we scrape private data?
Itâs legal to collect private data as well as long as:
From all the laws and lawsuits Iâve discussed above, we know one thing for sure â using fake accounts is not ok.
But what if I have access to the data?
If the information is visible to you as a regular user of the platform, scraping that data for personal use can be acceptable.
This means as long as youâre using your own account and collecting data youâre allowed to see, itâs legal.
But you shouldnât use any fraudulent methods or create fake accounts to gain access to the data.
You must follow laws that protect personal data. These laws require that personal data, like names and emails, be handled responsibly.
Make sure you donât overload LinkedInâs system with excessive data collection. Collect what you need and have access to, at a small scale.
If youâre scraping private data, you should only use it for your own personal or business purpose.
Do not distribute or sell it without explicit permission.
Since youâre able to view the data, you have legitimate access to it. You can collect it for personal use.
But when you start distributing the collected data, youâre now sharing the data limited to you with people who donât have access to it.
Thatâs a bad practice and you need to avoid it at all costs when dealing with private data.
So what about Sales Navigator?
Sales Navigator is LinkedInâs paid service that offers advanced tools for lead generation.
While scraping public LinkedIn profiles is allowed, things are less clear when it comes to Sales Navigator.
Creating fake accounts to scrape data from Sales Navigator is definitely not okay.
When you create fake accounts, scrape data and distribute it, youâre allowing people who didnât pay for LinkedInâs premium service, access that information.
It hurts LinkedInâs business model by giving people access to data meant only for paying subscribers.
But what if youâre using your own Sales Navigator account?
In my opinion, using automation tools to collect data for personal or business use should be fineâyouâre paying for the service and using the data yourself.
As long as you donât sell or distribute the data to others for commercial purposes, you are good to go.
Sharing or selling the data could violate LinkedInâs terms and even data protection laws, so itâs best to use it strictly for your own needs.
So how popular scraping tools collect data from LinkedIn legally?
For this, Iâll take the example of 2 most popular LinkedIn scrapers â Lobstr.io and Phantombuster.
For scraping LinkedIn, both scrapers have SOPs.
Both tools ask you to sync your own LinkedIn and Sales Navigator accounts. They donât create fake accounts to access LinkedIn data.
They automate your own LinkedIn account to do what you can do manually but faster.
They comply with LinkedInâs rate limits to make sure the platform is not flooded with requests. You canât collect data beyond a certain daily limit.
As per GDPR, data collection needs to be limited and for legitimate purposes. These scrapers claim to follow these guidelines.
Also, both services are France-based and as per French law, itâs legal to collect any facts or data points if you have legit access to it and you donât over-collect.
In fact, their terms of services mention all the points I've explained above. Here's what Lobstr.io's terms of use say about scraping private data:
Besides this, what are ethical considerations to scrape LinkedIn data?
Based on what Iâve learned from studying the laws, cases, and LinkedInâs concerns, here are some ethical considerations and good scraping practices to follow:
Now let me answer some FAQs to clear the confusions you might have.
LinkedIn automation means using tools to automate LinkedIn tasks like collecting user profile data, sending connection requests, and messages, engaging with posts, etc.
It saves time, boosts productivity, and helps with networking and lead generation.
Yes, LinkedIn automation is legal if itâs done for personal or business purposes. Doing it for commercial purposes like selling data is not allowed.
No, LinkedIn doesnât allow scraping even for personal use. However, itâs not illegal to scrape data from LinkedIn if you have legit access and follow data laws.
Yes, itâs legal to scrape job postings from LinkedIn. LinkedIn job postings are facts and as a LinkedIn member, you have legitimate access to them.
But using fake profiles to scrape job postings falls under unauthorized scraping.
Yes, as a member of LinkedIn, if you have access to a groupâs members and posts, you can collect it for personal use like social networking.
Same applies to your LinkedIn connections too. You can scrape them and use the data for legit purposes.
Selling this data is prohibited though.
Yes, itâs legal to collect and track LinkedIn connections activities. Since itâs part of LinkedIn automation, you can do it if youâre using your own LinkedIn account.
Thatâs a wrap on legality of LinkedIn, key laws, and best practices. Again, all the information is based on publicly available facts and is not at all a legal advice.
Self-proclaimed Head of Content @ lobstr.io. I write all those awesome how-tos, listicles, and (they deserve) troll our competitors.