G2 Aiming for $100M ARR by End of Year

Nathan Latka interviews Godard Abel

On Nathan Latka’s podcast, Godard Abel, CEO of G2, said that he expects to hit $100 million ARR before the end of the year.  G2, which raised $157M at a $1.1B valuation in June 2021 (Series D), grew at 40% over the past year.  At the time of its Series D, its Annual Recurring Revenue (ARR) was $55 million.

G2 maintains a product/vendor taxonomy for its review site, with vendors identifying their product categories.  “If you’re a software vendor, you want it to be right on G2,” said Abel.  That way, its seven million monthly visitors can properly discover a vendor’s offerings.

Along with categorizing vendors, G2 editors determine the key features for each product category and let customers rate these capabilities.

The number of G2 listings grew 48% over the last year.  Its fifty-person research team collaborates with its “community of vendors” to maintain vendor and product profiles.

G2 also licenses its taxonomy to partners and investors.  For example, ServiceNow licenses the G2 taxonomy for its ITS Management tool for categorizing apps.  Abel also noted that around fifty of the “World’s leading SaaS investors” have licensed G2 data to help understand the SaaS competitive landscape and adjacent markets.

G2 has additional revenue streams.  It offers second-party opted-in intent data and a G2 Track service for tracking SaaS expenses.


Nathan Latka interviews SaaS CEOs and posts them to his podcast. This data is then loaded into his database of SaaS metrics. As he regularly reinterviews executives, there is often historical ARR and employment data. The database is a freemium service with limited free data.

G2 Revenue (Source: GetLatka.com)

Zoominfo: Talk Data to Me

Zoominfo launched a podcast series called Talk Data to Me and posted its first two shows: Mike Volpe of Lola discusses surviving the pandemic as a business travel startup, and Debbie Tang of Bridge Partners examines the increase in Diversity and Inclusion hiring at Fortune 500 companies.  The series is hosted by Sam Balter, ZoomInfo’s Director of Editorial and Thought Leadership, and Stephanie Tonneson, ZoomInfo’s Audio Producer and Marketing Coordinator

“Talk Data to Me brings data to life, so to speak,” said Balter. “Data, especially in B2B, can be complex and challenging, but we make it accessible by talking with leaders who can share the stories behind the digits. During the conversations, our assumptions are challenged, our biases are confronted, and, at times, our interpretations are conflicting. This messy process of theory, research, and revision is how we arrive at insights. This is what it means when someone wants to talk data.”

Other B2B Data vendors with podcasts include

RingLead also offers a set of interviews (Talk Data to Me) that include an archive of video snippets where the vendors answer questions about themselves. If you filter for “Meet the Vendors,” you will find a dozen interviews around their partners in the DataExchange.

BoardEx Diversity Network

Interlocks research platform BoardEx added Board Diversity variables that track membership in ethnicity association networks.  The system tracks “champions, allies, and advocates of specific ethnicities in leadership roles.  It comprises multiple networks of associations representing a specific ethnicity – referred to as ethnicity association networks.”  Seventeen thousand execs are tracked, along with execs that have received awards from association members.

BoardEx covers two million companies and 1.5 million executives, with data maintained by 350 editors.

“Our clients are seeking ways to help their own clients improve ethnic and other forms of diversity within their own organizations and report on their progress with this change,” says BoardEx CEO Cameron Ireland.  “The new network helps you connect with members of over 2,600 ethnicity associations that actively champion ethnic diversity.  It also surfaces people who have received awards recognizing their contribution to ethnic diversity in business from publicly available information.”

Along with collecting the Board Diversity data, BoardEx will be working with clients and partners to

  1. Champion the efforts of diversity associations to help raise awareness for groups who are historically underrepresented.
  2. Enhance the ability of companies to discover and connect with talented leaders of different ethnic, racial and functional backgrounds to build leadership teams, C-suites, and boards that reflect their customers and wider society.
  3. Empower professionals to analyze diversity trends within workplaces in order to create transparency and accountability around different diversity attributes.

The new selects are available to all clients.

BoardEx is owned by Euromoney which has assembled a set of complementary services in its People Intelligence business:  WealthEngine, BoardEx, and Wealth-X.  WealthEngine provides wealth and lifestyle insights on 300 million Americans and 122 million households. Wealth-X profiles the global wealthy.

Following the December acquisition of WealthEngine, Euromoney stated that “the Group now has full coverage across the wealth intelligence value chain, which is a growing information-services market.”

2020 Sales & Marketing Trends

With the pandemic and recession, the sales intelligence and B2B data space held up well.  Most of the vendors I speak with indicate an increasing demand for sales and marketing intelligence and B2B DaaS offerings.  In January and February, I’ll be reporting on those numbers.

As part of my annual trends analysis, I put together a list of the top events and trends in our space this year:

  1. COVID: Sales & Marketing Intelligence continued to grow during the pandemic as sales and marketing needed to pivot to new verticals, reach the buying team working from home, and double down on segments that benefited from or had limited impact from the pandemic.
  2. Zoominfo: $ZI had a very successful June IPO and acquired Clickagy (intent) and Everstring (firmographics).
  3. Dun & Bradstreet: $DNB was taken public 18 months after being taken private.  The firm has regained some swagger through acquisitions.  They began the year with Orb Intelligence (firmographics) and closed it with Bisnode (Central European partner).  Dun & Bradstreet also launched several new B2B S&M offerings (D&B Intent, D&B Connect, D&B ABM, D&B Analytics) and expanded its contact acquisition process with the Outlook-based D&B Email IQ.
  4. Intent Data: Intent data has become the hottest content set in the B2B space as firms move to integrate multiple categories of intent within sales and marketing workflows.  Zoominfo, Dun & Bradstreet, and TechTarget all enhanced or announced integrated intent data offerings with custom models.  TechTarget’s acquisition of BrightTALK and Spiceworks Ziff Davis of Aberdeen are also partially motivated by intent datasets.
  5. European Vendors: The European market is growing rapidly, with UK vendors extending their services across the EU (e.g., Global Database, Rhetorik) and Continental vendors entering the UK (e.g., Echobot, Vainu).
  6. Consolidation: Market consolidation stalled in H1, but by Q4, there were weekly M&A announcements with several other deals rumored to be in the works in Q1.
  7. Data Privacy: CCPA was implemented in California, and the EU Court of Justice struck down the EU-US Safe Harbor (Privacy Shield) agreement, forcing companies to restrict EU data flows into the US.
  8. Spiceworks Ziff Davis: SWZD acquired Aberdeen, positioning it as a competitor in both intent data and technographics.  Spiceworks Ziff Davis has the potential to copy TechTarget’s model.

My Trends Analysis runs over 100 slides. It includes a 90-minute phone consult and is available for purchase.

TechTarget Acquires BrightTALK

Technology purchase intent data vendor TechTarget added another arrow to its intent quiver with the acquisition of BrightTALK, a leader in the marketing and virtual events space.  BrightTALK said virtual event attendance has “high predictive value because IT buyers are making a material investment of their time to engage with vendor-produced content.”

The acquisition increases TechTarget’s universe of opted-in professionals.  TechTarget already has over twenty million opted-in business contact records (mostly in technology positions from its 140 enterprise technology sites), and BrightTALK has eight million registered attendees on its media platform.  There is likely to be some overlap in names, but having a second source of opted-in professionals increases the scope of measured intent across TechTarget, BrightTALK, and corporate websites (a KickFire OEM deal).

The acquisition offers substantial cross-selling opportunities in 2021 as vendors continue to focus on virtual events in lieu of face-to-face trade shows and conferences.  Furthermore, “BrightTALK generates a large volume of valuable content in webinar and video format that is incremental to TechTarget’s current offerings.  This content improves TechTarget’s potential ability to attract new users and diversifies the content available via TechTarget’s portfolio of web sites.”

And because both platforms are opted-in, the intent data does not need to be anonymized.  TechTarget can deliver person-level intent data that includes contact information, articles read, webinar sessions viewed, potential competitors, and their stage in the buyer’s journey.  What’s more, these rich intent datasets are GDPR-compliant across both platforms.

“TechTarget’s leadership position in the market is further strengthened by the acquisition of BrightTALK. This acquisition checks all the boxes. It allows us to increase our original content, grow our opt-in audience of registered members, and add a material amount of proprietary first-party purchase intent data. It’s a very powerful combination that will enhance our customers’ abilities to use our purchase intent data to grow their revenues and increase their market share.”

TechTarget CEO Michael Cotoia

“We are excited to join forces with TechTarget. They are the leading provider of original expert content and distributor of vendor decision-support content in the B2B tech market, which has allowed them to develop the preeminent first-party purchase intent offering,” said BrightTALK CEO Paul Heald. “Combining our leading platform for online IT events is a winning combination.”

BrightTALK has over 1,000 customers who created 25,000 webinars and videos over the past year.  The platform generates over 200,000 unique monthly viewers and six million annual content engagements.

BrightTALK also fits with TechTarget’s financial objectives.  It is on track for $50 million in 2020 revenue, with approximately half this revenue under long-term contracts.  TechTarget hit 35% in subscription revenue last quarter but has stated a 50% subscription revenue goal.  With Priority Engine on track for approximately $50 million in 2020 subscription revenue and BrightTALK posting roughly $25 million, the combined pro forma company would generate $75 million in subscription revenues on $195 million in 2020 revenue (Q3 YTD + mid-point Q4 guidance + $50M BrightTALK estimate), or approximately 38 – 39% in contract-based revenue.

BrightTALK has also done well during the pandemic, with revenue on track to grow 30% this year.  It added one million additional opted-in professionals over the past year.

The deal is priced at $150 million, a 3X multiple over projected 2020 earnings.  The cash transaction will close before the end of the year.

BrightTALK has four offices in the US, two in the UK, and two in APAC (Sydney and Singapore).  LinkedIn lists them with 275 employees, a headcount growth of 15% over the past year.

Intent data is the hottest category in B2B data. There have been a series of acquisitions in the space over the past month as vendors look to acquire and integrate data sources. Recent transactions include Zoominfo’s acquisition of Clickagy and Spiceworks Ziff Davis’ purchase of Aberdeen. We have also seen the launch of next generation intent solutions such as D&B Intent and Zoominfo Streaming Intent. Bombora has been working with its partners to launch integrated workflow solutions.

ZoomInfo Acquires Clickagy

Sales and Marketing Intelligence vendor ZoomInfo acquired real-time intent vendor Clickagy, “a leading provider of artificial intelligence-powered buyer intent data.”

Along with the acquisition, ZoomInfo announced the launch of Streaming Intent, which alerts customers when companies display above-average B2B topic search activity.

The acquisition is DiscoverOrg/ZoomInfo’s fourth over the past two years but the first since ZoomInfo went public in June.  In 2019, DiscoverOrg acquired rival sales and marketing intelligence vendor ZoomInfo before rebranding itself as ZoomInfo Technologies.  It also had two tuck-ins last year: NeverBounce, an email verification vendor that it was already using for data verification, and Komiko, the underpinnings of its Inbox AI service.

There are six major categories of B2B intelligence, and ZoomInfo is a significant player in four of them: Contacts, Technographics, Sales Triggers, and Intent Data.  They also provide firmographics, but this remains an area for future growth and development.  The category where they do not offer datasets is financial services intelligence, including company financials, filings (e.g. SEC EDGAR, UCC, UK Companies House), and risk reports (credit and supplier).

Deal Rationale

“In the last year alone, we’ve had literally hundreds of thousands of conversations with customers and prospects and one thing is clear—they want intent data to live at the core of how they go to market,” blogged CEO Henry Schuck about the rationale for acquiring Clickagy.  “And over the course of those calls it’s easy to see intent data taking a seat right alongside the two most important pieces of business information—account and contact data.  The three together, driving account identification, targeting, and segmentation will soon be table stakes for how sellers and marketers identify their next best customers.”

Schuck emphasized that product design at ZoomInfo is iterative with plans for improving a product in place before each release goes to production.  Shuck called their previous intent offerings good, but not good enough.  This drive to improve their intent services led them to investigate best-of-breed intent data solutions to enhance their offering.  Their research led them to Clickagy.

“Clickagy had built a robust data processing engine that looks at billions of key data points across millions of websites and then uses robust natural language processing and artificial intelligence to categorize and make sense of those data points.  Their technology, approach to data collection, privacy-first perspective, and focus on intent data made it clear that we not only wanted Clickagy to be a part of our intent product, but we needed Clickagy to be a part of ZoomInfo.”

ZoomInfo CEO Henry Schuck

ZoomInfo Intent will continue to provide “good keywords, quality-focused data science, [and] industry-leading account data,” but now “casts a wider net” and delivers actionable intent throughout the day.  Combining the companies will “dramatically shorten the path from data, to decision, to action,” blogged Shuck.

“B2B intent data is becoming core to the way modern go-to-market organizations prioritize their outreach to prospects and customers,” wrote Schuck.  “Our acquisition of Clickagy enables us to scale intent to provide what will soon be the market’s most predictive and complete B2B intent data set for sellers and marketers.  We believe this acquisition both exemplifies our mission to continuously innovate and cements our position as the pacesetter for data-driven sales and marketing outreach.”


Tomorrow I will wrap up my discussion of the acquisition with an overview of Streaming Intent and Clickagy’s approach to data privacy.

CJEU Invalidates EU-US Privacy Shield Data Transfers

The Court of Justice of the European Union (CJEU) struck down the EU-US Privacy Shield that allows firms to transfer EU citizen’s private data to the United States for data processing.  The EU maintains higher consumer data privacy laws that conflict with US security and legal policies.

“Today’s decision effectively blocks legal transfers of personal data from the EU to the US.  It will undoubtedly leave tens of thousands of US companies scrambling and without a legal means to conduct transatlantic business, worth trillions of dollars annually,” said Caitlin Fennessy, research director at the International Association of Privacy Professionals (IAPP).

The CJEU held that “the requirements of US national security, public interest and law enforcement have primacy, thus condoning interference with the fundamental rights of persons whose data are transferred to that third country.”

“In the absence of an adequacy decision, such transfer may take place only if the personal data exporter established in the EU has provided appropriate safeguards, which may arise, in particular, from standard data protection clauses adopted by the Commission, and if data subjects have enforceable rights and effective legal remedies…

The Court considers, first of all, that EU law, and in particular the GDPR, applies to the transfer of personal data for commercial purposes by an economic operator established in a Member State to another economic operator established in a third country, even if, at the time of that transfer or thereafter, that data may be processed by the authorities of the third country in question for the purposes of public security, defence and State security. The Court adds that this type of data processing by the authorities of a third country cannot preclude such a transfer from the scope of the GDPR.

Regarding the level of protection required in respect of such a transfer, the Court holds that the requirements laid down for such purposes by the GDPR concerning appropriate safeguards, enforceable rights and effective legal remedies must be interpreted as meaning that data subjects whose personal data are transferred to a third country pursuant to standard data protection clauses must be afforded a level of protection essentially equivalent to that guaranteed within the EU by the GDPR, read in the light of the Charter. In those circumstances, the Court specifies that the assessment of that level of protection must take into consideration both the contractual clauses agreed between the data exporter established in the EU and the recipient of the transfer established in the third country concerned and, as regards any access by the public authorities of that third country to the data transferred, the relevant aspects of the legal system of that third country.

Regarding the supervisory authorities’ obligations in connection with such a transfer, the Court holds that, unless there is a valid Commission adequacy decision, those competent supervisory authorities are required to suspend or prohibit a transfer of personal data to a third country where they take the view, in the light of all the circumstances of that transfer, that the standard data protection clauses are not or cannot be complied with in that country and that the protection of the data transferred that is required by EU law cannot be ensured by other means, where the data exporter established in the EU has not itself suspended or put an end to such a transfer.”

“Data Protection Commissioner Ireland v Facebook Ireland Limited, Maximillian Schrems,” 16 July 2020

The EU-US Privacy Shield was implemented several years ago after the CJEU held that the prior US Safe Harbor regime was insufficient.

Privacy advocate Max Schrems brought the cases that invalidated Safe Harbor and EU-US Privacy Shield.  Following the ruling, he stated:

“It is clear that the US will have to seriously change their surveillance laws, if US companies want to continue to play a role on the EU market…The Court clarified for a second time now that there is a clash of EU privacy law and US surveillance law.  As the EU will not change its fundamental rights to please the NSA, the only way to overcome this clash is for the US to introduce solid privacy rights for all people — including foreigners.  Surveillance reform thereby becomes crucial for the business interests of Silicon Valley…

This judgment is not the cause of a limit to data transfers, but the consequence of US surveillance laws.  You can’t blame the Court to say the unavoidable — when shit hits the fan, you can’t blame the fan.”

Privacy Advocate and Plaintiff Max Schrems

“This leaves a huge question mark over data transfers to the US, said Tanguy Van Overstraeten, partner and global head of privacy and data protection law at the law firm Linklaters.  “The Court has struck down the EU-U.S. Privacy Shield because it considers the US state surveillance powers are excessive.  For the thousands of businesses registered with the US Privacy Shield, this will be groundhog day; this is the second time the FTC operated scheme has been struck down after the Shields predecessor — the Safe Harbor — was struck down in 2015.  Businesses will now look to EU regulators to propose some form of transition to allow them to move away from Privacy Shield without the threat of significant sanctions and civil compensation claims.”

The ruling also puts in question data transfers to Russia, China, and potentially the UK post-Brexit.

“The CJEU’s judgment could have implications for the UK’s prospects of gaining adequacy at the end of the Brexit transition period,” said Peter Church, counsel at Linklaters.  “This will necessarily involve an assessment of the UK’s surveillance powers under the Investigatory Powers Act 2016.  However, there are a number of differences between the UK and US regimes.  For example, the UK regime has already been reviewed by the European courts and a number of amendments have been made to bring it into line with European law.  In addition, the UK regime does not have the same distinction between UK and foreign nationals, unlike US law which does not grant the same rights to non-US citizens.”

“This is a bold move by Europe,” said Jonathan Kewley, co-head of technology at law firm Clifford Chance.  “What we are seeing here looks suspiciously like a privacy trade war, where Europe is saying their data standards can be trusted but those in the US cannot.”

Standard Contract Clauses (SCCs) may also be insufficient.  “If the law in the relevant country – let’s say the USA – could override what the contract says, they don’t work,” said Kewley.  “I don’t know how much appetite they have to do this, but it’s hard to imagine that any European regulator would say that SCCs work for the US, and the pressure will pile on for them to make the assessment.  I don’t think SCCs escaped the court’s judgement – for some key countries, it’s probably just a stay of execution.”

One likely impact will be the localized processing of EU consumer data within EU data centers.  Over 5,300 companies rely upon the EU-US Privacy Shield as part of their GDPR and broader EU compliance.  Companies that rely upon the Privacy Shield span a broad set of B2B data, DaaS, social networking, CDPs, and cloud companies [searchable list].  These include Zoominfo, Dun & Bradstreet (including Lattice Engines), Experian, Infogroup, TechTarget, Microsoft (including LinkedIn), Facebook, Twitter, Google, Amazon (including AWS), Oracle, Salesforce, HubSpot, Adobe (including Marketo), LiveRamp, Melissa, TowerData, 6Sense, Leadspace, SalesLoft, Outreach, Groove, VanillaSoft, Yesware, and ConnectLeader.

Firms are also likely to ramp up their GDPR and CCPA compliance messaging, but that does not address the weaker data privacy structures of US law.

Dun & Bradstreet Acquires Orb Intelligence

Dun & Bradstreet is opening up the year with a bang.  First, they announced a partnership with Amazon Web Services (AWS), and then they acquired Orb Intelligence, business identity and firmographics data provider.  The acquisition follows acquisitions of Customer Data Platform Lattice Engines in July, Sales Intelligence vendor Avention (now D&B Hoovers) in 2017, and B2B DaaS vendor NetProspex (now D&B Optimizer) in 2015.  The acquisitions have helped transition Dun & Bradstreet from an old-line sales and marketing information vendor to a digital analytics and activation provider.

“The acquisition of Orb Intelligence cements our strategy to link the digital and physical worlds in the largest global repository of B2B data and to provide enriched firmographic data to customer profiles to help our clients more effectively execute campaigns to improve customer interactions and revenue returns,” said Michael Bird, President of Dun & Bradstreet’s Sales & Marketing Solutions division.  “Clients can rely on Dun & Bradstreet as the one-stop-shop for all of their data-driven, decision-making and customer engagement needs.”

Orb Intelligence employs machine language and natural language processing tools for deriving firmographic and technographic intelligence from the open web and government documents.  Their global database spans 57 million companies.  Content includes web domains, URLs, IP addresses, social networks, government ids, corporate linkage, funding, trademarks, and technographics.  Orb Intelligence has served as the “data backbone to many of today’s most well-known B2B sales, marketing and analytics organizations focused on digital marketing or sales initiatives.”

“This will be something of a shockwave for many in the ABM tech industry as Orb is an unknown ingredient in so many (in fact I would guess most) ABM MarTech platforms,” wrote B2B IQ President Liam Blackwell (Note: Blackwell is also an Orb Intelligence advisor).  “It is often used as the backbone, with the Orb number as the key for connection.  It is going to be interesting to see how D&B controls / monetizes future usage of the Orb data – this will be a major worry for some of those platforms and obviously an opportunity for other data providers.”

Orb is an original data provider and does not compile or resell data from other vendors.  Along with company profiles, the firm maintains databases on US educational facilities, government agencies and offices, and healthcare providers.

If you already use other data providers such as Dun & Bradstreet, you can increase your match rate by 10-25% by matching unmatched records onto the Orb Database.  We collect data from different sources than Dun & Bradstreet, which is why the Orb Database is often used to complement D&B data.

Orb Intelligence website (pre-acquisition marketing text)

Dun & Bradstreet listed several benefits for their customers, beginning with the ability to cross-validate data across online and offline sources.  Upgraded customer profiles will improve the depth and accuracy of business attributes for digital ABM programs and audience targeting.  Enhanced content will flow through to D&B Audience Targeting, D&B Visitor Intelligence, D&B Hoovers, and D&B Lattice for anonymous visitor match, programmatic targeting and sales outreach.

Dun & Bradstreet also sees a “measurable impact” for the combined data cloud which will simplify the connection and segmentation of audiences, the creation of artificial intelligence (AI) models, and activation of channels through the D&B Lattice Customer Data Platform (CDP), to deliver the best sales and marketing campaigns.”

The transaction closed on January 8th.  The parties did not disclose deal terms.

LinkedIn lists 17 Orb Intelligence employees, including CEO Maria Grineva, who is joining Dun & Bradstreet as a Vice President.

LinkedIn Restates Its Members-First Principles

LinkedIn Logo

In a blog titled, “Maintaining the Trust of our Members,” LinkedIn recommitted itself to a members-first approach.  The Microsoft subsidiary frames its decision-making with the question, “Is this the right thing to do for our members?”

Along with a members-first policy, LinkedIn employs four principles to frame decisions:

  • Members maintain clarity, consistency, and control over their data. This goal is manifested in a broad set of privacy settings, observing the stated wishes of each member, and protecting their data.  Microsoft employs a global GDPR standard and does not transfer member data to other companies.  For example, LinkedIn Sales Navigator limits data access to member-data view-only access, which displays profiles within CRMs and other partner applications but does not transfer data to those platforms.
  • LinkedIn will remain a safe, trusted, and professional platform.  The firm removes content which violates their Professional Community Policies and removes fake profiles, jobs, and companies.
  • LinkedIn is committed to removing unfair bias from its platform so that individuals with equal talent have equal access to opportunity.  “To achieve this goal, we are committed to building a product with no unfair bias that provides opportunity to all of our members.  There is a lot of work still to do, but we are focused on working across our company, with our members and customers, and across the industry to close the network gap.”
  • As a global platform, they are committed to respecting the laws that apply to them and “contributing to the dialogue” about legal frameworks.

LinkedIn Advertising is subject to an initial review.  LinkedIn vets ads to ensure they are non-discriminatory:

“Even if legal in the applicable jurisdiction, LinkedIn does not allow ads that advocate, promote, or contain discriminatory hiring practices or denial of education, housing, or economic opportunity based on age, gender, religion, ethnicity, race, or sexual preference.  Ads that promote the denial or restriction of fair and equal access to education, housing, or credit or career opportunities are prohibited.”

Blake Lawit, LinkedIn General Counsel

The statement of principles comes at a time when other social media firms are struggling to develop rules and policies around political advertising. LinkedIn does not carry political advertising and also restricts adult content, illegal, health, gaming, weapons, multi-level marketing, alcohol, tobacco, and financial (payday loans, cryptocurrency) products.  

LinkedIn continues to grow its customer base with 660 million members across 200 countries and 30 million companies.  The top countries are the United States (165M members), India (62M), China (48M), Brazil (40M), and the UK (27M).

LinkedIn maintains offices in nine US cities and 24 international locations. The platform supports 24 languages.

Court Rules LinkedIn Scraping Legal

In a ninth Circuit Court ruling last week, the Court sided with hiQ Labs which had been barred from accessing LinkedIn for the purposes of scraping public profiles.  hiQ Labs, a data analytics company which identifies employees who may be looking to depart, won a preliminary injunction against LinkedIn.  This is the second court which has evaluated the case and sided against the Microsoft subsidiary.

LinkedIn argued that scraping after a cease-and-desist letter was “without authorization” under the federal Computer Fraud and Abuse Act (CFAA), but hiQ Labs argued that the content was public and that scraping public data was not akin to hacking.

The Court ruled that “there is little evidence that LinkedIn users who choose to make their profiles public actually maintain an expectation of privacy with respect to the information that they post publicly, and it is doubtful that they do.”

The Court continued, “LinkedIn invokes an interest in preventing ‘free riders’ from using profiles posted on its platform.  But LinkedIn has no protected property interest in the data contributed by its users, as the users retain ownership over their profiles.”

The National Law Review summarized the case:

Most notably, the Ninth Circuit held that HiQ had shown a likelihood of success on the merits in its claim that when a computer network generally permits public access to its data, a user’s accessing that publicly available data will not constitute access “without authorization” under the CFAA.

In light of this ruling, data scrapers, content aggregators and advocates of a more open internet will certainly be emboldened, but we reiterate something we advised back in our 2017 Client Alert about the lower court HiQ decision: while the Ninth Circuit’s decision suggests that the CFAA is not an available remedy to protect against unwanted scraping of public website data that is “presumptively open to all,” entities engaged in scraping should remain careful. The road ahead, while perhaps less bumpy than before, still contains rough patches.  Indeed, the Ninth Circuit cautioned that its opinion was issued only at the preliminary injunction stage and that the court did not “resolve the companies’ legal dispute definitively, nor do we address all the claims and defenses they have pleaded in the district court.”…

On appeal, the parties offered dueling visions of what the law surrounding the CFAA and scraping should be:

LinkedIn: “[A]uthorization from LinkedIn—the server’s owner—is ‘needed’ to avoid CFAA liability, regardless of whether those servers also host data that LinkedIn generally makes available on its website.  hiQ lacked that required “authorization” once LinkedIn sent hiQ its cease-and-desist letter and implemented additional technological barriers restricting bot access.”

HiQ: “LinkedIn does not grant permission to access its public content because those pages are, by definition, open for all to see and use.  hiQ, like any other Internet user, simply requests LinkedIn’s public pages, and LinkedIn’s servers automatically provide them.  There is no “authorization” for LinkedIn to revoke.  Reading the statute in accordance with the language’s ordinary significance, “without authorization” refers to circumstances where authorization is a prerequisite to access.”

National Law Review

Intentional access without authorization under the CFAA generally covers hacking and employee access after permission has been rescinded.  As public profiles are not subject to passwords, the question of whether the CFAA applied was in question.

“It is likely that when a computer network generally permits public access to its data, a user’s accessing that publicly available data will not constitute access without authorization under the CFAA,” wrote the Court.  “The data hiQ seeks to access is not owned by LinkedIn and has not been demarcated by LinkedIn as private using such an authorization system.  HiQ has therefore raised serious questions about whether LinkedIn may invoke the CFAA to preempt hiQ’s possibly meritorious tortious interference claim.”

Thus, the ruling supports web scraping of public sites.  What it doesn’t address is whether harvesting member data for the purposes of generating datasets which counter the interests of social media sites and its members is against the public interest.  This question may be more of a public policy question than a legal one.  Members join LinkedIn for the purposes of professional networking, job searching, and self-marketing.  While public LinkedIn does not publish emails or direct dials, it includes work and educational histories, interests, affiliations, and other personal content.  Furthermore, it is easy to guess at emails making it fairly trivial to assemble email files for spammers.  It is very possible, that the HiQ Labs ruling conforms with US law but due to the Personally Identifiable Information content being gathered is counter to European GDPR.  The result could well be the loss of public LinkedIn profiles or a thinning of publicly posted profiles.

The Court focused on the CFAA and did not evaluate other arguments when granting relief.  “State law trespass to chattels claims may still be available.  And other causes of action, such as copyright infringement, misappropriation, unjust enrichment, conversion, breach of contract, or breach of privacy, may also lie,” stated the Court.

Orin Kerr, a law professor at UC Berkeley called the ruling a “major decision for the open internet.  It doesn’t establish that scraping websites is completely legal, but it goes a long way toward establishing that it’s not a federal crime.”

In the case of HiQ, they offer predictive attrition models which could result in individuals not being hired or employees not being promoted.  “Keeper is the first HCM tool to offer predictive attrition insights about an organization’s employees based on publicly available data,” says the firm.  While some high-value employees may enjoy additional leverage due to these models, others may be mistrusted.  

One could imagine other detrimental use cases such as credit companies tracking employment and lowering credit scores.  The result would be higher interest costs and a lowered ability to find a job.  The result would be decreased transparency and truthfulness on LinkedIn.

As such, the scraping of LinkedIn data could undermine the trust members have in LinkedIn or limit the permissions granted to LinkedIn.  If LinkedIn played fast-and-loose with member data, they would have less standing, but LinkedIn does not permit downloading of member data to Excel or the uploading of member data to CRMs.  Sales Navigator treats member data as view only in its SNAP connectors.  Thus, LinkedIn is placing data privacy rules on itself that it cannot place on third-parties that gather LinkedIn data.  More broadly, parent company Microsoft has committed itself to GDPR as a global data privacy standard.

Analyst David Raab of the Customer Data Platform Institute had a tongue-in-cheek view of the case: “In what I like to think of as CSI: Obvious Division, a federal appeals court ruled that LinkedIn can’t block scraping of published member data because people had no expectation of privacy for their public profiles.  It’s rather amazing LinkedIn thought they could win with that one.” .dialogRendere