Bright Data Wins Summary Judgment on Claims that It Scraped Data from Meta

This case makes a lot more sense not that I have read and commented on Woodrow Hartzog and Daniel Solove’s smash SSRN download hit, The Great Scrape: The Clash Between Scraping and Privacy.  Meta Platforms, Inc. (Meta) sued Bright Data, Ltd (Bright Data) alleging that it scraped data from Facebook and Instagram (the Sites) and then sold that data to its customers while also developing tools to allow others to engage in similar scape-shenanigans without detection. Meta alleged that this conduct violated the Sites’ terms and policies and it sought damages and injunctive relief.  Bright Data responded that it scraped only publicly available information and that the Sites’ terms and policies do not apply, as it canceled its Meta accounts.

Bright Data concedes that between April 2021 and early December 2022, it had accounts on the Sites. In late November, Meta conducted a video conference and warned Bright Data that it was in breach of the Sites’ terms. Bright Data had two responses: first, it terminated its accounts; second it claimed that its scraping activities were unrelated to those accounts.

In January, in Meta Platforms, Inc. v. Bright Data, Ltd., the District Court for the Northern District of California ruled on Meta’s motion for partial summary judgment as to liability and on Bright Data’s motion for summary judgment.  The court first denied Meta’s motion for summary judgment on the ground that Meta had not provided any evidence to support its claim that Bright Data had accessed non-public information on the Sites. Instead, Meta only alleged that Bright Data sold data containing 615 million records for $860,000, but that that data may well have been scraped from public records.

Here’s were it gets messy.  Meta alleged that Bright Data used automation to beat technology to circumvent Meta’s access restrictions.  I have long thought that a robot will be much more skilled than I am in passing a CAPTCHA test.  It turns out I was right, as was Stevie Martin.

The court, citing a case relying on Orin Kerr, then chides, “But Meta surely understands the difference between defeating anti-automated scraping and piercing privacy walls.”  Professor Kerr argues, persuasively we are told, that using a bot to evade CAPTCHA is not “unauthorized access” to a website, as CAPTCHA is meant to slow access rather than a way to deny access.  Shame on you, Meta! Obviously, using a bot to gain access to a website guarded by a device that is meant to exclude bots from the website is not unauthorized access.  Sheesh.

Meta’s other evidence that Bright Data scraped non-public data is that it advertises a tool, “Scraping Browser” that is compatible with  “Puppeteer” which is “capable of automating into a website as well as simulating many other user actions, which would allow automated collection of information available only to users logged into Facebook or Instagram accounts.”  Still, while Meta showed that Bright Data was capable of doing so, it has not shown that Bright Data did so.

Finally, the rest of the opinion on Meta’s motion is devoted to a discussion of whether Bright Data violated a contractual agreement with Meta. In short, Meta argues that Bright Data violated its contract by engaging in data scraping whether it did so while logged onto its accounts on the Sites or while logged off. Bright Data insists that all of its scraping was done while logged off and thus did not violate Mata’s terms and policies.

The court agreed with Bright Data.  The terms and policies only cover “use” of the Sites, and while Bright Data was not logged on to the Sites it was not using them.  The fact that Bright Data had accounts on the Site while it scraped is irrelevant because it scraped while logged off. Although the court acknowledged that both sides advanced reasonable arguments, it concluded that Meta’s terms do not prohibit the scraping of publicly-available information from its Sites while logged off.  Facebook’s “survival clause,” providing that its terms and policies continue to apply, as relevant, after one terminates one’s account, does not change matters.  If scraping public information while logged off was permissible when you have an account, it can’t become impermissible after your delete your account.

The court thus denied Meta’s motion for summary judgment as to liability and granted Bright Data’s motion for summary judgment on Meta’s breach of contract claim.  Meta was given leave to amend its complaint. Meta chose not to do so. Bright Data dropped its tortious interference claim now that Meta could not longer interfere with its scraping business.