I'm torn. On the one hand, scraping helps break down walled gardens. On the other, we're talking about personal details being used in novel ways that no LinkedIn user probably understands. I doubt any LinkedIn user writes their profile expecting HiQ to scrape it, assign a "flight risk" score and alert your bosses.
To me this is conceptually the same problem as DRM - with your position similar to those trying to build DRM systems.
One can’t both hand over data freely to a service (in this case Linkedin) and also subsequently prevent all sharing of that data. Or to put it another way, you can’t both put your information on a public billboard hoping a recruiter sees it to offer you a job AND keep it strangers private from people you hope won’t misuse it.
There is a broader ethical discussion of how to treat data, nominally public, that is increasingly collected, persisted and analyzed indefinitely by adversarial agents. It seems clear to me that a more nuanced categorization is required. This data is not public in the same sense as an uttered word was in a town square a hundred years ago.
Imagine being denied job opportunities because some company has analyzed the careers of the last 25 generations of your ancestors and deemed your lineage to be inadequate?
You mean maybe for your LinkedIn general profile info to be public, but not for the old profile data or the metadata of when your changed what to be public. It's not per se secret or hidden but it's also not intended to be kept and processed.
This is also a clear case where GDPR would come in. This is personal data, whether intentional or not, and the scraper is obliged to conform to EU laws if they scrape data on EU citizens - including eg information rights and deletion.
I don't agree to republish them. Just because they are publicly accessible on SiteA doesn't mean I have agreed to have them be published on SiteB does it?
That isn't what's really being ruled on here, though. Republishing the data is still restricted via copyright, but the data may exist in an internal database that SiteB uses to do X.
The question at hand is whether or not SiteB (or more appropriately CompanyB) is able to automatically download the content on SiteA or have to make an intern manually copy and paste the data into a spreadsheet.
There are privacy settings though, and recruiters used to be able to see more than other non-contacts. I'm not sure if that is still the case, but so what is being shared is not always exactly obvious to the user.
Users know their information is public and they have the option to make it private on Linkedin. If Linkedin is worried about the privacy of their users they should let them know about the risks of having a public profile.
The consequences of information leakage can be zero for an indefinite amount of time before something surfaces with catastrophic effect. Everybody knows this, because everybody sees it happen constantly, even though it is relatively unlikely it will happen to you, today.
Human beings are hardwired to do things that they see others doing unless there is a really clear connection between the actions and disaster. There has to be another mechanism to deal with probably small, but unquantifiable risks.
I'd say it's not only reasonable, it's also "carving nature at its joints". The reason scrapping personal data is problematic is because it's personal data, not because it's being scrapped - so protection should be applied from the direction of personal data regulations.
