Legal Zyte-geist #5: The X vs Bright Data case
Judge Dismisses X’s Lawsuit Against Bright Data (For Now)
Welcome to the monthly column about web scraping and legal themes by Sanaea Daruwalla. She is the Chief Legal & People Officer at Zyte. Sanaea has over 15 years of experience representing a wide variety of clients and is one of the leading experts on web data extraction laws.
Disclaimer: This post is for informational purposes only. The content is not legal advice and does not create an attorney-client relationship.
Bright Data has been having great success in getting the lawsuits brought against it by social media giants dismissed. And while I’d never take away from those successes, they’re lawyers have done a great job, we have to talk about what these dismissals really mean for web scrapers. In this post we’ll focus on the court’s most recent ruling in the X v. Bright Data case, and you can find a detailed analysis of the Meta case dismissal here.
X brought a lawsuit against Bright Data stating that it was illegally scraping X’s public content and inducing others to do the same in violation of its terms, the scraping constituted trespass, and that Bright Data engaged in fraudulent business activity under the Business and Professions Code. Bright Data admits to scraping X’s public content, selling that content, and offering tools to its customers to scrape the content. However, the court found that nothing in the complaint rises to the level of constituting trespass or fraudulent activity. Furthermore, the court found that the breach of contract allegations were preempted by copyright law, as X is not the owner of the content at issue. Let’s delve into each of these decisions now and what they actually mean.
Trespass
Trespass is “where an intentional interference with the possession of personal property has proximately caused injury.” Intel Corp. v. Hamidi, 71 P.3d 296, 302 (Cal. 2003). In looking at X’s allegations, they did not show how they were actually injured by Bright Data’s scraping. The only thing X was able to allege is that the scraping diminished the server capacity for its legitimate users. The court found that this was not enough to constitute injury to X, so it dismissed the claim for trespass.
Unlawful and Fraudulent Business Activity
Under this cause of action, X alleges that Bright Data’s web scraping tools “deliberately misrepresented the requests sent to the X platform, posing as legitimate X users” and that Bright Data sold IP’s that masqueraded as legitimate X users.
The court however saw this differently to X, stating that Bright Data did not misrepresent itself but simply acted like any other legitimate X user permitted to access public data, with no obligation to log in.
With regard to the sale of IPs, the court did not buy the argument that use of different IPs is inherently deceptive. Every computer or server has a unique IP address, so users can have different IP addresses by simply using different devices. As such, there is no duty that requires a person to identify themselves with a specific IP address, so Bright Data’s failure to disclose their IP addresses or changing their IP addresses cannot be considered deceptive, as no internet user has an obligation to make such disclosures about their IP address.
This is a nice decision for proxy providers and proxy rotation services, as it makes clear that there is no obligation to disclose your IP and failure to do so is not considered deceptive conduct under the Business and Professions Code.
Breach of Contract – Unauthorized Access
Now let’s get to the fun stuff . . . did Bright Data’s scraping of public X data violate X’s terms of service? The court dismissed X’s breach of contract claims, both in relation to unauthorized access and scraping of data. And while this is a big win for all web scrapers, the ruling is limited in its scope and the court is clear that this does not mean that scraping of public data can never violate a website’s terms of service. So let’s dig into when this decision will actually apply.
Firstly, it’s worth noting that the court rejected the idea that there is no contract because Bright Data wasn’t logged in. In Berman v. Freedom Fin. Network, the court of appeals stated “[u]nless the website operator can show that a consumer has actual knowledge of the agreement, an enforceable [browser-wrap] contract will be found based on an inquiry notice theory only if (1) the website provides reasonably conspicuous notice of the terms to which the consumer will be bound; and (2) the consumer takes some action, such as clicking a button or checking a box, that unambiguously manifests his or her assent to those terms.” But here the court found that Bright Data was a sophisticated party and had actual knowledge of the terms of service, so a contract does exist. This is really important, because the court is clearly saying that there may be instances where it would enforce a click wrap contract, particularly when you have actual notice and knowledge of the terms.
So the court found that a contract exists between the parties, but the next step for a breach of contract cause of action is damages. There must be some harm to X in order for them to successfully claim breach of contract. For the unauthorized access claim, the court found that X could not show damages because it merely alleged that they had some diminished server capacity and reputational damage. This was not enough to show any real harm, so the court dismissed the breach of contract claim.
Breach of Contract – Scraped Data
Here X claimed that scraping data is prohibited by its terms of service. The court’s decision to dismiss this breach of contract claim is a very interesting one and will only apply in very specific circumstances.
X’s content is all user-generated content and X is clear that users own their own content. So X users hold the copyright to their content, not X. As such, since X is not the owner of the content it cannot tell others that they cannot reproduce, distribute, or display that content. In legal terms, X’s state breach of contract claim is preempted by federal copyright law. Which means that whether public data can be copied via scraping should be governed by the Copyright Act not a website’s terms of service.
X also amended its terms of service during the lawsuit to make it a violation of its terms to facilitate or assist others in violating its terms. This was aimed at Bright Data’s web scraping services that assist its customers in scraping X. The court stated that “[t]here is no case law where a party is permitted to unilaterally change the contract at issue mid-litigation.” This would seem like a very basic and fundamental point to any contract lawyer, so it was good to see the court make this clear – it’s not ok to change a contract mid-lawsuit.
Leave to Amend
While there are some great wins in this case, it still doesn’t go as far as many are claiming. It does not state that scraping public data is always ok. In fact, the court takes many opportunities throughout its ruling to make clear that this does not mean no case could be pled to support X’s claims, but that they have simply not been adequately pled in this case. As a result, the court gave X the opportunity to amend its complaint to cure the defects pointed out by the court. So there may still be life in this lawsuit and we’ll stay up to date on that as it unfolds.
For more helpful resources, check out my post on the legality of web scraping and Zyte’s more detailed compliant web scraping checklist.
Explore, connect, and collaborate with us. Join us on LinkedIn and in our Extract Data Community on Discord.
This post was originally published on zyte.com.