Meta has lost a claim in its legal battle with an Israeli tech firm, Bright Data, which it sued last year for scraping data from Facebook and Instagram via the web. The tech giant, which has a long history of suing data scraping businesses, claimed that Bright Data’s data harvesting was a violation of its terms of service — which Bright Data had agreed to by having accounts on Meta’s platforms. However, a court has ruled in favor of Bright Data on Meta’s “breach of contract” claim, saying that Meta had not presented sufficient evidence that the firm had scraped anything but public data.
The lawsuit was particularly interesting because it revealed that Meta had earlier paid Bright Data to gather data from e-commerce websites to build brand profiles on its platforms. In other words, Meta was a customer of Bright Data’s web scraping services before it went to sue them, though it used the company’s services for a different purpose. In a related matter, Bright Data had also been accused of collecting personal information about minors pulled from Facebook and Instagram, Bloomberg reported last year.
The court said it denied Meta’s motion for a partial summary judgment on the breach of contract claim because the comapny had not presented enough evidence that Bright Data scraped non-public data — meaning data that’s not behind a log-in screen, or that’s password-protected. Instead, what Meta brought to the court was an example of a data set Bright Data offered for sale, which included 615 million records of Instagram user data. The dataset sells for $860,000. Meta claimed Bright Data had been collecting and selling “vast” amounts of user data like this data set, which had included fields like Instagram users’ names, ID, country, post count, bio, hashtags, followers, posts, profile images, business category, email, and more. However, Meta failed to establish that such data could be collected only if Bright Data had been logged into a user account.
In another example of Bright Data’s activity, Meta attempted to show that the firm was in possession of non-public information, but the court decided this didn’t prove logged-in scraping as the data could have been publicly accessible at an earlier time — like before a user changed their privacy settings, for example.
In addition, Meta argued that Bright Data had used tools to circumvent its access restrictions like CAPTCHAs, which proved Bright Data collected data “behind authentication barriers.”
The court disagreed with this too, saying that using an automated program to bypass a CAPTCHA “is different from accessing a password-protected website,” and that “Meta surely understands the difference.”
Even though Meta’s anti-scraping investigation team found that Bright Data had advertised a “scraping browser” that would automate logging into a white and simulating other user action to facilitate automated data collection, the court said this, too, wasn’t sufficient evidence that Bright Data had conducted logged-in scraping in this case.
The court also ruled that both the Facebook and Instagram terms had to be considered separately, and that there was no evidence that Bright Data had used its own Facebook and Instagram accounts when it engaged in data scraping. That means Bright Data was not acting as a “user” of the services at the time it was scraping, but only as a logged-out “visitor.” The court also didn’t find other legal arguments Meta had used convincing enough to rule in its favor on breach of contract.
“We look forward to continuing our efforts to protect user data and are evaluating next steps in the ongoing litigation,” a Meta spokesperson told TechCrunch in light of the ruling. Bright Data has also been asked for comment.
The tech giant has regularly sued companies that engage in data scraping operations in an effort to discourage the practice. In Oct. 2022, it settled a case against two other firms, Israeli-based BrandTotal Ltd. and Delaware-incorporated Unimania Inc., which both agreed to a permanent injunction that banned them from scraping Facebook and Instagram data going forward and pay Meta a “significant financial sum,” Meta had said.
The company had also settled in 2020 with the scraping service Massroot8 and, in 2022, sued a clone site operator and a company called Octopus, a U.S. subsidiary of a Chinese national high-tech enterprise that had offered scraping services. Meta won that case, as the court issued permanent injunction to stop the firm’s data scraping operations. Last year, Meta sued another scraping-for-hire firm Voyager Labs, which has not yet been settled.
Such data scraping operations can put user privacy at risk as data collected by web scrapers has been previously leaked online, such as in the case where the personal data from 533 million Facebook accounts was found to have been leaked.
The current case with Bright Data is case No. is 3:23-cv-00077-EMC in the U.S. District Court in Northern California.
The only remaining claim against Bright data in this case is for tortious interference with contract.
Updated, 1/24/24, 11:22 am et with Meta comment.