CCPA & LinkedIn Scraping

California privacy law treats many scraped LinkedIn profiles as personal information, not a free pass for “public” data. (cppa.ca.gov) The California Consumer Privacy Act says “publicly available information” is not personal information, but that term is narrower than “visible on the internet.” California regulators’ current rules took effect on January 1, 2026, after the California Privacy Rights Act expanded the law on January 1, 2023. (cppa.ca.gov) California’s attorney general says the law applies to many businesses, including data brokers, and gives Californians rights to know, delete, correct, and opt out of the sale or sharing of personal information. Those rights now apply under the amended CCPA framework that the state still calls “CCPA, as amended.” (oag.ca.gov) That matters for professional data because LinkedIn scraping has often been defended with a different legal theory: the Ninth Circuit’s hiQ case said scraping data visible to anyone with a web browser did not violate the federal Computer Fraud and Abuse Act at the preliminary-injunction stage. The court fight was about unauthorized computer access, not whether California privacy law treats the same data as exempt. (iapp.org) The other pressure point is inference data — patterns or predictions built from raw facts. In a formal opinion, California’s attorney general concluded that consumers can request inferences a business made about them, including profile-style judgments drawn from other data sources. (mofo.com) That opinion flagged employee and business-contact information too. Morrison Foerster’s summary of the opinion noted that, unless another exception applied, covered businesses could need to disclose inferences about employees or business partners once the temporary exemptions were not extended past January 1, 2023. (mofo.com) California’s own public guidance says the California Privacy Rights Act amendments began on January 1, 2023, adding rights to correct inaccurate information and limit use of sensitive personal information. The agency’s FAQ likewise says those amendments took effect on January 1, 2023. (oag.ca.gov, cppa.ca.gov) Lawmakers have also kept refining the statute’s wording. A California Privacy Protection Agency staff memo on Assembly Bill 1008 said the bill restructured the definition of “publicly available information” in 2024 and described the change as non-substantive, aimed at making the definition easier to understand. (cppa.ca.gov) The compliance fight now turns on what companies do after scraping: whether they combine profile data with other records, sell or share it, or generate rankings and predictions about workers, job candidates, or sales prospects. California’s attorney general says the CCPA reaches many data brokers, and privacy lawyers say inferences can be disclosable even when built from outside sources. (oag.ca.gov, mofo.com) Scraping a public page and using the resulting dossier are no longer the same legal question. In California, the harder issue is whether the business built a regulated profile from a person’s work history, skills, contacts, or predicted behavior. (cppa.ca.gov, mofo.com)