-
Damages Awarded, But Both Sides Claim Victory, In Lawsuit Involving Allegedly “Scraped” Auction Data
08/19/2019An arbitrator recently ordered a sister company of auction giant Christie’s to pay nearly $1.8 million in damages to another auction house, Heritage Auctions, based on Heritage’s claims related to alleged theft of its auction data. The case serves as a reminder that art businesses depend on information, and may need to consider how they should collect, protect, and appropriately use valuable confidential data.
Background
We wrote about this case when it was first filed in Texas in late 2016 (you can read our earlier post here). To recap, the plaintiffs are a group of entities that collectively do business as Heritage Auctions. The defendants are Christie’s and Collectrium, a company acquired by Christie’s parent company in 2015, which offered subscribers access to a database of art sales information and auction results. More details are included in our previous post, but in short, the complaint alleged that Heritage had for some time maintained on its own website a large amount of data about items sold in Heritage auctions dating back to the early 1990s. Some of the information about each item was publicly-accessible (including images and descriptions); in addition, a website user could register with Heritage to obtain additional information, including the price at which an item sold at auction. Heritage claimed that Collectrium employees and contractors had set up a number of accounts on the Heritage website, often using fake names, and used “spider” software (which permits the quick copying of mass amounts of content from websites) to “scrape” Heritage’s data, accessing and stealing millions of pages of Heritage auction results and other information, to be incorporated into Collectrium’s own “proprietary” database.
Heritage’s claims included copyright infringement (based on its assertion that each item’s listing constitutes a copyrightable compilation of text and images). Heritage also asserted claims under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 et seq. (which focuses on the technological methods used to access and obtain the information) and under the Digital Millennium Copyright Act, 17 U.S.C. § 1201 et seq. (a claim grounded in allegations that defendants allegedly removed Heritage’s copyright management information and put their own copyright notice on the data). Heritage also pled state law claims, including for trespass, unfair competition, and civil conspiracy, and a claim under a Texas statute for “harmful access by computer,” as well as a breach of contract claim based on the defendants’ violation of the terms of use on Heritage’s website. The Complaint sought to explain how the stolen data enhanced Christie’s stature in the marketplace, disincentivized customers from using Heritage’s website, and might potentially steer a collector to consign to Christie’s instead of Heritage.
Litigation History And The Recent Decision
Following the initiation of litigation, Heritage sought a preliminary injunction in the case. But the defendants sought to dismiss the case, arguing that the claims should instead go to arbitration as provided in the Heritage website’s terms of service. The Texas court agreed, and in early 2017, it dismissed the case in favor of arbitration, and denied the preliminary injunction motion as moot. See Docket No. 3:16-cv-03404-D (N.D. Tex.).
The case went to arbitration, where a retired federal judge presided. And in March of this year, Heritage returned to the Texas federal court to confirm the January arbitration award, which awarded Heritage damages in the amount of $1 (nominal damages) on its contract claim regarding the website terms, $5,000 on its CFAA claim, and $1,755,000 on a DMCA claim. The award was confirmed by the federal court in June and key documents, including the arbitrator’s deision, were unsealed in July.
But both sides are effectively claiming victory. Indeed, lawyers for Christie’s filed papers with the district court seeking to ensure that the Arbitrator’s award be confirmed “in its entirety,” emphasizing that, notwithstanding that Heritage was awarded some damages, Christie’s and Collectrium prevailed on the majority of Heritage’s original claims.
Notably, the arbitrator held that the defendants’ use of Heritage’s copyrighted work was fair use. Heritage had argued that Collectrium could not assert a fair use defense where it had acted in bad faith, including by breaching the user contract. But the arbitrator held that a defendant’s conduct involving a violation of law or breach of confidence can be a factor in a fair use analysis, but that that conduct did not trump other fair use factors. And as to those other factors, the arbitrator emphasized the transformative use Collectrium made of the data, incorporating it into a larger database that was indexed, sortable, and useful in analyzing sale prices and trends. The arbitrator also noted that the copyright protection of Heritage’s item listings was “thin” because it was primarily factual as opposed to creative or expressive. Further, the arbitrator pointed out, there was no evidence that the copying had damaged the market for Heritage’s items for sale, and that Heritage is in the business of selling items, not its database. (Heritage’s state law claim under the Texas hacking statute likewise failed because, in the arbitrator’s view, Heritage had not shown actual injury; it did not prove it “suffered any competitive losses due to Collectrium’s acquisition of information and subsequent use of the database,” its website was not damaged, and the resources Heritage spent investigating the scraping were not the type of injury the statute was meant to address.)
Heritage prevailed on one species of DMCA claim, a section that deals with circumventing technological measures meant to protect copyrighted work. Of note, the arbitrator opined that Heritage could make out that DMCA claim notwithstanding that Collectrium made fair use of the data, because fair use protects how a defendant uses copyright information, but the DMCA section at issue concerns how the defendant went about accessing the information. And here, Heritage had used various measures to try to identify and prevent the use of scraping technology, and Collectrium agents in turn used various tactics to circumvent those measures within the meaning of the DMCA. The arbitrator further credited Heritage’s evidence that Collectrium agents “willfully” accessed Heritage’s database at least 1,755 times, and therefore awarded $1000 per violation (somewhere in the middle of the statutory damages range of $200 to $2500).
On the other hand, the arbitrator rejected Heritage’s claims under a different section of the DMCA—for which Heritage had sought a whopping $38 billion in damages. This claim involved the DMCA’s prohibition on removing or falsifying copyright management information; Heritage argued that every “scraped” page had had a Heritage copyright notice on it. But the arbitrator concluded that the copyright notice wasn’t specific enough about what parts of each page were protected by copyright.
Similarly, while the arbitrator found a violation of the CFAA (because Collectrium accessed and obtained information from Heritage’s computer without or in excess of authorization), he awarded the plaintiffs only the statutory minimum damages of $5000. He reasoned that, while Heritage put forth evidence that its IT personnel had to spend hours investigating Collectrium’s activity and suspending Collectrium’s accounts, Heritage had not itemized their damages with sufficient specificity.
Heritage also failed to convince the arbitrator of the merits of its other claims under Texas state law, which were deemed abandoned except for the breach of contract claim. As for the breach of contract, the arbitrator held that Collectrium agents had entered and then breached the terms of the website, but that Heritage did not provide proof of specific monetary damages; while Heritage IT personnel spent time trying to thwart the scraping, the arbitrator would not award a speculative monetary amount for that or for the potential loss of customers. Thus, a nominal award of $1 was all Heritage could receive.
All in all, Christie’s notes, the award represents a tiny fraction of the amount Plaintiff had sought to receive in the arbitration. And only Collectrium, not Christie’s or its parent company, was held liable.
A Reminder Of the Undeniable—But Often Unquantifiable—Value of Information
The outcome here is, in some ways, highly fact-sensitive, and may not lend itself to widely-applicable rules, where the decision in many respects rests on highly specific details about the particular technology at issue here. Moreover, the arbitrator’s decision may not carry the precedential force that a federal court opinion might carry, in terms of giving firm guidance to the market. But the case is nevertheless noteworthy for a number of reasons.
First, it reminds art businesses that the way they set up their websites, data storage, and other information technology may have important legal implications. For example, asking website users to agree to certain terms of use may have the effect of creating an enforceable contract. Indeed, one of the issues at arbitration here was apparently focused on when Heritage instituted a “click-box” acknowledging the terms and conditions of use of their website; the arbitrator found that it was in place at the time Collectrium agents created their accounts, a conclusion that was important to the survival of Heritage’s contract claim. (On the other hand, the fact that those terms of use included a mandatory arbitration clause also had important ramifications in this case; while Heritage clearly wanted to bring these claims in federal court, the defendants succeeded in having the case dismissed in favor of arbitration – an important reminder that a website’s arbitration clause may bind the company as well as the users.) Likewise, Heritage’s investment in monitoring website use and trying to protect the website from scraping software and other intrusive technology turned out to be important; when Collectrium’s agents began trying to work around Heritage’s protective measures, those are the actions that gave rise to liability under the DMCA.
Second, the case is a reminder to art businesses that outsourcing technological activities does not necessarily safeguard the business from liability. The fact that Collectrium had conducted some of its improper activities through third-party contractors did not insulate it from risk; the arbitrator concluded that the contractors were Collectrium’s “agents” and Collectrium could be liable for their actions.
Third, this case is another interesting application of the fair use defense to copyright infringement. We have written extensively about the challenges of understanding and applying fair use in arenas ranging from appropriation art (see here and here for examples) to parody (see here and here). But this case, like a handful of others we’ve written about (for example, the recent TVEyes and Google Books cases) deals with how fair use may protect a company’s technological rearrangement or reorganization of someone else’s content or data, if that use is transformative enough. (On the other hand, the complex state of case law about fair use may make it difficult to predict how a court may rule in a given situation; businesses should be extremely cautious about simply assuming that fair use applies to their exploitation of someone else’s confidential data.)
And finally, cases like this one highlight the fact that, in an art market that often lacks transparency and where identities, prices, relationships, and even deal structures are often kept secret— information is power. (We recently saw this demonstrated in another dispute involving a departing gallery employee accused of taking confidential information with her; that case recently settled out of court.) And, as the arbitrator’s decision makes clear, even when contracts or laws are broken, it can be very difficult for a plaintiff to prove monetary damages, because it’s hard to put a non-speculative value on what data is worth. So, as is often true in art law, prevention is generally preferable to litigation; those who have important data (for example, hard-to-obtain pricing data or customer information) may need to take steps to protect it. And those who want to access and exploit others’ data may need to seek legal advice about how to do so in a way that minimizes legal exposure.
Art Law Blog