LinkedIn,͏͏ the͏͏ popular͏͏ professional͏͏ networking͏͏ platform͏͏ owned͏͏ by͏͏ Microsoft,͏͏ has͏͏ been͏͏ hit͏͏ with͏͏ a͏͏ massive͏͏ €310͏͏ million͏͏ (around͏͏ $335͏͏ million)͏͏ fine͏͏ in͏͏ Europe͏͏ for͏͏ violating͏͏ privacy͏͏ laws.͏͏ The͏͏ penalty͏͏ was͏͏ issued͏͏ by͏͏ the͏͏ Irish͏͏ Data͏͏ Protection͏͏ Commission͏͏ (DPC),͏͏ which͏͏ oversees͏͏ LinkedIn’s͏͏ operations͏͏ in͏͏ the͏͏ EU,͏͏ under͏͏ the͏͏ General͏͏ Data͏͏ Protection͏͏ Regulation͏͏ (GDPR).
Why͏͏ Was͏͏ LinkedIn͏͏ Fined?
The͏͏ fine͏͏ stems͏͏ from͏͏ LinkedIn’s͏͏ practices͏͏ around͏͏ behavioral͏͏ advertising.͏͏ The͏͏ company͏͏ was͏͏ found͏͏ to͏͏ have͏͏ unlawfully͏͏ processed͏͏ users’͏͏ personal͏͏ data͏͏ for͏͏ targeted͏͏ ads͏͏ without͏͏ proper͏͏ legal͏͏ justification.͏͏ According͏͏ to͏͏ the͏͏ DPC,͏͏ LinkedIn͏͏ breached͏͏ several͏͏ key͏͏ GDPR͏͏ principles,͏͏ including͏͏ transparency,͏͏ fairness,͏͏ and͏͏ the͏͏ lawful͏͏ use͏͏ of͏͏ personal͏͏ data.
LinkedIn͏͏ had͏͏ been͏͏ using͏͏ a͏͏ mix͏͏ of͏͏ personal͏͏ information͏͏ provided͏͏ by͏͏ its͏͏ users͏͏ (known͏͏ as͏͏ first-party͏͏ data)͏͏ and͏͏ data͏͏ collected͏͏ from͏͏ third-party͏͏ partners͏͏ to͏͏ target͏͏ ads.͏͏ The͏͏ company͏͏ tried͏͏ to͏͏ justify͏͏ this͏͏ by͏͏ claiming͏͏ it͏͏ had͏͏ users’͏͏ consent,͏͏ or͏͏ that͏͏ it͏͏ was͏͏ necessary͏͏ for͏͏ its͏͏ contractual͏͏ obligations͏͏ or͏͏ for͏͏ its͏͏ “legitimate͏͏ interests.”͏͏ But͏͏ the͏͏ DPC͏͏ found͏͏ none͏͏ of͏͏ these͏͏ arguments͏͏ valid.͏͏ As͏͏ Graham͏͏ Doyle,͏͏ the͏͏ DPC’s͏͏ deputy͏͏ commissioner,͏͏ explained,͏͏ “Processing͏͏ personal͏͏ data͏͏ without͏͏ an͏͏ appropriate͏͏ legal͏͏ basis͏͏ is͏͏ a͏͏ clear͏͏ and͏͏ serious͏͏ violation͏͏ of͏͏ a͏͏ data͏͏ subject’s͏͏ fundamental͏͏ right͏͏ to͏͏ data͏͏ protection.”
What͏͏ Did͏͏ LinkedIn͏͏ Do͏͏ Wrong?
The͏͏ main͏͏ issues͏͏ included:
- Invalid͏͏ Consent:͏͏ LinkedIn͏͏ didn’t͏͏ get͏͏ clear,͏͏ informed͏͏ consent͏͏ from͏͏ users͏͏ for͏͏ processing͏͏ their͏͏ data͏͏ for͏͏ targeted͏͏ ads.
- Lack͏͏ of͏͏ Transparency:͏͏ The͏͏ company͏͏ didn’t͏͏ properly͏͏ inform͏͏ users͏͏ about͏͏ how͏͏ their͏͏ data͏͏ would͏͏ be͏͏ used,͏͏ which͏͏ is͏͏ a͏͏ big͏͏ no-no͏͏ under͏͏ GDPR.
- Legitimate͏͏ Interests͏͏ Argument͏͏ Fails:͏͏ LinkedIn͏͏ argued͏͏ that͏͏ using͏͏ personal͏͏ data͏͏ for͏͏ advertising͏͏ was͏͏ in͏͏ their͏͏ “legitimate͏͏ interests,”͏͏ but͏͏ the͏͏ DPC͏͏ found͏͏ that͏͏ this͏͏ was͏͏ outweighed͏͏ by͏͏ the͏͏ fundamental͏͏ rights͏͏ of͏͏ users.
What͏͏ Happens͏͏ Now?
In͏͏ addition͏͏ to͏͏ the͏͏ hefty͏͏ fine,͏͏ LinkedIn͏͏ has͏͏ been͏͏ given͏͏ three͏͏ months͏͏ to͏͏ bring͏͏ its͏͏ European͏͏ operations͏͏ into͏͏ compliance͏͏ with͏͏ GDPR.͏͏ The͏͏ company͏͏ must͏͏ make͏͏ significant͏͏ changes͏͏ to͏͏ how͏͏ it͏͏ collects͏͏ and͏͏ processes͏͏ user͏͏ data͏͏ for͏͏ advertising.͏͏
LinkedIn’s͏͏ Response
After͏͏ the͏͏ decision,͏͏ LinkedIn͏͏ released͏͏ a͏͏ statement͏͏ acknowledging͏͏ the͏͏ ruling͏͏ but͏͏ maintained͏͏ that͏͏ they͏͏ had͏͏ followed͏͏ GDPR͏͏ rules.͏͏ “While͏͏ we͏͏ believe͏͏ we͏͏ have͏͏ been͏͏ in͏͏ compliance͏͏ with͏͏ the͏͏ General͏͏ Data͏͏ Protection͏͏ Regulation͏͏ (GDPR),͏͏ we͏͏ are͏͏ working͏͏ to͏͏ ensure͏͏ our͏͏ ad͏͏ practices͏͏ meet͏͏ this͏͏ decision͏͏ by͏͏ the͏͏ IDPC’s͏͏ deadline,”͏͏ said͏͏ the͏͏ company͏͏ in͏͏ a͏͏ public͏͏ statement.
Why͏͏ This͏͏ Matters
This͏͏ isn’t͏͏ the͏͏ first͏͏ time͏͏ LinkedIn͏͏ has͏͏ been͏͏ fined,͏͏ but͏͏ it’s͏͏ certainly͏͏ their͏͏ most͏͏ significant͏͏ penalty͏͏ to͏͏ date.͏͏ The͏͏ case͏͏ was͏͏ originally͏͏ triggered͏͏ by͏͏ a͏͏ complaint͏͏ from͏͏ a͏͏ French͏͏ digital͏͏ rights͏͏ group͏͏ in͏͏ 2018,͏͏ and͏͏ now,͏͏ six͏͏ years͏͏ later,͏͏ LinkedIn͏͏ is͏͏ paying͏͏ the͏͏ price.
Fines͏͏ like͏͏ this͏͏ highlight͏͏ the͏͏ ongoing͏͏ struggles͏͏ tech͏͏ companies͏͏ face͏͏ as͏͏ they͏͏ try͏͏ to͏͏ balance͏͏ targeted͏͏ advertising͏͏ with͏͏ the͏͏ stringent͏͏ privacy͏͏ protections͏͏ laid͏͏ out͏͏ in͏͏ the͏͏ GDPR.͏͏ For͏͏ users,͏͏ it’s͏͏ a͏͏ reminder͏͏ that͏͏ their͏͏ data͏͏ is͏͏ a͏͏ valuable͏͏ commodity,͏͏ and͏͏ regulators͏͏ in͏͏ Europe͏͏ are͏͏ serious͏͏ about͏͏ protecting͏͏ it.
