The European Union fined LinkedIn 310 million euros for analyzing user data without permission. The penalty imposed by the Irish Data Protection Commission (DPC) follows an investigation that found LinkedIn improperly used its members’ personal data to conduct behavioral analyzes and process it for targeted advertising. According to this decision, LinkedIn violated the European Union General Data Protection Regulation (GDPR) because it did not have a legal basis when processing user data.
In the DPC’s statement, it was stated that LinkedIn neither obtained explicit consent to process user data, nor presented a legitimate interest, nor demonstrated a legal contractual justification. The Commission also warned LinkedIn to ensure that all data collection processes comply with the legal framework. “The legality of data processing is a fundamental element of data protection law, and the processing of personal data without an appropriate legal basis is a clear and serious breach of the fundamental rights of data subjects,” said DPC Deputy Chairman Graham Doyle.
The review that led to this penalty against LinkedIn was first brought to the agenda in 2018 with a complaint filed by the French non-governmental organization La Quadrature du Net. The complaint questioned whether LinkedIn processes users’ data in a legal, fair and transparent manner. The matter was first brought to the French Data Protection Authority (CNIL), and then to the Irish Data Protection Commission, as LinkedIn’s European headquarters are located in Ireland. During this process, findings were obtained that LinkedIn analyzed user data in targeted advertising activities without a legal basis.
LinkedIn shared its views on the DPC’s decision in a statement to Engadget. A LinkedIn spokesperson said: “Today the Irish Data Protection Commission (IDPC) has made its final decision regarding allegations relating to some of our digital advertising efforts in the EU since 2018. “We believe that we comply with the General Data Protection Regulation (GDPR), but we are working to adjust our advertising practices within the specified period in line with this decision of IDPC.”
LinkedIn became the last technology giant to be punished by the European Union
The European Union’s data protection penalties against social media and technology giants have been increasing since the GDPR came into force in 2018. The EU, which attaches particular importance to the privacy and security of user data, has made many technology giants such as Apple, Meta and Google face penalties of millions of dollars due to similar violations. The EU’s sanctions against large companies that violate data protection rules are aimed at encouraging tech firms to make their collection and use of user data more transparent and secure.