Unfavorable news for LinkedIn in Europe as the Microsoft-owned platform faces a hefty fine of €310 million due to breaches of privacy laws linked to its advertising tracking practices.
This financial penalty, equivalent to approximately $335 million at the current currency rate, was imposed by the Data Protection Commission (DPC) of Ireland, operating under the regulations set forth by the European Union’s General Data Protection Regulation (GDPR). The DPC identified numerous violations, including issues pertaining to the legality, fairness, and transparency of LinkedIn’s data handling practices in this sector.
Under GDPR, any processing of personal data must be carried out on a valid legal basis. However, LinkedIn’s justifications for operating its advertising tracking system were deemed insufficient. Moreover, the platform failed to adequately inform users about how their data was utilized, as indicated by the DPC’s ruling.
LinkedIn attempted to assert various legal bases for data processing—including claims of “consent,” “legitimate interests,” and “contractual necessity”—to gather and analyze user information for the purpose of behavioral advertising. Unfortunately for LinkedIn, the DPC ruled that none of these claims held up to scrutiny. Additionally, the company did not adhere to the GDPR’s obligations regarding transparency and fairness.
In a public statement, Graham Doyle, the DPC’s deputy commissioner, remarked, “The legality of data processing is a cornerstone of data protection law, and processing personal data without a proper legal foundation constitutes a severe infringement of individuals’ fundamental rights to data protection.”
This significant fine places LinkedIn among the top 10 largest GDPR fines imposed on major tech companies. While this isn’t the first instance of LinkedIn facing penalties for data protection infringements, it certainly marks the most substantial fine to date. Notably, the firm pointed out that the penalty amount is lower than the reserve Microsoft allocated when it previously alerted investors about the anticipated penalty in a 10-K disclosure.
The action against LinkedIn traces back to a 2018 complaint from the digital rights advocacy group La Quadrature Du Net in France. Consequently, France’s data protection authority referred the matter to the DPC, designated as the lead oversight agency for Microsoft’s adherence to GDPR.
The DPC launched an investigation in August 2018 based on the complaint and, after nearly six years, submitted a draft decision to relevant data protection authorities in July 2024. With no objections raised, the ruling was finalized, and the findings have now become public knowledge.
In addition to the enforced fine, LinkedIn has been instructed to align its European operations with GDPR requirements within a three-month timeframe.
In response to the penalty, LinkedIn representative Jonny Wing directed TechCrunch to the company’s statement available on their press room, where the company noted, “The Irish Data Protection Commission (IDPC) has concluded a decision regarding some of our EU digital advertising practices from 2018. Although we believe we have complied with the GDPR standards, we are dedicating efforts to adjust our advertising practices to meet the IDPC’s deadline.”
This report includes a correction regarding the currency conversion of the DPC fine.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
