LinkedIn Fined €310m By Irish Data Protection Commission

Microsoft-owned LinkedIn has been slapped with a hefty fine by Europe’s lead supervision regulator, after being found to have breached GDPR rules over its targeted advertising practices.

The Irish Data Protection Commission (DPC) announced on Thursday its “final decision following an inquiry into LinkedIn Ireland Unlimited Company.”

The inquiry stems from a complaint initially made to the French Data Protection Authority (CNIL) back in 2018 by the French non-profit La Quadrature Du Net.

DPC investigation

The Irish DPC investigation centred over LinkedIn’s processing of personal data for the purposes of behavioural analysis and targeted advertising of the profiles of LinkedIn users.

The fine is in relation to the lawfulness, fairness, and transparency of this processing, considering the European Union’s GDPR.

The Irish DPC tends to be the European Union’s lead privacy regulator for most of American tech giants, due to their decision to headquarter their EU operations in the country.

“The decision includes a reprimand, an order for LinkedIn to bring its processing into compliance, and administrative fines totalling €310 million,” stated the Irish DPC.

“The lawfulness of processing is a fundamental aspect of data protection law and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subject’s fundamental right to data protection,” said DPC Deputy Commissioner Graham Doyle.

Microsoft had acquired LinkedIn for $26.2 billion in 2016 in what was dubbed a “re-founding moment” for the professional social network.

LinkedIn reaction

LinkedIn gave Reuters the following statement: “While we believe we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the IDPC’s deadline.”

Last month LinkedIn had agreed to suspend its use of UK user data to train generative artificial intelligence (AI) models after concerns were expressed by the UK Information Commissioner’s Office.

It comes after the platform had quietly opted users into using their data such as posts, articles and videos to train generative AI tools.

A setting had been added to opt out of the scheme, but users are opted in by default, meaning the data would be used unless users are aware of it and manually opt out.