Cyber security news for all

More

    LinkedIn Faces Landmark €310 Million Fine from Irish Data Watchdog for GDPR Violations

    Ireland’s data protection regulator has imposed an unprecedented €310 million ($335 million) fine on LinkedIn, citing grave breaches in the handling of user data for behavior-based advertising.

    The probe scrutinized LinkedIn’s procedures in processing personal data for behavioral profiling, specifically targeting ads to users who created profiles on the platform, according to the Data Protection Commission (DPC). “This decision evaluates the legality, fairness, and transparency of LinkedIn’s data practices,” the DPC stated.

    This hefty penalty enforces the European Union’s General Data Protection Regulation (GDPR), the stringent data privacy framework that sets forth comprehensive standards on data collection, storage, and processing across the EU and European Economic Area (EEA). Enacted on May 25, 2018, GDPR remains a cornerstone of European digital privacy.

    Initiated after a complaint to the French Data Protection Authority in 2018, the inquiry revealed LinkedIn’s violation of three key GDPR principles related to transparency and fairness, specifically within Articles 6 GDPR, Article 5(1)(a), Articles 13(1)(c) and 14(1)(c). LinkedIn failed to adequately inform users before handling third-party data and processed member data for targeted advertising under the claim of “legitimate interests” without obtaining explicit consent.

    The DPC has mandated that LinkedIn bring its European operations into full GDPR compliance within three months, stressing that legitimate user consent must be “freely given, specific, informed, and unambiguous.” All data processing must uphold these tenets of fairness and transparency.

    DPC Deputy Commissioner Graham Doyle remarked, “The legality of data processing is fundamental to data protection law, and utilizing personal data without a lawful foundation constitutes a profound violation of the fundamental rights of individuals.”

    In response, LinkedIn, owned by Microsoft, commented, “While we maintain that our data practices align with GDPR, we are committed to adjusting our advertising protocols to satisfy the IDPC’s requirements within the stipulated period.”


    In parallel, the Austrian privacy advocacy group noyb (None Of Your Business) recently filed a complaint with French authorities, accusing Pinterest of defaulting to “legitimate interests” to monitor user activity for ad targeting, allegedly bypassing the need for explicit consent.

    “Rather than obtaining opt-in consent as required under Article 6(1)(a) GDPR, Pinterest mislabels this as ‘legitimate interest’ under Article 6(1)(f) GDPR,” noyb asserted, adding that users face an automatic opt-in unless they proactively opt out.

    Pinterest defended its approach, telling TechCrunch that its stance on personalized ads is consistent with GDPR standards.

    Recent Articles

    Related Stories