· News  · 3 min read

LinkedIn Fined €310 Million for Violating GDPR

October 2024 - The Irish Data Protection Commission has fined LinkedIn Ireland €310 million for breaching GDPR.

October 2024 - The Irish Data Protection Commission has fined LinkedIn Ireland €310 million for breaching GDPR.

In a landmark decision, the Irish Data Protection Commission (DPC) has fined LinkedIn Ireland €310 million for breaching the General Data Protection Regulation (GDPR). This hefty penalty underscores the seriousness of data privacy violations and serves as a stark reminder for businesses to prioritize user rights.

The Inquiry

The DPC launched an inquiry into LinkedIn’s data practices in response to a 2018 complaint filed by the French digital rights organization, La Quadrature du Net. The inquiry focused on how LinkedIn processed personal data for behavioral analysis and targeted advertising.

Key Findings of the DPC

The DPC’s investigation revealed that LinkedIn failed to comply with several key aspects of the GDPR:

  • Unlawful Data Processing: LinkedIn did not have a valid legal basis for processing user data for targeted advertising. The DPC found that the company’s reliance on consent, legitimate interests, and contractual necessity was invalid.
  • Lack of Transparency: LinkedIn failed to adequately inform users about how their data was being used for behavioral analysis and targeted advertising.
  • Unfair Data Practices: The DPC concluded that LinkedIn’s data processing activities were unfair and violated the principle of transparency. Consequences for LinkedIn

In addition to the €310 million fine, LinkedIn has been formally reprimanded and ordered to bring its data processing activities into compliance with the GDPR.

Key Takeaways for Businesses

The LinkedIn case highlights several crucial lessons for businesses:

  • Valid Legal Basis: Ensure you have a valid legal basis for processing personal data, such as explicit consent, contractual necessity, or legitimate interests.
  • Transparency is Paramount: Be transparent with users about how their data is being collected, used, and shared. Provide clear and concise privacy notices.
  • Data Protection by Design: Implement data protection principles from the outset, embedding them into your products, services, and processes. Respect User Rights: Ensure users can exercise their rights under the GDPR, including the right to access, rectify, and erase their data.

Specifics of the DPC’s Findings

The DPC’s final decision records the following findings of infringement of the GDPR:

  1. Article 6 GDPR and Article 5(1)(a) GDPR, insofar as it requires the processing of personal data to be lawful, as LinkedIn:
  • Did not validly rely on Article 6(1)(a) GDPR (consent) to process third party data of its members for the purpose of behavioural analysis and targeted advertising on the basis that the consent obtained by LinkedIn was not freely given, sufficiently informed or specific, or unambiguous
  • Did not validly rely on Article 6(1)(f) GDPR (legitimate interests) for its processing of first party personal data of its members for behavioural analysis and targeted advertising, or third party data for analytics, as LinkedIn’s interests were overridden by the interests and fundamental rights and freedoms of data subjects.
  • Did not validly rely on Article 6(1)(b) GDPR (contractual necessity) to process first party data of its members for the purpose of behavioural analysis and targeted advertising.
  1. Articles 13(1)(c) and 14(1)(c) GDPR, in respect of the information LinkedIn provided to data subjects regarding its reliance on Article 6(1)(a), Article 6(1)(b) and Article 6(1)(f) GDPR as lawful bases.
  2. Article 5(1)(a) GDPR, the principle of fairness.

— Source: Data Protection Comission Press Release

The Future of Data Privacy

This landmark decision signals a shift towards stricter enforcement of data privacy regulations. Businesses must prioritize user rights and ensure compliance with the GDPR to avoid hefty fines and reputational damage.

Related Posts

View All Posts »
Autonomous Vehicles and Data Privacy

Autonomous Vehicles and Data Privacy

Autonomous vehicles (AVs) promise a future of safer roads, increased efficiency, and greater accessibility. However, this innovative technology comes with a complex web of data privacy concerns that must be addressed to ensure public trust and widespread adoption.

Supply Chain Attacks

Supply Chain Attacks

We look at the different types of Supply Chain Attacks and some recent examples, including SolarWinds, NotPetya and Polyfill.