LinkedIn has been fined €310 million ($334 million) by the EU for breaching the General Data Protection Regulation (GDPR). The Irish Data Protection Commission (DPC) announced the penalty after determining that the social networking platform had improperly conducted behavioral analyses of users’ personal data to enhance targeted advertising. According to the DPC, LinkedIn failed to obtain appropriate consent, demonstrate legitimate interest, or establish a contractual necessity for processing user data, violating the stringent requirements of the GDPR.
The decision stems from an investigation initiated in response to a 2018 complaint by the French non-profit organization, La Quadrature Du Net. Initially examined by the French Data Protection Authority, the case was later transferred to the DPC, as LinkedIn’s European headquarters are based in Ireland. The investigation scrutinized whether LinkedIn’s practices aligned with GDPR principles of lawful, fair, and transparent data processing.
DPC Deputy Commissioner Graham Doyle emphasized the seriousness of the violations, stating, “The lawfulness of processing is a fundamental aspect of data protection law, and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subjects’ fundamental right to data protection.” Alongside the fine, the DPC has ordered LinkedIn to bring its data collection practices into full compliance with EU regulations, reinforcing the importance of lawful data management.
LinkedIn’s response to the decision was swift. A spokesperson for the company shared, “Today the Irish Data Protection Commission (IDPC) reached a final decision on claims from 2018 about some of our digital advertising efforts in the EU. While we believe we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the IDPC’s deadline.”
This ruling sends a clear message to companies operating within the EU: strict adherence to GDPR is non-negotiable, and violations can lead to substantial penalties. LinkedIn must now demonstrate compliance moving forward, ensuring that all user data collection is conducted transparently and legally.
For more information on this case, visit Engadget.