LinkedIn has been fined $335 million by the EU for privacy violations related to tracking ads.

But there's not so much good news in the rest for LinkedIn in Europe, as the Microsoft-owned social network has been dished out a €310 million reprimand and fine in relation to the company's violation of privacy rules involving its tracking ads business.
LinkedIn has been fined $335 million by the EU for privacy violations related to tracking ads.

But there's not so much good news in the rest for LinkedIn in Europe, as the Microsoft-owned social network has been dished out a €310 million reprimand and fine in relation to the company's violation of privacy rules involving its tracking ads business.

In what perhaps is the largest administrative fines for a company to date, Ireland's Data Protection Commission (DPC) issued approximately $335 million in current exchange rates in administrative penalties under the European Union's General Data Protection Regulation (GDPR). It said it found a raft of breaches, including beaches to the lawfulness, fairness, and transparency of its data processing in this area.

According to the GDPR, appropriate legal basis has to exist for each use of people's information. Here, LinkedIn had relied on grounds previously accepted as valid, but the CJEU in its decision found those grounds invalid. In addition to this, the DPC found that LinkedIn did not adequately inform users about what it did with users' information.

LinkedIn claimed several grounds on which it relied in processing data about people, including "consent", "legitimate interests" and "contractual necessity" for tracking and profiling its users for behavioural advertising. However, the DPC declared none of those grounds to have validity. Moreover, the DPC found that LinkedIn was neither transparent nor fair in ensuring that it complied with the respective principles under the GDPR.

Commenting on the statement, Graham Doyle, the deputy commissioner in DPC said: "The lawfulness of processing is at the heart of data protection law and processing of personal data without a proper legal basis is, in short, a clear and serious breach of a data subject's fundamental right to data protection.".

The size of the sanction catapulted the professional social network to a mid-table spot in the biggest GDPR penalties on Big Tech. And while this is not the first time LinkedIn has been slapped for regional data protection violations, it is certainly its most significant sanction to date. (Although, the company did mention in its public statement that the actual amount of the fine was lesser than the provisions made by Microsoft in an earlier 10-K disclosure where it warned investors about an impending sanction.)

The case against LinkedIn started with a complaint filed by the digital rights non-profit La Quadrature Du Net in France in 2018. It was forwarded by this country's data protection authority to the DPC, considering the lead role it plays as the oversight body for Microsoft's GDPR compliance.

The DPC initiated a complaint-based inquiry in August 2018 before finally moving on to submit its draft decision to all interested data protection authorities nearly six full years later, in July 2024. After a period of no objections, the decision was adopted with enforcement now published.

And the firm is going to face a hefty fine. However, LinkedIn has three months to meet all of the requirements of the GDPR in respect of its European operations.
 
LinkedIn spokesman Jonny Wing pointed TechCrunch to an announcement put out on the company's press room regarding the sanction in which it wrote: "Today the Irish Data Protection Commission (IDPC) reached a final decision on claims from 2018 about some of our digital advertising efforts in the EU.". While we believe we have been compliant with the General Data Protection Regulation, we are planning actions to ensure that our advertising practices will meet this decision by the IDPC's deadline.

Blog
|
2024-10-24 19:11:23