LinkedIn's EU Data Tracking Fiasco: A $335M Wake-up Call

LinkedIn, the professional networking site owned by Microsoft, has been slapped with a hefty fine of $335 million by Ireland’s Data Protection Commission (DPC). The fine is due to the company's mishandling of user data for targeted advertising, which breached the European Union’s General Data Protection Regulation (GDPR). Basically, LinkedIn didn’t have a solid legal reason for using people’s personal data to show them ads. The investigation started in 2018 when a French digital rights group, La Quadrature Du Net, filed a complaint. The DPC, which oversees Microsoft's GDPR compliance, took six long years to finalize the decision. The core issue was that LinkedIn didn’t properly inform users about how their data was being used for ads, and the justifications they provided for doing so were found invalid.

LinkedIn tried to justify their actions using terms like “consent” and “legitimate interests, ” but the DPC didn’t buy it. They also failed to comply with GDPR principles of transparency and fairness. Deputy commissioner Graham Doyle stressed the importance of having a proper legal basis for processing personal data. This fine isn’t the first time LinkedIn has faced data protection issues, but it’s the most significant. Microsoft had even set aside funds in anticipation of a penalty. Now, LinkedIn has three months to fix their European operations and comply with GDPR. In their defense, they claim to have been in compliance and are working to meet the DPC's decision.

Actions