Social network found to have infringed on several GDPR articles.
The Irish Data Protection Commission (DPC) has announced a monetary penalty of €310 million to Linkedin.
Following the social network’s processing of personal data for the purposes of behavioural analysis and targeted advertising of users, the decision includes a reprimand, an order for LinkedIn to bring its processing into compliance, and the administrative fine.
The complaint began in 2018, with a complaint made by the French non-profit organisation, La Quadrature Du Net, which was later referred to the DPC as the lead supervisory authority for LinkedIn.
This inquiry examined the lawfulness, fairness and transparency of the processing of the personal data of users of the LinkedIn platform for the purposes of behavioural analysis and targeted advertising. The personal data in question encompassed data provided directly to LinkedIn by its members (first-party data) and data obtained via its third-party partners relating to its members (third-party data).
The DPC found LinkedIn to have infringed articles 6 and 5(1)(a) of the GDPR, which requires the processing of personal data to be lawful, and articles 13(1)(c) and 14(1)(c), in respect of the information LinkedIn provided to data subjects regarding its reliance on Article 6(1)(a), Article 6(1)(b) and Article 6(1)(f) GDPR as lawful bases.
DPC Deputy Commissioner Graham Doyle commented: “The lawfulness of processing is a fundamental aspect of data protection law and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subject's fundamental right to data protection.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.