LinkedIn is facing a 310 million euro ($334 million) EU fine after the Irish Data Protection Commission (DPC) ruled it improperly analyzed the behavior of its members’ personal data for targeted advertising. The decision states that LinkedIn violated the GDPR by not obtaining proper consent, demonstrating a legitimate interest or demonstrating a contractual need to process the data it and the third parties collected.
The DPC also reprimanded LinkedIn and ordered it to collect all data in a compliant manner. “Lawfulness of processing is an important aspect of data protection law and processing personal data without a valid legal basis is a clear and serious breach of data subjects’ fundamental right to information protection,” said DPC Deputy Commissioner Graham Doyle.
The decision stems from a 2018 complaint by a French non-profit organization, La Quadrature Du Net, and an initial investigation into whether LinkedIn processed its users’ personal data legally, fairly and transparently. The matter was raised with the French Data Protection Authority and then referred to the DPC as LinkedIn’s European headquarters is in Ireland.
A LinkedIn spokesperson shared a statement with him Engadget in response to the decision: “Today the Irish Data Protection Commission (IDPC) reached a final decision regarding 2018 claims regarding some of our digital marketing efforts in the EU. While we believe we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure that our advertising practices meet this decision by the IDPC deadline.”
Update, October 24 2024, 9:12AM ET: This article has been updated to include a statement from LinkedIn.
Source link
