LinkedIn fined $335M for data privacy breach
2 min readLinkedIn, the Microsoft -owned professional networking platform, has been fined 310 million euros (approximately $335 million) by the Irish Data Protection Commission (IDPC). The fine, issued on October 24, 2024, is a result of privacy violations related to LinkedIn’s tracking ads business. The IDPC, acting under the European Union’s General Data Protection Regulation (GDPR), initiated an inquiry into LinkedIn’s processing of personal data for behavioural analysis and targeted advertising.
The investigation focused on users who had created LinkedIn profiles and was triggered by a complaint made by the French non-profit organisation, La Quadrature Du Net, on August 20, 2018. The decision, made by the Commissioners for Data Protection, Dr Des Hogan and Dale Sunderland, scrutinised the lawfulness, fairness, and transparency of LinkedIn’s data processing.
The IDPC found that LinkedIn had sought to claim various legal bases for processing people’s information, including consent, legitimate interests, and contractual necessity. However, none of these were deemed valid. LinkedIn also failed to comply with the GDPR principles of transparency and fairness. DPC Deputy Commissioner Graham Doyle emphasised that the lawfulness of processing is a fundamental aspect of data protection law. He stated, The processing of personal data without an appropriate legal basis is a clear and serious violation of a data subjects’ fundamental right to data protection.
In addition to the hefty fine, the decision includes a reprimand and an order for LinkedIn to bring its processing into compliance with GDPR. The IDPC said it will publish the full decision and further related information in due course. LinkedIn, in response to the fine, stated that they are working to ensure their ad practices meet the IDPC’s decision by the given deadline. The company expressed their belief that they had been in compliance with the GDPR.
This case is not an isolated incident but part of a broader trend of regulatory bodies cracking down on data privacy violations. In September 2024, the EU launched two proceedings against Apple to ensure that the company complies with the Digital Markets Act (DMA). Similarly, the EU Court also fined €2.42 billion against Google in an antitrust case. In July, the EU gave a deadline to Meta to remove its pay or consent model. Just a month before that, the Union launched an antitrust probe against Microsoft for tying Teams to Office.
TheLinkedIncase serves as a stark reminder to all businesses about the importance of data privacy and the potential consequences of non-compliance with data protection laws. It underscores the need for companies to ensure that their data processing practices are lawful, fair, and transparent, and that they have a valid legal basis for processing personal data.