LinkedIn hit with a massive fine in the EU
LinkedIn is looking at a whopping €310 million (around $334 million when directly converted) fine in the EU after the Irish Data Protection Commission (DPC) found that it mishandled behavioral analyses of its members’ personal data for targeted advertising.The ruling states that LinkedIn breached the GDPR by failing to secure proper consent, legitimate interest, or contractual necessity to process the data it and third parties collected. For context, the GDPR is the EU regulation aimed at safeguarding information privacy and data security.
Additionally, the DPC scolded LinkedIn and mandated that it must gather all data in a compliant way moving forward.
The lawfulness of processing is a fundamental aspect of data protection law and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subject’s fundamental right to data protection.
– Graham Doyle, DPC Deputy Commissioner, October 2024
This decision traces back to a 2018 complaint lodged by the French non-profit organization La Quadrature Du Net. It kicked off an investigation into whether LinkedIn was handling users’ personal data in a lawful, fair, and transparent manner. Initially reported to the French Data Protection Authority, the case was later handed over to the DPC since LinkedIn’s European headquarters is located in Ireland.
As I pointed out before, this isn’t the first time EU regulators have put tech companies under the microscope for their data protection practices. Just last month, the DPC hit Meta with a penalty for violating GDPR by storing 600 million social media account passwords in plaintext. At the same time, it is also probing X regarding its data practices related to AI training.
Now, while this isn’t great news for tech companies, I believe that regulatory pressure might just be the wake-up call these giants need to truly prioritize user privacy.