LinkedIn Ireland, under Microsoft’s ownership, has been penalised by €310 million and given a strict warning by the Data Protection Commission (DPC). The action came after DPC found the social media company’s methodology to process its users’ data had legal discrepancies. It was deemed not coinciding with the European law. The fine is identified fifth largest issued by the Irish regulator per the General Data Protection Regulation (GDPR), and sixth largest from all EU authorities since 2018, when GDPR regulations started.
LinkedIn, which has established its main EU office in Dublin, is regulated foremost by DPC in Europe. The judgement from DPC traces back to an inspection kicked off from an initial grievance flagged to the French data supervisory in 2018.
As stated by the DPC, LinkedIn had garnered the agreement of its users to share their personal data with third party for devising targeted advertisements. However, the DPC review determined that such consent did not fully comply with the GDPR requirements -as being “freely given, adequately informed, precise, or unambiguous” – for usage of the information for these objectives.
DPC deputy commissioner, Graham Doyle underlined the significant importance of proper processing in regard to data protection law, and conveyed that processing personal data sans an adequate lawful basis amounts to a significant and evident contravention of a data subject’s basic right to data protection.
Reacting to the DPC’s edict, a LinkedIn spokesperson stated that whilst they believe that they have abided by GDPR, they are actively working to align their advertisement practices with the said DPC decision within the stipulated timeframe. The statement was in response to the conclusion from the Irish Data Protection Commission regarding allegations from 2018 around LinkedIn’s digital advertisement activities in the EU. The story will be updated as more information is available.