LinkedIn has been fined €310 million ($334 million) by the European Union for breaches of the General Data Protection Regulation (GDPR). The Irish Data Protection Commission (DPC) found that the professional networking giant improperly analyzed its users’ personal data to enhance targeted advertising without adequate consent or legal justification.
The DPC’s investigation revealed that LinkedIn failed to demonstrate a legitimate interest or contractual necessity for processing the personal data it collected, along with data from third parties. “The lawfulness of processing is a fundamental aspect of data protection law,” noted DPC Deputy Commissioner Graham Doyle. He emphasized that processing personal data without an appropriate legal basis represents a serious violation of individuals’ rights to data protection.
This ruling is rooted in a complaint lodged back in 2018 by the French non-profit organization La Quadrature Du Net. The complaint triggered an inquiry into whether LinkedIn was handling its users’ personal data in a lawful, fair, and transparent manner. Initially raised with the French Data Protection Authority, the case was eventually transferred to the DPC due to LinkedIn’s European headquarters being located in Ireland.
In light of the ruling, LinkedIn issued a statement expressing its commitment to compliance. A spokesperson conveyed to Engadget: “Today the Irish Data Protection Commission (IDPC) reached a final decision on claims from 2018 about some of our digital advertising efforts in the EU. While we believe we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the IDPC’s deadline.”
This hefty fine not only underscores the EU’s stringent approach to data protection but also serves as a wake-up call for tech companies to prioritize compliance and transparency in their data practices. For more insights into this landmark decision, visit Engadget. As the digital landscape evolves, the importance of safeguarding user data cannot be overstated, and the repercussions of non-compliance are now more evident than ever.