[ad_1]
Bad news for LinkedIn in Europe, where the Microsoft-owned social network has been reprimanded and fined €310 million over privacy violations related to its ad tracking business.
Ireland has issued administrative sanctions, worth approximately $356 million at current exchange rates Data Protection Committee (DPC) under the European Union’s General Data Protection Regulation (GDPR). The regulator found a wide range of violations, including on shores, of the legality, fairness and transparency of data processing in this area.
The GDPR requires that uses of people’s information have an appropriate legal basis. In this case, the justifications LinkedIn relied upon to operate its tracking advertising business were found to be invalid. It also did not properly inform users about its uses of their information, according to the DPC’s decision.
LinkedIn has sought to require (variably) legal bases based on “consent”, “legitimate interests” and “contractual necessity” to process people’s information – when obtained directly and/or from third parties – to track its users and record their data for behavioral purposes. propaganda. However, the DPC found that none of them were valid. LinkedIn also failed to adhere to the transparency and fairness principles of the General Data Protection Regulation (GDPR).
Commenting, DPC Deputy Commissioner Graham Doyle said: “The lawfulness of processing is a fundamental aspect of data protection law and processing personal data without an appropriate legal basis is a clear and serious breach of the fundamental right of data subjects to data protection.”
The size of the penalty pushes the professional social network into a middle position on the list of the top ten GDPR penalties for big tech companies. Although this is not the first time LinkedIn has been sanctioned for regional data protection violations, it is certainly the most significant penalty to date. (However, the company was careful to point out that the size of the fine was less than the $10,000 Microsoft had set aside in an earlier filing to alert investors that it expected a penalty.)
The case against LinkedIn began with a complaint in France in 2018 by the digital rights non-profit La Quadrature Du Net. The country’s data protection authority subsequently referred the complaint to the DPC, due to its role as the lead oversight body for GDPR compliance at Microsoft.
The DPC began a complaints-based investigation in August 2018 before finally moving on to submit its draft decision to other interested data protection authorities almost a full six years later (in July 2024). After no objections were raised, the decision was finalized and implementation has now been announced.
In addition to being fined, LinkedIn was given three months to bring its European operations into compliance with the GDPR.
LinkedIn spokesperson Johnny Wing pointed TechCrunch to a statement issued by the company Press room Regarding the penalty you wrote: “Today the Irish Data Protection Commission (IDPC) has reached a final determination on claims from 2018 regarding some of our digital advertising efforts in the EU. While we believe we have complied with the General Data Protection Regulation (GDPR), we are working to ensure Our advertising practices meet this resolution by the deadline set by the IDPC.”
[ad_2]