Dublin (Brussels Morning Newspaper) – The European Union privacy regulator has imposed a fine on Microsoft’s professional networking platform LinkedIn over its targeted advertising methods.
The administrative fines, which are worth almost $335 million at current exchange rates, have been given by Ireland’s Data Protection Commission (DPC) under the European Union’s General Data Protection Regulation (GDPR). The regulator discovered a raft of breaches, including beaches to the lawfulness, righteousness and transparency of its data processing in this area.
How did LinkedIn breach EU data protection regulations?
The GDPR demands that the use of people’s information have a proper legal foundation. In this case, the justifications LinkedIn had depended upon to run its tracking ads business were found to be frail. It also did not properly notify users about its uses of their data, per the DPC’s decision.
LinkedIn had aimed to claim (variously) “consent”-, “legitimate interests”- and “contractual necessity” based on legal grounds for processing people’s information when received directly and/or from third parties to follow and profile its users for behavioural advertising. However, the DPC discovered none were valid. LinkedIn also failed to concede with the GDPR principles of transparency and fairness.
Remarking in a statement, DPC deputy commissioner Graham Doyle stated: “The lawfulness of processing is a fundamental aspect of data protection law and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subjects’ fundamental right to data protection.”
The extent of the sanction catapults the professional social network into a mid-table place in the top ten most significant GDPR penalties on Big Tech. And while this is not the first time LinkedIn has been hit with regional data protection violations, it is certainly its most powerful sanction to date. The case against LinkedIn was created with a complaint in France in 2018 by the digital rights non-profit La Quadrature Du Net. The country’s data protection authority then gave the complaint to the DPC, on account of its position as a lead oversight body for Microsoft’s GDPR adherence.