We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.


LinkedIn fined €310 million for GDPR breaches
(Pic: Shutterstock)
24 Oct 2024 data law Print

LinkedIn fined €310 million for GDPR breaches

The data-protection watchdog has fined LinkedIn Ireland €310 million for breaches of the GDPR rules on the processing of personal information.

The Data Protection Commission (DPC) had launched an inquiry, in its role as the lead supervisory authority for LinkedIn, after a complaint initially made to the French data-protection authority.

The probe examined LinkedIn’s processing of personal data for the purposes of behavioural analysis and targeted advertising of users who had created LinkedIn profiles.

Compliance

As well as the fines, the DPC decision includes a reprimand and an order for LinkedIn, which is owned by Microsoft, to bring its processing into compliance with the GDPR.

Among other findings, the investigation determined that the consent obtained by LinkedIn for the relevant data-processing was not “freely given, sufficiently informed or specific, or unambiguous”.

Deputy Commissioner Graham Doyle (deputy commissioner, DPC) said: “The lawfulness of processing is a fundamental aspect of data-protection law, and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subjects’ fundamental right to data protection.”

In a statement, LinkedIn said: "While we believe we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the IDPC's deadline."

'Pay or ok' models

David Hackett (partner at Addleshaw Goddard Ireland) said that the fine was in line with similar European enforcement actions against Meta and other companies for targeted advertisements sent without the requisite consent meeting GDPR standards. 

"In light of this increased regulatory interest, we are seeing an evolving trend of websites which rely on advertising revenue offering ‘pay or ok’ models, where visitors can pay to enjoy an ad-free experience, or alternatively accept targeted adverts.

European guidance has been issued on this model, and it is questionable whether this approach really gives freely given consent when presented with having to pay to access content that we rely on after years of being used to these services being provided for free," Hackett stated.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland
Copyright © 2024 Law Society Gazette. The Law Society is not responsible for the content of external sites – see our Privacy Policy.