London: Microsoft-owned professional networking platform LinkedIn was on Thursday fined 310 million euros (around $335 million) for privacy violations related to its tracking ads business.
The Irish Data Protection Commission (IDPC) issued the under the European Union’s General Data Protection Regulation (GDPR). The inquiry examined LinkedIn’s processing of personal data for the purposes of behavioural analysis and targeted advertising of users who have created LinkedIn profiles.
The decision, made by the Commissioners for Data Protection, Dr Des Hogan and Dale Sunderland, concerns the lawfulness, fairness and transparency of this processing.
The decision includes a reprimand, an order for LinkedIn to bring its processing into compliance, and administrative fines totalling 310 million euros, the Irish regulator said in a statement.
DPC Deputy Commissioner Graham Doyle commented that the lawfulness of processing is a fundamental aspect of data protection law and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subject’s fundamental right to data protection.
The networking platform had sought to claim (variously) “consent”, “legitimate interests” and “contractual necessity” based legal bases for processing people’s information — when obtained directly and/or from third parties — to track and profile its users for behavioural advertising.
However, the DPC found none were valid. LinkedIn also failed to comply with the GDPR principles of transparency and fairness. In a statement, LinkedIn said that the IDPC reached a final decision on claims from 2018 about “some of our digital advertising efforts in the EU”.
“While we believe we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the IDPC’s deadline,” the company said.