LinkedIn fined €310 million by Irish regulator over GDPR breach

Ireland’s Data Protection Commission (DPC) has fined LinkedIn €310 million ($335 million) for breaching the European Union’s data privacy rules by using users’ data for targeted advertising without obtaining proper consent. This marks the first EU fine issued to the Microsoft-owned professional networking platform for violating the General Data Protection Regulation (GDPR).

The DPC, which oversees compliance with EU privacy laws, determined that LinkedIn’s process of obtaining user consent for targeted ads did not meet the standards required by the GDPR. The regulator emphasized that the consent LinkedIn obtained "was not given freely," constituting a serious breach of users’ rights under European law.

Targeted advertising, a common practice where ads are tailored based on users’ personal information, has been under increased scrutiny globally, with regulators, particularly within the EU, focusing on the data protection and privacy implications for consumers.

Graham Doyle, the DPC’s head of communications, stated, "The processing of personal data without an appropriate legal basis is a clear and serious violation of a data subject’s fundamental right to data protection."

LinkedIn, while maintaining that it believed its practices were in compliance with the GDPR, said it is working to adjust its operations to align with the DPC’s decision. The company has been given a three-month deadline to bring its data processing procedures in line with EU regulations.

This fine against LinkedIn is part of a larger trend of increasing enforcement actions against tech companies, particularly those based in Ireland, home to the European headquarters of several major tech firms, including Microsoft, Apple, Google, and Meta.

The investigation into LinkedIn stems from collective complaints initially filed in 2018 by "La Quadrature du Net," a French digital rights group. The complaints, which targeted LinkedIn, as well as other tech giants like Google, Apple, Facebook, and Amazon, accused the companies of exploiting personal data without obtaining proper consent from users. The Irish regulator took over the LinkedIn case from CNIL, France’s data protection agency.