The Irish Data Protection Commission (DPC) has fined LinkedIn €310 million ($334.3 million), accusing the career networking platform of violating EU data laws.
The fine comes after a long investigation into the company’s handling of user’s personal data for behavioral analysis and targeted advertising.
Background of the Investigation
The DPC initiated its investigation in 2018 after a complaint flagged by France’s data protection authority.
The complaint was filed by a non-profit organization. It questioned the transparency and legality of how LinkedIn processed users’ personal data for advertising purposes.
The DPC found LinkedIn in breach of several key GDPR principles. These regarded the the lawfulness, fairness, and transparency of its data processing.
Graham Doyle, the DPC’s deputy commissioner, said:
“The lawfulness of processing is a fundamental aspect of data protection law and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subjects’ fundamental right to data protection,”
Need Career Advice? Get employment skills advice at all levels of your career
Key Findings and Orders
The Irish regulators concluded LinkedIn failed to adequately inform users when seeking their consent to process third-party data for behavioral analysis and targeted advertising.
The DPC has ordered LinkedIn to revise its processing practices to comply with GDPR requirements.
A LinkedIn spokesperson said the company is working to align its ad practices with the DPC’s decision, although it believes it has not breached the regulation.
The company aims to ensure that all aspects of its data practices meet the required legal standards.
A Broader Pattern of Fines
The fine comes on the heels of another significant penalty levied by the DPC against Facebook owner Meta Platforms.
Meta was fined €91 million after it was found to have stored some users’ passwords on its internal systems without proper safeguards.
Ireland, which hosts the European headquarters of several major tech companies, has become a key enforcer of the GDPR.
The DPC’s actions indicate an ongoing effort to hold tech giants accountable for data privacy breaches.
