top of page
OutSystems-business-transformation-with-gen-ai-ad-300x600.jpg
OutSystems-business-transformation-with-gen-ai-ad-728x90.jpg
TechNewsHub_Strip_v1.jpg

LATEST NEWS

Marijan Hassan - Tech Journalist

LinkedIn fined $335 million for GDPR Violations in its ad tracking practices


LinkedIn, the Microsoft-owned professional networking platform, has been slapped with a hefty €310 million ($335 million) fine by Ireland’s Data Protection Commission (DPC) for violating the European Union’s General Data Protection Regulation (GDPR).




The GDPR mandates that companies processing user data must establish a lawful basis for doing so and explicitly communicate this to users. LinkedIn failed to do this, then attempted to use various legal arguments including "consent," "legitimate interests," and "contractual necessity," to justify its data tracking for behavioral advertising.


However, Ireland’s DPC found that none of these justifications met GDPR requirements. The regulator concluded that LinkedIn's tracking and profiling of users lacked a valid legal basis and failed to provide the necessary transparency required under the law.


“The lawfulness of processing is a fundamental aspect of data protection law,” said DPC Deputy Commissioner Graham Doyle in a statement. “The processing of personal data without an appropriate legal basis is a clear and serious violation of a data subject’s fundamental right to data protection.”


A years-long case and record fine

The case against LinkedIn began in 2018 with a complaint from French digital rights organization La Quadrature du Net, which flagged the company's ad-tracking practices as potentially unlawful. Given that Microsoft’s GDPR oversight falls under Ireland’s jurisdiction, the DPC took on the investigation.


Finally, after six years of analysis, the DPC submitted its draft decision to other data protection authorities in July 2024, leading to the finalization of the ruling and financial penalty.


This $335 million fine now ranks among the top ten largest GDPR-related penalties against Big Tech, underscoring the DPC's push for compliance in data protection practices. LinkedIn’s penalty also stands as the company’s most significant sanction to date for GDPR violations in the EU. Although LinkedIn emphasized in a blog statement that it had previously anticipated the fine.


LinkedIn’s Response and Compliance Actions

In response to the ruling, LinkedIn expressed its belief that it had been acting in compliance with GDPR requirements but acknowledged its obligation to meet the DPC’s demands.


“Today, the Irish Data Protection Commission (IDPC) reached a final decision on claims from 2018 about some of our digital advertising efforts in the EU. While we believe we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the IDPC’s deadline,” LinkedIn stated.


As part of the enforcement action, LinkedIn has been given three months to bring its European operations fully in line with GDPR requirements. This includes reevaluating its data-processing practices and ensuring user data is handled with the transparency, fairness, and lawfulness required by the GDPR.

Comments


wasabi.png
Gamma_300x600.jpg
paypal.png
bottom of page