The Microsoft subsidiary LinkedIn is being asked to pay: The Irish Data Protection Commission (DPC) has imposed a fine of 310 million euros on the career network. The reason: serious violations of the European General Data Protection Regulation (GDPR).
The authority accuses the company of violating applicable EU law when processing personal data for the purposes of behavioral analysis and targeted advertising. The investigations, which began in 2018, stem from a complaint that was initially submitted to the French data protection authority.
“The lawfulness of data processing is a fundamental aspect of data protection law,” emphasized Deputy Commissioner Graham Doyle. The processing of personal data without an adequate legal basis constitutes a “clear and serious violation of the fundamental right to data protection”.
At the heart of the criticism is the company’s lack of transparency towards its users. LinkedIn had failed to inform them sufficiently about the processing of third-party data and to obtain their consent accordingly. The Irish authority ordered LinkedIn to bring its processing practices into line with the applicable regulations.
A LinkedIn spokesperson rejected the accusations and emphasized that the company had not violated the GDPR in its own estimation. Nevertheless, he announced that the company was working on adapting its advertising practices to meet the authority’s requirements.