Ireland’s data watchdog has fined networking site LinkedIn 310 million euros and ordered it to bring its data processing into compliance with EU law following a probe into how it deals with users’ data.
The Data Protection Commission (DPC) said it concerns the lawfulness and transparency of LinkedIn’s processing of personal data for targeted advertising and behavioural analysis.
The inquiry was launched by the DPC, in its role as the lead supervisory authority for LinkedIn, following a complaint initially made to the French Data Protection Authority.
We need your consent to load this Social Media content. We use a number of different Social Media outlets to manage extra content that can set cookies on your device and collect data about your activity.
The inquiry examined LinkedIn’s processing of personal data for the purposes of behavioural analysis and targeted advertising of users who have created LinkedIn profiles.
The decision, which was made by the Commissioners for Data Protection Dr Des Hogan and Dale Sunderland and notified to LinkedIn on October 22, concerns the lawfulness, fairness and transparency of this processing.
The decision includes a reprimand, an order for LinkedIn to bring its processing into compliance, and administrative fines totalling 310 million euros.
In a statement, the DPC said that it submitted a draft decision to the European GDPR co-operation mechanism in July, as required under Article 60 of the regulation.
“No objections to the DPC’s draft decision were raised. The DPC is grateful for the co-operation and assistance of its peer EU/EEA supervisory authorities in this case,” it added.
The DPC said the processing of personal data should be lawful, but that the consent obtained by LinkedIn by its users was not freely given, sufficiently informed or specific, or unambiguous.
DPC deputy commissioner Graham Doyle said: “The lawfulness of processing is a fundamental aspect of data protection law and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subject’s fundamental right to data protection.”
The DPC said it will publish the full decision and further related information in due course.
A LinkedIn spokesperson said: “Today the Irish Data Protection Commission (IDPC) reached a final decision on claims from 2018 about some of our digital advertising efforts in the EU.
“While we believe we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the IDPC’s deadline.”