LinkedIn faces a €310 million fine for GDPR violations due to lack of transparency in data processing, following a probe by the Irish Data Protection Commissioner.
The Irish Data Protection Commissioner (DPC) has imposed a €310 million fine on LinkedIn for violating the General Data Protection Regulation (GDPR) by failing to ensure transparency in data processing.
The decision follows an inquiry initiated by a complaint from the French Data Protection Authority, which scrutinized LinkedIn’s handling of personal data, especially in targeted advertising and behavioral analysis.
The investigation revealed that LinkedIn violated several GDPR provisions, particularly Article 6(1)(a), by failing to secure valid consent from users for targeted advertising.
The DPC found that users were not given the option to freely provide informed consent, thus infringing on their fundamental rights.
Additionally, LinkedIn incorrectly cited legitimate interests under Article 6(1)(f) to justify processing, despite these interests being outweighed by user rights. The platform was also criticized for misusing Article 6(1)(b), which refers to contractual necessity, arguing that data processing for behavioral analysis did not fulfill user agreements.
Furthermore, the DPC highlighted LinkedIn’s failure to inform users about the legal basis of its data processing, contravening Articles 13(1)(c) and 14(1)(c) of the GDPR.
Graham Doyle, DPC’s deputy commissioner, emphasized that lawful data processing is vital for protecting user rights, noting that LinkedIn’s approach breached users’ rights to data protection.
In response to the DPC’s ruling, LinkedIn has been directed to revise its data processing policies to comply with GDPR requirements. This significant fine underlines the DPC’s commitment to enforcing data privacy laws and protecting users’ rights.
Discover more from NaijaOne
Subscribe to get the latest posts sent to your email.