LinkedIn fined $334.3M by Irish regulator
LinkedIn fined $334.3M by Irish regulator
Main article
LinkedIn, which ranks as the largest provider of online job advertising, received €310 million (US$334.3 million) in fines from the Irish Data Protection Commission over its handling of personal data. LinkedIn also received a reprimand and an order to bring its data processing into compliance.
The company contravened several parts of Europe’s General Data Protection Regulation, according to the Commission’s announcement.
LinkedIn said in a response that it believed it had been “in compliance” with the GDPR.
“Today, the Irish Data Protection Commission reached a final decision on claims from 2018 about some of our digital advertising efforts in the EU,” LinkedIn said in its statement. “While we believe we have been in compliance with the General Data Protection Regulation, we are working to ensure our ad practices meet this decision by the IDPC’s deadline.”
The commission previously sent a draft of the decision to Europe’s GDPR cooperation mechanism in July 2024, which raised no objections. Ireland’s Commission then adopted a final decision on 22 October.
“The lawfulness of processing is a fundamental aspect of data protection law, and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subject’s fundamental right to data protection,” Graham Doyle, deputy commissioner at the Irish Data Protection Commission, said in a press release.
European officials started looking into LinkedIn’s practices in August 2018 following a complaint by the French nonprofit La Quadrature du Net. The complaint initially went to the French Data Protection Authority and was later provided to the Irish Data Protection Commission, the lead supervisory authority for LinkedIn.
The Irish Data Protection Authority noted the following takeaways from its decision:
- The processing of personal data without an appropriate legal basis outlined in Article 6(1) GDPR is a clear and serious violation of data subjects’ fundamental right to data protection.
- The GDPR requires that processing is carried out in accordance with the principle of fairness, which requires that personal data may not be processed in a way that is detrimental, discriminatory, unexpected or misleading to the data subject.
- Compliance with transparency provisions ensures that data subjects are fully informed of the scope and consequences of the processing of their personal data in advance and are in a position to exercise their rights.
The full final decision will be published at a later date.