heise PlusAbo

Noyb: "LinkedIn locks GDPR rights behind a paywall"

LinkedIn refuses certain GDPR disclosures. Data is available for a fee. Austrian DPA to clarify if this is permissible.

listen Print view
Sign "Microsoft" at the entrance to the Microsoft campus, with a pedestrian traffic light showing red in front of it.

LinkedIn belongs to the data corporation Microsoft.

(Image: Daniel AJ Sokolov)

3 min. read
By

Microsoft subsidiary LinkedIn tracks and stores who accesses which user profiles. This is used for advertising purposes. For a fee of around 30 euros per month, any user can also view the list of visitors to their own profile. However, if LinkedIn is supposed to provide the same information as part of a GDPR data subject access request, it allegedly cannot. An Austrian LinkedIn user does not want to accept this contradiction any longer.

He has filed a complaint against LinkedIn Ireland with the country's data protection authority. The corporate division responsible for LinkedIn's European business should be obliged to provide comprehensive information and also be fined. The data protection organization Noyb (None of your business) supports the complainant.

He states that he requested data disclosure from LinkedIn in accordance with Article 15 GDPR (General Data Protection Regulation), but only received incomplete information. The list of users who accessed his profile was missing. LinkedIn explained this deficiency by stating that it only discloses the applicant's own personal data, not the data of other members.

From Noyb's perspective, however, this is a curtailment of the right of access: Article 15(1)(c) grants the right to be informed about “the recipients ... to whom the personal data have been or will be disclosed”. And profile visitors are recipients of data about the person presented in the profile.

Precedent Austrian Post

In fact, everyone is entitled to know to whom their personal data has been passed on. If specific recipients are known, they must be named according to a ruling by the European Court of Justice from 2023 (ECJ C-154/21). At that time, Ă–sterreichische Post did not want to reveal to which advertisers it sells customer data. However, the ECJ recognized that those responsible for data processing are indeed obliged to disclose the identity of the recipients to data subjects upon request. Noyb also relies on this in its complaint against LinkedIn.

While it is unclear whether LinkedIn's logging of profile visitors is legally permissible at all, Noyb believes. However, since the data exists, LinkedIn must provide information. heise online has contacted the subsidiary of the Microsoft group for a statement.

Videos by heise

Incidentally, any LinkedIn user can prevent themselves from appearing in the visitor lists of other profiles. The corresponding option can be found in the settings under “Visibility”.

(ds)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten