Linkedin must pay a fine of 310 million euros

The Irish data protection supervisory authority DPC Ireland has imposed a fine of 310 million euros on the business network Linkedin. This fine is due for unlawful data processing in the analysis of user behavior and targeted advertising. The DPC is responsible for Linkedin because the Microsoft subsidiary has its European headquarters in Ireland.

The proceedings were initiated in 2018 by the French digital civil rights organization La Quadrature du Net. It had submitted a complaint to the French supervisory authority CNIL, after which the DPC took over as the responsible supervisory authority. The complaint concerned the evaluation of user behavior on Linkedin itself, but also the merging of data from third-party sources –, i.e. from other providers. According to the DPC in its decision, which was made public today, Linkedin did not have a legally compliant justification for these processes. "Lawfulness of processing is a fundamental aspect of data protection law," said Irish Deputy Data Protection Commissioner Graham Doyle. "The processing of personal data without an adequate legal basis is a clear and serious breach of the fundamental right to data protection of data subjects."

Three different infringements

Following submission to the European Data Protection Board in May, where there were no objections, the DPC has now legally established a total of three different breaches of the General Data Protection Regulation, which together amount to 310 million euros. In addition, the Irish data protection authority obliged the operator to carry out its data processing in compliance with the GDPR in future. Linkedin can appeal to the Irish courts to have the decision reviewed.

The social network's data processing practices are repeatedly criticized and lead to other legal disputes in addition to data protection law.

(olb)