The Irish Data Protection Commission (IDPC) has fined LinkedIn, a Microsoft-owned platform, €310 million (around $335 million) for violating the General Data Protection Regulation (GDPR) related to its ad tracking practices. This investigation focused on LinkedIn’s processing of personal data for behavioural analysis and targeted advertising, particularly examining whether the platform’s practices aligned with GDPR principles of lawfulness, fairness, and transparency.
LinkedIn had argued that it was relying on legal bases such as “consent,” “legitimate interests,” and “contractual necessity” to justify its tracking and profiling activities. However, the IDPC found these claims invalid, concluding that LinkedIn had no appropriate legal basis for its processing of user data. Furthermore, the commission ruled that LinkedIn failed to meet GDPR requirements on transparency and fairness, crucial aspects of data protection law.
As part of the ruling, the IDPC issued a reprimand, ordered LinkedIn to bring its practices into compliance with the regulation, and imposed the €310 million fine. This decision underscores the serious nature of GDPR violations and the importance of respecting users’ fundamental right to data protection.
Graham Doyle, Deputy Commissioner of the IDPC, emphasized that processing personal data without a valid legal basis constitutes a significant breach of individuals’ rights under GDPR.
Also read: Make-A-Wish fulfills 26 children’s travel dreams
In response to the ruling, LinkedIn acknowledged the decision but expressed its belief that it had been compliant with GDPR regulations. The company stated that it is now working to meet the IDPC’s requirements by the specified deadline to ensure its digital advertising practices align with the regulation.
This case highlights the growing scrutiny on how companies process personal data for advertising and behavioural analysis, further reinforcing the importance of GDPR compliance in today’s digital landscape.