A substantial fine of 310 million euros has been imposed on LinkedIn by the Irish Data Protection Authority (DPC) due to non-compliance with the European Union’s General Data Protection Regulation (GDPR) regarding the handling of professional social network users’ personal data.
According to the DPC’s statement, an investigation was launched following an initial complaint submitted to the French Data Protection Authority. In addition to the 310 million euro fine, the DPC has given LinkedIn an order to make necessary adjustments and align its personal data processing practices with EU regulations.
The investigation conducted by the Irish authority found that LinkedIn’s processing of personal data was not based on users’ consent, allowing third-party access to analyze user behavior and deliver targeted advertisements.
The DPC points out that LinkedIn failed to obtain informed, specific, and voluntary consent from users, indicating that processing data without an adequate legal basis constitutes a significant infringement of individuals’ fundamental rights to data protection.