LinkedIn is facing a €310 million ($334 million) fine in the EU after the Irish Data Protection Commission (DPC) determined it improperly used behavioral analysis of its members’ personal data for targeted advertising. The decision argues that LinkedIn violated the GDPR by not obtaining proper consent, demonstrating a legitimate interest or a contractual requirement to process the data it collected and collected by third parties.
The DPC also reprimanded LinkedIn and ordered it to process all data it collected in a compliant manner. “The lawfulness of processing is a fundamental aspect of data protection law and the processing of personal data without an appropriate legal basis is a clear and serious violation of data subjects’ fundamental right to data protection,” said DPC deputy commissioner Graham Doyle.
The decision stems from a 2018 complaint and a preliminary investigation by French non-profit organization, La Quadrature du Net, which examined whether LinkedIn processed its users’ personal data in a lawful, fair, and transparent manner. The case was originally raised before the French data protection authority and then transferred to the DPC as LinkedIn’s European base is Ireland.
A LinkedIn spokesperson shared a statement with Engadget in response to the decision: “Today the Irish Data Protection Commission (IDPC) made a final decision on claims from 2018 regarding some of our digital advertising efforts in the EU. While we believe we are compliant with the General Data Protection Regulation (GDPR), we are working to ensure our advertising practices meet this decision by the IDPC’s deadline.”
Austrian privacy advocate NOYB has launched its first GDPR complaints against Chinese businesses. The organization has filed complaints against TikTok, Xiaomi, Shein, AliExpress, Temu and WeChat, alleging that these companies have illegally shared information about European users with parties in China. The group is seeking a suspension of data transfers to China as well as fines of up to four percent of the firm’s global revenue. NOYB is an acronym for “None of Your Business” and is led by activist Max Schrems, known for his campaigns against Facebook.
The General Data Protection Regulation is a rule covering information privacy in the European Union. Under that regulation, data transfers outside the EU are only allowed if the destination country does not undermine data protection. Calling China an “authoritarian surveillance state,” NOYB is arguing that data transfers to the country should not be permitted.
“According to their privacy policy, AliExpress, SHEIN, TikTok and Xiaomi transfer data to China,” NOYB said in a release announcing the action. “Temu and WeChat mention transfers to third countries. According to the corporate structure of Temu and WeChat, this most likely involves China.”