Highlights:

• LinkedIn was penalized €310 million for not adhering to GDPR in the EU.
• The company lacked a lawful justification for gathering and utilizing personal data for advertising purposes.
• The Data Protection Commission dismissed LinkedIn’s legal claims (regarding consent and business interests) as inadequate.
• LinkedIn is required to align with EU standards and revise its data practices within three months.

 

The European Union (EU) imposed a fine of €310 million ($335 million) on LinkedIn for violating General Data Protection Regulation (GDPR) laws. This penalty ranks among the largest against social media companies under GDPR due to its data processing methods in targeted advertisements.

 

GDPR establishes rights for individuals over their personal information and mandates that companies manage data in a transparent, fair, and legal manner. However, LinkedIn breached these regulations, leading to repercussions from the EU.

 

LinkedIn gathers user information and employs that data for displaying targeted advertisements. Nonetheless, Ireland’s Data Protection Commission (DPC) determined that LinkedIn lacked a legal basis for this data collection. According to GDPR, businesses must possess a specific legal justification to gather and utilize people's data, which LinkedIn failed to establish. While LinkedIn contended that users had consented to this data gathering and that it benefited the company's business model, the DPC found LinkedIn's data collection practices problematic without a valid legal foundation.

 

The DPC levied a €310 million ($335 million) fine against LinkedIn for these infringements of privacy. LinkedIn asserted that it had complied with regulations but will now modify its practices to align with EU standards. The company has been allotted three months to implement these changes to adhere to GDPR.