Six years after a complaint was lodged against LinkedIn over its handling of user data, the Irish Data Protection Commission (DPC) has imposed one of the larger fines in GDPR history.
Ireland’s Data Protection Commission (DPC) on Thursday fined LinkedIn €310m for failing to tell users how their data was being deployed for behavioural analysis and targeted advertising, in violation of the EU’s General Data Protection Regulation (GDPR).
According to the DPC, LinkedIn failed to meet required standards when obtaining valid consents from users, and the watchdog found that the social media giant’s interests “were overridden by the interests and fundamental rights and freedoms of data subjects”.
In addition to the fine, LinkedIn received a formal reprimand and is required to ensure full compliance with GDPR regulations.
“The lawfulness of processing is a fundamental aspect of data protection law, and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subject’s fundamental right to data protection,” Deputy Commissioner Graham Doyle commented.
The case originated from a complaint filed in August 2018 by French digital rights organisation La Quadrature du Net. The French data protection authority referred the case to Ireland, where LinkedIn’s European headquarters are located.
This is the sixth significant fine issued for GDPR breaches. The largest was a €1.55 billion penalty imposed on Meta by the Irish DPC in 2023.
LinkedIn told Euronews: “Today the Irish Data Protection Commission (IDPC) reached a final decision on claims from 2018 about some of our digital advertising efforts in the EU. While we believe we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the IDPC’s deadline.”.
This article have been modified to include a quote from LinkedIn.