European Union regulators have fined LinkedIn a hefty €310 million ($335 million) for violating the General Data Protection Regulation (GDPR) data privacy rules. The fine was imposed by Ireland’s Data Protection Commission (DPC) on October 24. The DPC raised concerns about the lawfulness, fairness, and transparency of LinkedIn’s personal data processing for advertising purposes.
As the lead privacy regulator for LinkedIn, the DPC conducted an investigation and found that LinkedIn did not have a legitimate basis for collecting data to target users with ads, thus breaching GDPR. The investigation was initiated following a complaint from the French Data Protection Authority.
According to a DPC press release, “The inquiry examined LinkedIn’s processing of personal data for behavioral analysis and targeted advertising of users who have LinkedIn profiles (members).” The DPC’s decision includes a reprimand, an order for LinkedIn to bring its processing into compliance, and administrative fines totaling €310 million.
LinkedIn maintains that it believes it has been compliant with the rules but acknowledges that it will strive to ensure its advertising practices meet the necessary requirements.