LinkedIn was ordered to bring its processing into compliance with the EU’s strict General Data Protection Regulation, launched in 2018 to protect European consumers from personal data breaches.

Ireland fines LinkedIn 310 mn euros over EU data breach

24 Oct 2024, 20:20 · Tech Xplore

An Irish regulator helping to police European Union data privacy said Thursday it had fined professional networking platform LinkedIn 310 million euros ($335 million) over breaching users' personal data for targeted advertising.

The Data Protection Commission (DPC) issued the Microsoft-owned website its first EU fine saying "the consent obtained by LinkedIn was not given freely".

Targeted advertising provides tailored ads to users based on their personal information.

Regulators around the world, especially the EU, have been trying for years to regulate tech giants when it comes to data protection and other matters, notably unfair competition.

The DPC told AFP it has given LinkedIn three months to bring its processing into compliance with the EU's strict General Data Protection Regulation (GDPR), launched in 2018 to protect European consumers from personal data breaches.

"The processing of personal data without an appropriate legal basis is a clear and serious violation of a data subjects' fundamental right to data protection," said Graham Doyle, DPC head of communications.

LinkedIn said in a statement Thursday that while it believed it has "been in compliance with" GDPR, the group is "working to ensure" its practices meet the decision.

Tech fines

Ireland is home to the European headquarters of several tech giants including Microsoft, Apple, Google and Facebook-parent Meta.

In 2018, a French association which defends internet users against digital surveillance by tech giants or states—"La Quadrature du Net"—filed five collective complaints against LinkedIn but also Google, Apple, Facebook and Amazon, accusing them of illegally exploiting the personal data of their users without their consent.

The complaints, which at the time included the names of nearly 12,000 people, were initially filed to CNIL, the French data protection agency, before being transferred to the Irish regulator.

In a statement Thursday, La Quadrature du Net welcomed the decision but said the amount of time the regulator took to issue the fine was a "sign of failures in the European system".

The Irish regulator has imposed a number of big fines against tech companies as the EU seeks to rein in big tech firms over privacy, competition, disinformation and taxation.

In September, it fined Meta 91 million euros for failing to put in place appropriate security measures to protect users' password data and for taking too long to alert the regulator of the issue.

It came after the European Commission scored two major legal victories in separate cases that left Apple and Google owing billions of euros.

At the same time, an EU court scrapped a 1.49-billion euro fine imposed by Brussels against Google over abuse of dominance in online advertising.

In the United States, the US Consumer Protection Agency last year ordered Microsoft to pay $20 million to settle lawsuits for collecting personal data from minors registered on the Xbox console's online gaming platform, without informing their parents.