LinkedIn Fined €310M by Irish Watchdog for GDPR Violations in Targeted Advertising Practices

• LinkedIn received a substantial €310 million fine from the Irish Data Protection Commission over GDPR violations.
• The levy concerns obtaining valid user consent in the company’s data processing practices.
• DPC found the recruitment service failed to meet the requisite GDPR standards in its behavioral analysis and targeted advertising practices.

The Irish Data Protection Commission (DPC) has levied a €310 million fine on recruitment website LinkedIn for breaching the EU's General Data Protection Regulation (GDPR), in one of the most substantial penalties in GDPR's enforcement history, according to Euronews.

The case against LinkedIn originated from a complaint filed in August 2018 by La Quadrature du Net, a French digital rights organization. The complaint was subsequently referred to the Irish DPC, considering LinkedIn's European headquarters is established in Ireland. 

The watchdog found that LinkedIn's data processing practices for behavioral analysis and targeted advertising failed to meet the requisite GDPR standards, particularly concerning obtaining valid user consent.

According to the DPC, LinkedIn did not adequately inform users about how their data was utilized for targeted advertising, thus failing the lawfulness of processing—a critical aspect of data protection law. 

The commission determined that LinkedIn's business interests were outweighed by the fundamental rights and freedoms of data subjects, leading to the imposition of both the fine and a formal reprimand.

Deputy Commissioner Graham Doyle emphasized, "The lawfulness of processing is a fundamental aspect of data protection law, and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subject’s fundamental right to data protection."

In response, LinkedIn stated, "Today the Irish Data Protection Commission (IDPC) reached a final decision on claims from 2018 about some of our digital advertising efforts in the E.U. While we believe we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the IDPC's deadline." 

This enforcement action represents the sixth significant fine for GDPR breaches and follows a series of high-profile penalties, including a €1.55 billion fine imposed on Meta in 2023.

This month, DPC initiated an inquiry into Ryanair's Customer Verification Process over GDPR concerts, as Ryanair admitted employing facial recognition technology that uses customers' biometric data to verify IDs.

Recently, secrity researchers discovered that North Korean threat actors exploit LinkedIn for malware distribution via fake job offers on the recruitment website to trick people adjacent to the crypto sector.