LinkedIn is facing a €310 million ($334 million) fine in the EU after the Irish Data Protection Commission (DPC) determined it had improperly conducted behavioral analyses of its members' personal data for targeted advertising. This decision argues that LinkedIn violated the GDPR by not obtaining proper consent, demonstrating legitimate interest or showing a contractual necessity to process the data it and third-parties collected.
The DPC also reprimanded LinkedIn and handed down an order for it to collect all data in a compliant manner. "The lawfulness of processing is a fundamental aspect of data protection law and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subjects’ fundamental right to data protection," DPC Deputy Commissioner Graham Doyle stated.
The decision stems from a 2018 complaint by the French non-profit organisation, La Quadrature Du Net, and an initial inquiry examining whether LinkedIn processed the personal data of its users lawfully, fairly and transparently. The matter was originally raised with the French Data Protection Authority and then transferred to the DPC as LinkedIn's European base is Ireland.
This article originally appeared on Engadget at https://www.engadget.com/big-tech/eu-fines-linkedin-334-million-for-violating-the-gdpr-123053773.html?src=rss