Data Protection Commission has convicted LinkedIn for misusing users’ data without their permission. It has taken user data of registered members and targets them in Facebook. According to the investigation, LinkedIn processed those email IDs and retargeting the users. LinkedIn was acquired by Microsoft hardly a year back.
The investigation was carried out by the DPC Ireland after a non-LinkedIn user filed a complaint about it. Processing personal data like email address, phone no without specific permission from the users is strictly prohibited by law. The complaint was specifically for targeting the users through Facebook advertisement reversely with the email address provided in their LinkedIn account. Though many online companies do this, in Europe and in some countries it requires to obtain permission from the users.
According to the investigation agency, LinkedIn has processed more than 18 million hashed email addresses for this purpose and the complaint comes true. Many of them even are not LinkedIn users also! That’s surprising. LinkedIn Ireland needs to get permission from its parent authority and from the data controller before doing so. But in this case, that was also avoided.
Though LinkedIn has not given any specific official statement on this, a single statement comes from the officials that the issue might have been occurred due to technical security and system problems for a while. The organization is taking measures to resolve that soon.
DPC has ordered to remove the data of non-LinkedIn members that have been in the list since prior 25th May 2018.
We have no idea how this order can resolve the issue and what will be done with the data taken after that date!
The head of privacy in LinkedIn has said,
“We appreciate the DPC’s 2017 investigation of a complaint about an advertising campaign and fully cooperated.”
But LinkedIn has not been fined because until and unless GDPR regulation comes into effect, the regulator has no authority to impose fines.