The Irish Data Protection Commission (DPC) has ruled that LinkedIn unlawfully handled user data, imposing three administrative fines totalling €310 million ($335 million).
The social network was also reprimanded and ordered to bring its processing into compliance with the European Union’s General Data Protection Regulation (GDPR), according to the DPC.
The inquiry focused on LinkedIn's processing of personal user data for advertising purposes over concerns of its “lawfulness, fairness, and transparency.”
Graham Doyle, deputy director of the regulatory body, said that the lawfulness of processing is “a fundamental aspect of data protection law.”
“The processing of personal data without an appropriate legal basis is a clear and serious violation of a data subjects’ fundamental right to data protection,” Doyle said.
The inquiry was launched based on a complaint filed to the French Data Protection Authority in 2018. LinkedIn was investigated in Ireland because that’s where its European headquarters are based.
"Today the DPC reached a final decision on claims from 2018 about some of our digital advertising efforts in the EU,” LinkedIn said in a statement.
“While we believe we have been in compliance with the GDPR, we are working to ensure our ad practices meet this decision by the DPC's deadline," it said.
The DPC also oversees other US companies that have their European headquarters in Ireland, with Meta among the top offenders of the EU’s privacy and data protection rules. Last year, the company was issued a €1.2 billion fine, the largest GDPR fine ever.
Your email address will not be published. Required fields are markedmarked