Firm fined for scraping data on LinkedIn


Regulators in France have fined software company Kaspr €240,000 ($249,600) for scraping data on LinkedIn.

According to the National Commission on Informatics and Liberty (CNIL), the Paris-based firm violated EU’s privacy rules by collecting and storing data from the professional social network that it was not authorized to collect or keep.

According to the authorities, Kaspr broke the law by collecting contact details of LinkedIn users who had restricted visibility of their contact information to their 1st and 2nd-degree connections.

ADVERTISEMENT

Additionally, although the company could legally collect and store information users had chosen to make publicly visible, it was retaining their data for a “disproportionately long time,” regulators said.

Kaspr’s business model is based on a paid Chrome browser extension that allows customers to obtain the professional contact details of people on LinkedIn, create lead lists and build outreach campaigns among other applications.

The firm is owned by data company Cognism. Its database contains about 160 million contacts scraped from LinkedIn and other websites, such as domain name registries, according to the authorities.

The CNIL said it had received numerous complaints from people who had been “canvassed” by entities that obtained their contact details through the Kaspr extension.

Linas Kmieliauskas jurgita Marcus Walsh profile Niamh Ancell BW
Don’t miss our latest stories on Google News

Regulators also said that Kaspr failed to comply with the obligation to provide transparent information to individuals whose data it collected.

The company only started sending out emails to individuals whose data it collected in 2022 – four years after the extension launched – and did not do so in a “comprehensible” manner, according to the CNIL.

Kaspr also failed to respect the right of access of individuals, regulators said.

ADVERTISEMENT

“When people who had been canvassed asked Kaspr how their contact details had been collected, the company simply told them that their contact details had been collected from publicly accessible sources,” they said.

In addition to a fine, the CNIL ordered Kaspr to cease its unlawful practices and comply with the General Data Protection Regulation (GDPR).