Germany court bans LinkedIn from ignoring browser “do-not-track” setting

The business and employment-focused social media platform LinkedIn has no right to ignore users who set the “do-not-track” function on their browser. The ruling in the Berlin Regional Court has also prohibited LinkedIn from disregarding other user privacy features.

Updated with LinkedIn comment.

The Federation of German Consumer Organizations (Verbraucherzentrale Bundesverband, vzbv) announced that it had achieved some victories in a lawsuit against LinkedIn Ireland Unlimited Company.

LinkedIn is no longer allowed to warn users on its website that it does not respond to “do-not-track” signals, the press release reads. The company plans to appeal.

We disagree with the court’s decision which relates to an outdated version of our platform and intend to appeal the ruling, a LinkedIn spokesperson told Cybernews.

Do-not-track (DNT) signals are browser-level settings that help users object to the tracking of their web-surfing behavior. Until now, LinkedIn had warnings on its website that it does not respond to such DNT signals.

According to LinkedIn’s help page, “A DNT standard has not been adopted to this day, and therefore, LinkedIn doesn't use DNT signals.” The social network was required to disclose how it responds to DNT signals after California Governor Jerry Brown made changes to the California Online Privacy Protection Act on September 27th, 2013.

“When consumers activate the “do-not-track” function of their browser, it sends a clear message: They do not want their surfing behavior to be spied on for advertising and other purposes,” says Rosemarie Rodden, legal officer at vzbv. “Website operators must respect this signal.”

The vzbv believes that LinkedIn acted against the will of its users, as personal data, such as the IP address and information about the use of the website, can be evaluated for analysis and marketing purposes, including access by third parties.

“The Berlin Regional Court agreed with the vzbv's opinion that the company's communication was misleading. It suggests that the use of the DNT signal is legally irrelevant and that the defendant does not need to observe such a signal. That is not the case. According to the General Data Protection Regulation (GDPR), the right to object to the processing of personal data can also be exercised using automated procedures. A DNT signal represents an effective contradiction,” the press release announced.

Also, the German court prohibited LinkedIn from activating the “profile visibility” function by default when logging in for the first time. This setting, without proper consent, made personal profiles publicly visible to non-members and even to those outside the social network, for example, in search engines.

The judges clarified that a pre-activated switch does not meet the requirements for getting consent to the publication of personal data.

“User profiles must not automatically be publicly visible when they are created,” Rodden said.

In the other part of the lawsuit, upheld last year, the Berlin Regional court banned LinkedIn from sending email invitations to non-members who have not agreed to the use of their email addresses.

German judges also ruled against some clauses in LinkedIn’s terms and conditions that forced users to accept the English version of the contract as binding or specified that legal disputes could only be resolved in Dublin, Ireland.