Irish Authorities Lash Out at LinkedIn for GDPR Violations

GDPR Rules Came into effect

LinkedIn was recently in conflict with the General Data Protection Regulation (GDPR), which upset the Irish authorities. Apparently, the Microsoft-owned professional social network reached out to around 18 million non-LinkedIn users through Facebook Ads.

Complaints by disgruntled Irish Non-LinkedIn users reportedly led to the initiation of an investigation by the Data Process Commissioner (DPC), which happens to be the concerned Irish Authority.

What is GDPR?

General Data Protection Regulation (GDPR) has been effective from 25th May 2018 and is a set of rules designed for the citizens of Europe Union and European Economic Area. These rules ensure that the citizens of EU and EEA have better control over their personal data.

The Issue

In a bid to boost its numbers, LinkedIn evolved a strategy, which involved reaching out to 18 million Non-LinkedIn users through Facebook Ads. To ensure effective implementation of this Facebook Ad Campaign, LinkedIn provided Facebook with the hashed versions of the 18 million email Ids.

Here, the core concern was the manner in which LinkedIn procured the personal details of non-LinkedIn users, without seeking their permission. Such unauthorized procurement of personal details was a clear violation of GDPR.

Meanwhile, the Microsoft-owned professional social network accepted its shortcomings and apologized for unknowingly contravening the GDPR Rules. Dennis Kelleher, Head of Privacy for LinkedIn said

“Unfortunately the strong processes and procedures we have in place were not followed and for that we are sorry. We’ve taken appropriate action, and have improved the way we work to ensure that this will not happen again”

The DPC’s Report on GDPR states that the issue was ‘amicably resolved’, but there seems to be no clarity on how this data was compiled by LinkedIn.

Eventually, the DPC’s audit managed to dig into the underlying issue, which was pre-computation. Thereafter, the Irish Regulator directed LinkedIn to terminate such practices and to comply with the GDPR.

LinkedIn was also directed to destroy all other similar data that it had accumulated before GDPR came into force. However, The Irish Regulator did not slap a fine on LinkedIn, which comes as a surprise considering what Facebook UK has recently been through.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients