The Irish Data Protection Commission has imposed fines totalling €310m on social media platform LinkedIn.
It follows an investigation into the company’s processing of the personal data of users for the purposes of behavioural analysis and targeted advertising.
The inquiry found breaches of the General Data Protection Regulation (GDPR) relating to the lawfulness, fairness and transparency of the data processing.
The decision was made by the Commissioners for Data Protection, Dr Des Hogan and Dale Sunderland, and was notified to LinkedIn earlier this week.
We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences
“Our findings under the GDPR were that none of the three areas or lawfulness, fairness or transparency were met, and there were serious deficiencies in some areas,” Dr Hogan said.
DPC Deputy Commissioner Graham Doyle said that the lawfulness of processing is a fundamental aspect of data protection law.
“The processing of personal data without an appropriate legal basis is a clear and serious violation of a data subjects’ fundamental right to data protection,” Mr Doyle said.
The investigation was launched in August 2018, following a complaint made by a French non-profit organisation to the French Data Protection Authority.
Because LinkedIn’s EU headquarters are in Dublin, the Irish Data Protection Commission is the lead supervisory authority for the company.
Today’s ruling includes three administrative fines totalling €310m, a reprimand for LinkedIn and an order for the company to bring its data processing into compliance.
The DPC submitted a draft decision to its fellow European data watchdogs in July and no objections were raised.
“Today the Irish Data Protection Commission (DPC) reached a final decision on claims from 2018 about some of our digital advertising efforts in the EU,” a LinkedIn spokesperson said.
“While we believe we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the DPC’s deadline,” the company added.