.png)
.png)
The Irish Data Protection Commission (DPC) has imposed a €310 million ($335 million) fine on LinkedIn, owned by Microsoft, for breaching the European Union’s General Data Protection Regulation (GDPR) in its data processing and targeted advertising practices. The DPC’s inquiry focused on LinkedIn’s handling of user and third-party data for behavioral analytics and targeted advertising, identifying multiple breaches of Article 6 of the GDPR, as noted in a press release issued Thursday.
Article 6 of the GDPR addresses several core requirements of lawful data processing, including obtaining user consent, establishing legitimate interest, contractual necessity, and ensuring an appropriate legal basis for data handling. In addition to the substantial fine, the DPC ordered LinkedIn to amend its data processing practices to achieve compliance within three months.
“The lawfulness of processing is a fundamental aspect of data protection law and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subject’s fundamental right to data protection,” said Graham Doyle, deputy commissioner of the Irish DPC, in the release.
In response, LinkedIn issued a statement asserting its commitment to compliance: “While we believe we have been in compliance with the GDPR, we are working to ensure our ad practices meet this decision by the Irish DPC’s deadline.”
The penalty follows Microsoft’s June 2023 disclosure that it had allocated $425 million in anticipation of a possible GDPR fine for issues dating back to 2018, which were initially referred to the Irish DPC by the French Data Protection Authority.
According to the GDPR enforcement tracker, this €310 million fine ranks as the Irish DPC’s fifth-largest fine to date. Two significant fines against Meta—€390 million ($414 million at the time) in January 2023 and a record €1.2 billion ($1.3 billion at the time) in May 2023—occupy the third and first positions on the tracker, respectively.
By fLEXI tEAM
Comments