The Irish Data Protection Commission (DPC) has imposed a total of €310 million in fines on LinkedIn, following an investigation into the platform's handling of users' personal data for behavioral analysis and targeted advertising.
The inquiry revealed violations of the General Data Protection Regulation (GDPR) concerning the legality, fairness, and transparency of data processing. The decision was made by Data Protection Commissioners Dr. Des Hogan and Dale Sunderland and communicated to LinkedIn earlier this week.
"The legality of data processing is a core principle of data protection law," stated DPC Deputy Commissioner Graham Doyle. He emphasized that processing personal data without a valid legal basis constitutes a serious infringement of individuals' fundamental right to data protection.
The investigation began in August 2018, prompted by a complaint from a French non-profit organization to the French Data Protection Authority. As LinkedIn's EU headquarters are located in Dublin, the Irish DPC serves as the primary supervisory authority for the company.
Today's ruling consists of three administrative fines totaling €310 million, along with a reprimand for LinkedIn and an order requiring the company to ensure its data processing complies with regulations. In July, the DPC submitted a draft decision to other European data protection authorities, and no objections were raised.
A LinkedIn spokesperson commented, "Today, the Irish Data Protection Commission (DPC) issued a final decision regarding claims from 2018 concerning some of our digital advertising practices in the EU. While we believe we have been compliant with the GDPR, we are committed to aligning our advertising practices with the DPC's decision by the specified deadline."