Key Points
- The Irish Data Protection Commissioner fined LinkedIn €310 million ($335 million) for violating GDPR rules on targeted advertising.
- Microsoft had anticipated the fine, setting aside $425 million in 2022 in preparation for a potential penalty.
- LinkedIn maintains that it has been compliant with GDPR but is working to adjust its ad practices to meet the DPC’s decision.
- The Irish Data Protection Commissioner continues to enforce GDPR laws against major U.S. tech firms, including Meta, Google, and Microsoft.
The European Union’s privacy regulator has imposed a substantial fine on Microsoft’s professional networking platform, LinkedIn, for its targeted advertising practices. On Thursday, the Irish Data Protection Commissioner (DPC), which oversees privacy regulations for many major U.S. tech companies in the EU, announced the €310 million ($335 million) fine, citing violations of data privacy laws.
The DPC’s investigation found that LinkedIn processed users’ data without an appropriate legal basis, directly infringing on the General Data Protection Regulation (GDPR). The GDPR, enforced across the EU, mandates strict rules for how companies handle individuals’ data, requiring a clear legal basis for such activities. LinkedIn was found to be in breach of these regulations by using personal data for targeted advertising without sufficient consent from users.
“The processing of personal data without an appropriate legal basis is a clear and serious violation of a data subject’s fundamental right to data protection,” said Graham Doyle, Deputy Commissioner of the DPC, in a statement.
Microsoft, which owns LinkedIn, had previously indicated that it anticipated a significant fine. In its 2022 financial reports, Microsoft set aside approximately $425 million, expecting a potential penalty from the Irish regulator. Despite this preparation, the fine imposed was slightly lower than anticipated.
LinkedIn responded to the DPC’s decision with a statement expressing its belief that it had been compliant with GDPR. “While we believe we have complied with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the IDPC’s deadline,” the company said. LinkedIn has not yet confirmed whether it will challenge the fine or change its advertising processes.
This fine is the latest in a series of penalties levied against U.S. tech companies by the Irish Data Protection Commissioner. Due to the high concentration of major technology firms with their European headquarters in Ireland, the DPC has played a leading role in enforcing GDPR. Tech giants like Meta, Google, and now Microsoft have faced scrutiny over their data handling practices, resulting in fines and requirements to improve their compliance with EU data protection laws.
The case against LinkedIn underscores the ongoing challenges U.S. companies face in navigating Europe’s stringent data protection landscape. Regulators prioritize individuals’ rights over corporate data collection practices.