Professional social network LinkedIn must pay a fine of 310 million euros for unlawfully processing personal data of users in the European Union to deliver targeted advertising, the Irish Data Protection Authority (DPC) announced on Thursday.
“The processing of personal data without an adequate legal basis constitutes a clear and serious infringement of the fundamental right to data protection of the data subject,” the DPC said in a press release. The authority points out, among other things, that users were not adequately asked for consent. According to the decision, LinkedIn must also comply with the European Data Protection Act (GDPR).
The social network, owned by US tech giant Microsoft, said it was confident it was GDPR-compliant, but “we are working to bring our advertising practices into line with the DPC’s decision by the deadline”.
The Irish investigation began after a complaint against LinkedIn in France in 2018. Like many other US tech companies, LinkedIn has its European headquarters in Ireland, so the Irish data protection authority must check whether it complies with EU rules.