LinkedIn fined €310 million for GDPR violations

Microsoft-owned LinkedIn has been issued a hefty €310 million fine by Ireland’s Data Protection Commission (DPC) for violating the General Data Protection Regulation (GDPR) in Europe. The regulator found that LinkedIn’s tracking ads business breached the lawfulness, fairness, and transparency principles of data processing.

Read: Honor 200 Pro Review: An honourable mention

The GDPR requires that the use of personal data has a valid legal basis. LinkedIn’s justifications for its tracking ads business were deemed insufficient. Additionally, the company failed to adequately inform users about its data practices.

LinkedIn had claimed various legal bases, including consent, legitimate interests, and contractual necessity, for processing user data. However, the DPC found these justifications invalid. The company also fell short in adhering to the GDPR principles of transparency and fairness.

Graham Doyle, DPC deputy commissioner, emphasized the importance of lawful data processing and highlighted the serious violation of data subjects’ rights.

The €310 million fine places LinkedIn among the top 10 largest GDPR penalties imposed on Big Tech companies. While this is not the first time LinkedIn has faced data protection violations, it is the most significant sanction to date.

The case against LinkedIn originated in France in 2018, with a complaint filed by La Quadrature Du Net. The DPC investigated the matter and finalized its decision in July 2024.

In addition to the fine, LinkedIn has been given three months to bring its European operations into compliance with the GDPR.

In a statement, LinkedIn acknowledged the DPC’s decision and stated that while it believes it was compliant with the GDPR, it is working to ensure its ad practices meet the regulator’s requirements.