The Irish Data Protection Commission (DPC) has levied fines totaling €310 million against LinkedIn following an investigation into the platform's management of users' personal data for behavioral analysis and targeted advertising.
The investigation uncovered breaches of the General Data Protection Regulation (GDPR) related to the legality, fairness, and transparency of data processing. This decision was made by Data Protection Commissioners Dr. Des Hogan and Dale Sunderland and was communicated to LinkedIn earlier this week.
"The legality of data processing is a fundamental principle of data protection law," said DPC Deputy Commissioner Graham Doyle. He stressed that processing personal data without a valid legal basis represents a serious violation of individuals' fundamental right to data protection.
The inquiry was initiated in August 2018 after a complaint from a French non-profit organization to the French Data Protection Authority. Since LinkedIn's EU headquarters are based in Dublin, the Irish DPC serves as the main supervisory body for the company.
The ruling includes three administrative fines totaling €310 million, a reprimand for LinkedIn, and an order mandating the company to ensure compliance with data processing regulations. In July, the DPC presented a draft decision to other European data protection authorities, with no objections raised.
A spokesperson for LinkedIn stated, "Today, the Irish Data Protection Commission (DPC) issued a final decision regarding claims from 2018 related to some of our digital advertising practices in the EU. While we believe we have complied with the GDPR, we are dedicated to aligning our advertising practices with the DPC's decision by the specified deadline."