Irish Data Protection Commission Imposes €310 Million Fine on LinkedIn Ireland

Data Protection Law

The final decision ("Decision") regarding the investigation initiated by the Irish Data Protection Commission against LinkedIn Ireland in the context of personal data processing, following a complaint filed by the French non-profit organisation La Quadrature Du Net on 20 August 2018, was published on its official website on 24 October 2018.

According to the Desicion;

  • The processing of personal data by Linkedin is not based on a legal basis pursuant to Articles 6 and 5(1)(a) of the General Data Protection Regulation ("GDPR"):
  1. LinkedIn processes third party data of its users for the purposes of behavioural analysis and targeted advertising and does not provide valid consent under Art. 6(1)(a) GDPR.
  2. LinkedIn cannot rely on Article 6(1)(f) GDPR (legitimate interests) to process first party personal data and third party data of its employees for analytical purposes, as LinkedIn's interests do not override the interests and fundamental rights of data subjects.
  3. LinkedIn does not rely on Article 6(1)(b) GDPR (contractual obligation) to process first-party data of its members for the purposes of behavioural analysis and targeted advertising.
  4. The information provided by LinkedIn regarding its reliance on Articles 6(1)(a), 6(1)(b) and 6(1)(f) of the GDPR as a legal basis does not meet the requirements of Articles 13(1)(c) and 14(1)(c) of the GDPR.
  5. The principle of fairness under Article 5(1)(a) of the GDPR has been infringed.
  • The Irish Data Protection Commission has issued LinkedIn with;
  1. a warning pursuant to Article 58(2)(b) of the GDPR
  2. three administrative fines totalling €310 million pursuant to Articles 58(2)(i) and 83 of the GDPR; and
  3. Order LinkedIn to bring its operations into line with the GDPR, pursuant to Article 58(2)(d)

 

You can reach further information here.  

 

Kind Regards,

Zumbul Attorneys-at-Law

info@zumbul.av.tr