
LinkedIn misused data on
non-users by allowing their email addresses to be used to target Facebook advertising, according to a report by the Irish Data Protection Commissioner (DPC).
The news broke Friday in the
Irish Times, and was subsequently picked up by other media.
The report covers alleged violations of E-Privacy Regulations from January 1 to May 24, 2018.
The DPC report states
that LinkedIn “processed hashed email addresses of approximately 18 million non-LinkedIn members and targeted these individuals on the Facebook Platform.”
It adds that the
complaint “was ultimately amicably resolved, with LinkedIn implementing a number of immediate actions to cease the processing of user data for the purposes that gave rise to the
complaint.”
However, an audit later revealed that LinkedIn was undertaking the pre-computation of a suggested professional network for non-LinkedIn members.”
LinkedIn was
ordered to “cease pre-compute processing and to delete all personal data associated with such processing prior to 25 May 2018,” the date that GDPR took effect.
TechCrunch reports
that Denis Kelleher, head of privacy, EMEA, for LinkedIn, responds as follows:
“We appreciate the DPC’s 2017 investigation of a complaint about an advertising campaign and fully
cooperated. Unfortunately the strong processes and procedures we have in place were not followed and for that we are sorry.”
He added: "We’ve taken appropriate action, and have
improved the way we work to ensure that this will not happen again. During the audit, we also identified one further area where we could improve data privacy for non-members and we have voluntarily
changed our practices as a result.”
The DPC investigated 41 complaints in the time period covered by the report. Of these, 24 were related to email marketing, 16 to SMS and one to
telephone marketing.
In one email case, Guerin Media Limited was prosecuted for sending unsolicited marketing emails, convicted on four charges and fined €4,000, the report states.
Some complainants asked that their email addresses be removed, but in one case, “nine marketing emails were sent to an individual’s work email address after he had sent an email request
to Guerin Media Limited to remove his email address from its mailing list,” the report states.