In spite of GDPR, LinkedIn collected millions of e-mail addresses

Get a free Techzine subscription!

LinkedIn appears to have violated the General Data Protection Regulation (GDPR). European privacy legislation regulates the way in which organisations are allowed to deal with the data relating to their users. But LinkedIn doesn’t seem to have fully gone along with that.

Last Friday, a report by the Irish Data Protection Commissioner was published. This report covers all activities of the DPC in the first six months of this calendar year. In a list of surveys, the DPC mentions data leaks at Facebook, WhatsApp and Yahoo. But there was also a study carried out on LinkedIn.

Millions of email addresses

That investigation resulted from a complaint lodged by a user in 2017. Like any other social network, LinkedIn tries to attract more users. The company did this by using e-mail addresses in a non-transparent manner. This involved the use of 18 million e-mail addresses. In the meantime LinkedIn has stopped using email addresses in the wrong way.

The DPC reports that LinkedIn in the United States had first obtained the e-mail addresses of 18 million people who were not yet members of the social network. These mail addresses were then used on Facebook to advertise there and to try to persuade as many people as possible to switch.

Complaint is solved

The complaint was eventually well resolved, the DPC states in its report. LinkedIn carried out a number of actions in which the processing of user data in the way the complaint was about was stopped. During the investigation by the DPC, it also appeared that LinkedIn uses its social graph algorithms for networking.

The idea was to build networks of appropriate professional connections in this way. This made it easier for users to overcome the hurdle of joining the site. It can sometimes be difficult to find new members if they have to look for a network from scratch.

LinkedIn has also stopped doing that. In consultation with the DPC, LinkedIn has stopped doing so and has removed all personal data that are related to it and that date from before May 25, 2018. In a reaction LinkedIn states that it fully cooperated with the investigation of the DPC and that it has taken appropriate measures to prevent a recurrence.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.