It is another large technology company facing justice in the European Union. This time it’s LinkedIn, which is about to pay a million-dollar fine for violating the General Data Protection Regulation.
LinkedIn in EU target
O LinkedIn faces a 310 million euro fine in the European Unionafter the Irish Data Protection Commission (DPC) determined that the platform improperly conducted behavioral analysis of its members' personal data for targeted advertising.
This decision maintains that LinkedIn violated the General Data Protection Regulation (GDPR) by not obtaining due consent, demonstrating legitimate interest or showing a contractual need to process the data you have collected.
The DPC also reprimanded LinkedIn and issued an order for the company to collect all data in accordance with the legislation.
The lawfulness of processing is a fundamental aspect of data protection law, and processing personal data without an appropriate legal basis is a clear and serious violation of data subjects' fundamental right to protect it.
Said Graham Doyle, Deputy Commissioner of the DPC.
The decision comes from a complaint filed by French non-profit organization La Quadrature Du Netand from initial research that examined whether LinkedIn processed its users' personal data lawfully, fairly and transparently.
The issue was initially raised with the French Data Protection Authority and subsequently transferred to the DPC, as LinkedIn's European headquarters are in Ireland.
In response to the decision, a LinkedIn spokesperson said that:
The Irish Data Protection Commission (IDPC) has reached a final decision on 2018 complaints relating to some of our digital advertising efforts in the EU.
While we believe we are compliant with the General Data Protection Regulation (GDPR), we are working to ensure that our advertising practices comply with this ruling by the IDPC deadline.
Privacy and the GDPR
The General Data Protection Regulation (GDPR) came into force on May 25, 2018, with the main objective of strengthening the protection of personal data of European citizens and harmonizing privacy laws across the EU.
O GDPR applies to all organizations, public or private, that process personal data of individuals within the EU, regardless of where the organization is based. This legislation defines "personal data" as any information that can directly or indirectly identify a person, such as name, email address, telephone number, or biometric data.
Among the main provisions of the GDPR, the principle of explicit consent stands out, which requires organizations to obtain clear and informed authorization from users before collecting or processing their data.
Furthermore, the regulation gives individuals enhanced rights over their data, such as the right to access, correct, delete or transfer their data to another entity.
Another fundamental aspect is the obligation of companies to ensure that personal data is treated securely, through appropriate technical and organizational measures. In the event of a data breach, organizations are required to notify the appropriate data protection authority and, in certain cases, the affected individuals themselves.
Sanctions for non-compliance with the GDPR can be severe, with fines that can reach up to R$20 million or 4% of annual revenue overall value of the company, depending on the highest value.
Source: pplware.sapo.pt
