Microsoft-owned business and employment-focused social media platform LinkedIn has been ordered by the Irish Data Protection Commission to pay a $335 million penalty for processing user data for targeted advertising without the necessary permissions, which violates the European Union’s General Data Protection Regulation, reports The Record, a news site by cybersecurity firm Recorded Future.
Irish DPC noted that LinkedIn did not have any legal basis for obtaining information from users and third-party partners that had been given to its ad tracking business.
"The consent obtained by LinkedIn was not freely given, sufficiently informed or specific, or unambiguous," said the Irish DPC, which urged immediate practice changes for the platform.
LinkedIn denied any violations but committed to implementing the changes. "While we believe we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the IDPC's deadline," said LinkedIn.