LinkedIn altered uncanny processes that collected non-user data for targeted ads

linkedin instructed by ireland dpc

LinkedIn, the social networking platform for the working world was pinned down for using email addresses of around 18 million non-LinkedIn users for targeted advertising. The complaint against LinkedIn was highlighted by the Ireland Data Protection Commission in a report it submitted Friday. The report summarized the regulator’s activities in the first six months of its operation in 2018.

A non-Linked user filed a complaint with Ireland’s regulator, in 2017, telling that their email address was obtained and used by LinkedIn for targeted advertising purposes. An audit conducted by the DPC, following the complaint, revealed that the company processed personal data of non-registered users in order to target them with ads on Facebook.

As per the investigation, LinkedIn Corp in the U.S – which processes data on behalf of the company’s office in Ireland – processed the email addresses and uploaded to Facebook in hashed or coded format. This allowed Facebook to deliver ads to LinkedIn’s intended targets, and it did so “with the absence of instruction from the data controller” — that is, LinkedIn Ireland — “as is required,” the report read.

“The complaint was ultimately amicably resolved,” the DPC said, “with LinkedIn implementing a number of immediate actions to cease the processing of user data for the purposes that gave rise to the complaint.”

A further investigation by DPC also revealed that the company was using its social-graph building algorithms to build networks of users – like suggestions. LinkedIn, however, apologized and brought changes voluntarily well before May 25th, 2018 – the day from which GDPR was applicable.