LinkedIn has violated some of the data protection rules by hacking around 18 million email ids and targeting them on Facebook for advertising. Data Protection Commission (DPC) in Ireland revealed this and after an investigation and published its findings in a report. Further, the investigation revealed that these 18 million Facebook users were not the members of LinkedIn. Additionally, DPC observed and made a note of all the activities during the first semi-annual period of 2018. LinkedIn U.S didn’t have permission from data controller of LinkedIn Ireland to process this hashed data, says the report. A complaint to DPC was raised by a non-LinkedIn user with respect to the use of personal data.
In Another Audit DPC Ordered to Cease the Use of Personal Data
DPC further reported that the issue was resolved affirmatively as LinkedIn had immediately stopped the use of personal data for Facebook ads. However, DPC performed a second audit to check LinkedIn’s organizational measures and technical security. This second audit was important as DPC was concerned about wider systemic issues. They found that this site was implementing its social graph-building algorithms to establish networks. Furthermore, DPC described that LinkedIn was trying to suggest professional connections for their users. LinkedIn Ireland had ordered LinkedIn Corporation to cease and delete all personal data linked with such processing before May 25, 2018. On May 25 of this year, General Data Protection Regulation (GDPR) came into force.
LinkedIn did not get fined on this complaint because since the GDPR didn’t come into effect by then. The report revealed that we don’t know for sure how LinkedIn could manage to get those 18 million email ids.