LinkedIn faces EU scrutiny over mandatory changes on targeted ads
"LinkedIn should rely on consent for all personalised ads not only a part of it," Felix Mikolasch told Euractiv.
Following a €310 million fine in October, LinkedIn is under fresh scrutiny in Europe after it notified all EU users on Wednesday (11 December) of upcoming changes to its legal basis for data processing.
“By 22 January 2025, we will no longer use […] age range, gender, your interests and traits [for targeted advertising without your consent],” read a LinkedIn explanatory webpage published at the end of November.
The changes are meant to comply with a judgement issued by the Irish Data Protection Commission (DPC) in October, in which LinkedIn was fined €310 million after a complaint initially lodged by the French data protection authority (CNIL) in May 2018.
The DPC found that LinkedIn processed data for targeted advertising purposes, breaching the EU’s privacy law, the General Data Protection Regulation (GDPR). The compliance deadline expires on 24 January 2025 – two days after LinkedIn’s planned policy update.
About time
“It seems that LinkedIn is now following up with the requirements the Court of Justice of the EU already set out for Facebook in July 2023,” data protection lawyer at the European Center for Digital Rights (Noyb) Felix Mikolasch told Euractiv.
A LinkedIn spokesperson, however, told Euractiv that the company believes it has been in compliance all along. Still, LinkedIn is making changes.
But Mikolasch believes these changes only achieve partial compliance and that “LinkedIn should rely on consent for all personalised ads, not only a part of it.” Indeed, LinkedIn’s website states that the company will not ask for users’ consent to use data they “choose to put on [their] profile” for personalised ads.
“Authorities need to check if LinkedIn’s approach complies with the GDPR,” the head of digital policy at the European Consumer Organisation (BEUC), Maryant Fernández Pérez, told Euractiv. She believes consumers should be able to decide what data LinkedIn can use for ads.
In the meantime, the DPC is engaging with Linkedin to support its enforcement of the GDPR, a DPC spokesperson told Euractiv. “[The DPC] will assess whether the recently-announced changes […] are sufficient for these purposes,” they added.
LinkedIn is not expected to adopt a ‘pay-or-okay’ system like Meta’s, which has faced significant criticism and lawsuits from organisations such as BEUC and Noyb since its introduction on Facebook and Instagram last year.
Meta’s ‘pay-or-okay’ lets users choose between consenting to data used for personalised ads or paying to avoid them.
[Edited by Martina Monti]
