LinkedIn recently got caught by the Data Protection Commissioner for violated data protection, which involved 18 million non-members of LinkedIn.
Apparently LinkedIn in US has used 18 million email addresses of non-members in a hashed form for targeted advertisements on the Facebook platform, without the permission of the data controller which is LinkedIn Ireland. It is in violation with the GDPR (General Date Protection Regulation) and LinkedIn has since ceased the practice after Ireland’s DPC investigation.
However, that was only one of the two problems found by the DPC, as LinkedIn was also found to be practicing pre-computation processes that suggest professional networks for non-members of LinkedIn, which means LinkedIn has been generating a network or related users by using the personal data gained from the users without their permissions.
LinkedIn’s Head of Privacy then issued a statement admitting their wrongdoings and apologised. The company also said that they’ve taken the appropriate action which indicates the ceasing of their current practices to ensure that they’re not misusing users’ data. Meanwhile, the question of how LinkedIn manage to obtain the 18 million email addresses is still unanswered.