LinkedIn found 18 million email addresses of people who weren't members of its network, and used those addresses to target those people with ads through Facebook. For that reason, it was called out by Ireland's Data Protection Commission (DCP) in a report, and has since ceased the practice.
This was all confirmed by the DCP, which also said the situation was “amicably resolved”. Originally, someone had complained to the DCP about LinkedIn’s email and advertising practices.
Even though Microsoft-owned social network for the working world stopped, the DCP was “concerned with the wider systemic issues identified” and took a second stab at LinkedIn to see if it had fitting “technical security and organisational measures.”
The result of the second audit was that LinkedIn was “undertaking the pre-computation of a suggested professional network for non-LinkedIn members.” The order has been given – LinkedIn is to stop and delete all associated data existing before May 2018.
“We appreciate the DPC’s 2017 investigation of a complaint about an advertising campaign and fully cooperated,” Denis Kelleher, Head of Privacy, EMEA, for LinkedIn, told TechCrunch.
“Unfortunately the strong processes and procedures we have in place were not followed and for that we are sorry. We’ve taken appropriate action, and have improved the way we work to ensure that this will not happen again. During the audit, we also identified one further area where we could improve data privacy for non-members and we have voluntarily changed our practices as a result.”
Where LinkedIn got the emails remains a mystery.
Image Credit: IB Photography / Shutterstock