#DataPrivacy: LinkedIn was using 18 million email IDs without authorization
Joining the ranks of Facebook and Google, Microsoft-owned LinkedIn has now been caught indulging in inappropriate data practices. In a report published on Friday, Ireland's Data Protection Commissioner (DPC) revealed that LinkedIn had been using 18 million people's email addresses without authorization, in a non-transparent way. While LinkedIn has now stopped the practice, it again raises questions about users' data privacy. Here's more.
The investigation spanned first six months of LinkedIn's 2018 activity
LinkedIn's malpractices came to light during an investigation by the DPC over the implementation of the European Union's General Data Protection Regulations (GDPR). The DPC investigated LinkedIn's data practices for the first six months of 2018, based on a complaint filed by a user in 2017, who raised questions about LinkedIn's practices regarding people who were not part of its network.
18 million email IDs were used for targeted advertisements
First, the DPC report found that LinkedIn had somehow obtained email address of around 18 million people in the US who were not part of its network, and was using these addresses in a coded form for targeted advertisements on Facebook. This use was not authorized, as is required, from the "data controller", which, in this case, was LinkedIn Ireland.
LinkedIn was also engaging in something called "pre-computation"
The DPC report further revealed that LinkedIn was using its social graph-building algorithms to provide professional network suggestions for users on its platform. The idea behind this was to help users find networks of professionals based on similar occupations. The DPC said that building suggestions or "pre-computation" was also being done for non-LinkedIn users, so that they could be provided suggestions on signing up.
LinkedIn has stopped the practices with immediate effect
The DPC subsequently communicated the findings of its investigations to LinkedIn, which promptly took action to put a stop on the practices. "The complaint was ultimately amicably resolved, with LinkedIn implementing a number of immediate actions to cease the processing of user data," said DPC. LinkedIn, however, was not fined as regulators do not have the power to impose fines till the GDPR comes into force in May.
Internet companies are pushing the limits of permissible behavior
While LinkedIn's response following the audit seems to indicate that the company is working in good faith, LinkedIn's practices, coupled with those by Facebook, Google, and the like seem to indicate that internet companies are willing to push the boundaries of what is considered permissible behavior when it comes to users' data. That said, mending ways after being called out can hardly be deemed acceptable.