LinkedIn hit with lawsuits over 'hidden' browser tracking
What's the story
LinkedIn is embroiled in a legal battle over its practice of scanning users' browsers to identify their extensions. Two class action lawsuits were filed earlier this week in the US District Court for the Northern District of California. The complaints were filed by different law firms representing different plaintiffs, with each seeking to represent a proposed class of all US-based LinkedIn users.
Legal basis
BrowserGate report forms basis of lawsuits
The lawsuits heavily rely on a recent BrowserGate report by Fairlinked, a German trade association and advocacy group for commercial LinkedIn users. The complaints claim that LinkedIn's practice of scanning browsers without adequate disclosure violates user privacy expectations. One lawsuit's named plaintiff, Nicholas Farrell, argued that "Plaintiff and Class members had an objectively reasonable expectation of privacy because, unlike other forms of tracking, Defendant does not disclose in its Privacy Policy or elsewhere that it tracks users' browser extensions."
Company stance
LinkedIn has not denied scanning browsers
LinkedIn, a Microsoft subsidiary, has not denied scanning browsers for extensions. However, it disputes whether it adequately discloses this practice and how it uses the information collected. The company says it scans for extensions that violate its terms by scraping user data without consent. LinkedIn's privacy policy does mention that the company uses cookies and similar technologies to collect information about each user's web browser and add-ons.
Data scrutiny
Scanning alleged to include processing sensitive data
The BrowserGate report and the lawsuits allege that LinkedIn's privacy policy disclosure isn't extensive enough. They claim that LinkedIn scans for 6,222 extensions, including those related to an Islamic content filter, an anti-Zionist political tagger, and a tool designed for neurodivergent users. Fairlinked argues this constitutes processing data revealing religious beliefs, political opinions or health conditions without explicit consent under EU law.
Data sharing
Allegations of data transmission to 3rd-party companies
Fairlinked's report also alleges that LinkedIn transmits collected data to third-party companies, including an American-Israeli cybersecurity firm. The evidence includes a hidden iframe from Human Security, which provides bot detection and blocking technology. Although Fairlinked mentions LinkedIn's use of a device fingerprinting script associated with its own URL rather than a third-party site.
Company defense
LinkedIn refutes BrowserGate allegations
In response to the BrowserGate allegations, LinkedIn said, "The claims made on the [BrowserGate] website linked here are plain wrong. The person behind them is subject to an account restriction for scraping and other violations of LinkedIn's Terms of Service." The company added that it does scan for browser extensions in its Privacy Policy, but to detect abuse and ensure site stability.