The Irish Data Protection Commission has issued a brand new report according to which, LinkedIn, the social networking website for professionals, has used a combination of Facebook and e-mail addresses, to serve advertisements to millions of non-members. What’s even worse, is the fact that the owners of these e-mails were not using LinkedIn (at least not with these e-mails).
Apparently, the company process hashed these e-mails and then used them to target users with advertisements on Facebook. This, just in case you are wondering, is not only unethical, but is also illegal. As per the DPC, which conducted a thorough audit, LInkedIn process hashed as many as 18-million e-mail addresses and then used them to target its ads.
DPC’s actions were taken post a complaint lodged against LinkedIn’s practices. The regulatory body now says that the complaint has now been resolved, and LinkedIn has ceased its illegal actions.
The complaint was ultimately amicably resolved, with LinkedIn implementing a number of immediate actions to cease the processing of user data for the purposes that gave rise to the complaint.
Still concerned at the wider systematic issues that were identified within the platform, DPC went on to undertake a second audit to confirm whether the website had proper technical security and organizational measures.
Here again, it was found that the platform was undertaking the pre-computation of a suggested professional network for non-LinkedIn members. Taking strict action against this finding, DPC ordered LinkedIn to stop and delete associated data that existed prior to May 2018.
Speaking with TechCrunch, Denis Kelleher, Head of Privacy, EMEA for LinkedIn, said:
We appreciate the DPC’s 2017 investigation of a complaint about an advertising campaign and fully cooperated. Unfortunately the strong processes and procedures we have in place were not followed and for that we are sorry. We’ve taken appropriate action, and have improved the way we work to ensure that this will not happen again. During the audit, we also identified one further area where we could improve data privacy for non-members and we have voluntarily changed our practices as a result.