'Consent' LinkedIn used for data processing was not freely given, says Ireland When LinkedIn asked its European users for their personal data, it did not receive "informed" nor "freely given" consent for the business to ship it off to third parties for generating targeted advertising, a Euro data watchdog has said. Ireland's Data Protection Commission (DPC), which is responsible for regulating Linkedin's …
"we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the DPC's deadline."
If you were in compliance why are you having to do this work?
There really ought to be extra penalties for businesses which pay a fine and then come out denying they did anything wrong. Let's start at 200% of the original fine and double again for each repeated offence.
Even better:
"This is lower than the $425 million Microsoft set aside last year in case LinkedIn data drama hit.
Microsoft told us at the time that it denies it broke any GDPR rules and said it "intends to defend itself vigorously in this matter."
The *expected* to be fined and set aside the money to pay the fine and are noe denying they broke the rules at all.
I've never understood this. Outfits shouldn't just be fined, but should be made to track down all data sold, reimburse anyone who bought it and make them delete it. And they should have a timeline - 90 days, let's say - during which to do this. After that they need to present evidence they've done it, and if they haven't, they get an EU wide ban on the site until they're in compliance.
But of course that would require more legislation, so you can expect people like Microsoft to spend a good few million trying to make sure it never happens.
Lawyers: To do everything by the book it's going to cost £X to license all this data acquisition and get regulatory permissions...
MS: Fuck it, we'll just grab it anyway and ask for forgiveness later...
Lawyers: That sounds like a bad idea and could end up with thousands of hours of litiga.... err, yes that sounds like a great plan.
The problem is that this only addresses the outcome - even when sites like LinkedIn do legitimately ask for user consent what choice does the user have (realistically)?
When you are the only (or at least a major player) game in town and failure to consent results in no service, what choice do you have? The rules need to be expanded to specify that the base level of service must be provided even when the end user does not consent to whatever it is they are being coerced^H^H^H^H^H^H^H^H asked to consent to.
Invert the "if you don't like our terms and conditions don't use the service" to "if you don't want to provide a service without screwing the user then don't provide the service at all".
Disclosure: haven't used LI for years and now don't need to.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
