Ireland: Issued DPC ruling following investigation into LinkedIn’s data processing practices compliance with GDPR including EUR 310 million fine

On 24 October 2024, the Data Protection Commission (DPC) issued its decision following the investigation into LinkedIn imposing an EUR 310 million fine. The investigation was initiated in response to a complaint from the French non-profit organisation La Quadrature Du Net. The DPC found that LinkedIn failed to comply with several provisions of the General Data Protection Regulation (GDPR), notably concerning the legality, fairness, and transparency of its data processing activities. The DPC identified multiple infringements, stating that LinkedIn did not obtain valid consent for processing third-party data, nor did it sufficiently justify its reliance on legitimate interests or contractual necessity as legal bases for processing. The decision mandates LinkedIn to amend its data processing practices to align with GDPR requirements and includes a reprimand and an order for compliance.