The Irish Data Protection Commission (DPC) serves as the primary regulatory authority for personal data protection for most EU companies, mainly because major U.S. internet firms operate within the European Union.
On Thursday, the DPC announced it had imposed a fine of €310 million ($335 million) on Microsoft’s professional networking platform LinkedIn for its targeted advertising practices.
Graham Doyle, Deputy Commissioner of the DPC, remarked, “The lawfulness of processing is a fundamental aspect of data protection law, and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subject’s fundamental right to data protection.”
In response, LinkedIn stated, “While we believe we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the IDPC’s deadline.”
Microsoft had previously indicated that it expected Irish regulators to fine LinkedIn approximately $425 million last year.
Under GDPR, companies must obtain consent to use customer information and notify supervisory authorities within 72 hours if a rights violation occurs. Companies that fail to comply with these regulations face fines of 4% of their global revenue or €20 million (around $21.59 million), whichever is higher.
Most Commented