While Microsoft has so far escaped the intense scrutiny of Facebook, they do in fact have their own social network, with access to their data, and through their contact books also the data of millions of non-users.
Now the Irish Data Protection Commissioner has found LinkedIn guilty of violating the privacy of these non-users by processing their data without their consent.
Following a complaint, they found LinkedIn USA had processed hashed email addresses of approximately 18 million non-LinkedIn members and targeted these individuals on the Facebook Platform with the absence of instruction from LinkedIn Ireland, as is required pursuant to Section 2C(3)(a) of the Acts. Microsoft was targeting these users on Facebook to encourage them to sign up to their service.
LinkedIn’s data management practices were examined and the company was instructed to stop processing data of non-members.
The Irish Data Protection Commissioner said the issue was “amicably resolved” and in a statement LinkedIn’s Head of Privacy, EMEA, Denis Kelleher, said:
“We appreciate the DPC’s 2017 investigation of a complaint about an advertising campaign and fully cooperated. Unfortunately, the strong processes and procedures we have in place were not followed and for that we are sorry. We’ve taken appropriate action, and have improved the way we work to ensure that this will not happen again. During the audit, we also identified one further area where we could improve data privacy for non-members and we have voluntarily changed our practices as a result.”