The Irish Data Protection Commission released this information through a report, part of an investigation on LinkedIn.
Of all existing social networks, LinkedIn may not look so attractive. It is understandable because it is focused on the professional field; However, in its desire to attract more users, the platform would have incurred an unethical strategy since, according to a report, it violated the privacy of 18 million e-mail accounts, which were used to promote advertising. on Facebook.
As reported by TechCrunch, the Data Protection Commission of Ireland (DPC) filed a report last Friday, accusing LinkedIn of failing to comply with the General Data Protection Regulation (GDPR) in an offer to add more users to the its base, which is about 600 million.
The DPC's investigation of LinkedIn goes back to 2017, from the complaint of a user who questioned the practices of the site to attract new users to its ranks. In fact, the social network admitted that effectively its offices in the United States obtained the 18 million non-member email addresses in a way that was not transparent to show them advertising through Facebook
"The complaint was resolved amicably, with LinkedIn implementing a series of immediate actions to stop the processing of user data for the purposes that gave rise to the complaint," DPC told TechCrunch.
The investigations did not stop there, as the DPC decided to conduct a deeper audit, in which they discovered LinkedIn was developing suggested networks of professional connections that would help users overcome the hurdle of having to build them from scratch, a major problem for people on social networks. Obviously, this involved using members' private data.
Denis Kelleher, the company's Privacy Leader in Europe, the Middle East and Africa (EMEA), said that the company he represents regrets these actions, and that they have cooperated closely with the DPC during the resolution of the complaint .
"We've taken the right steps and improved the way we work to make sure this does not happen again.During the audit we also identified an additional area where we could improve the privacy of data for non-members and as a result we voluntarily changed our practices, "noted Kelleher.
Because this case occurred prior to the implementation of GDPR, DPC instructed LinkedIn, through its subsidiary in Ireland, to suspend processing data before the process and eliminating them together associated with said processing before May 25, 2018, date on which the GDPR came into force.