Many of you would be familiar with some absurd things about LinkedIn. The site is famous for suggesting uncanny connections. As if it knows all that it should not know about you!
This time, it’s the 18 million email addresses that have made to the spotlight for some serious data breach case.
The issue was raised in a recent report by Ireland’s Data Protection Commissioner.
Data Protection Commissioner is a national independent authority with responsibility for upholding the EU fundamental right of the individual to have their personal data protected. The authority carries out several investigations to make sure that data used by Facebook, Whatsapp, Yahoo, and other media networks comply with the rules and regulations. This time one of the investigations, prompted by a user’s complaint in 2017, highlighted that LinkedIn is using around 18 million email addresses to target advertisements for people who are not yet a part of the social media platform.
Part 1 of the Investigation:
According to one part of the investigation, the company is using email addresses in hashed form to target advertisements using Facebook. All this process was carried out without seeking permission of the Data Controller (LinkedIn Ireland), which was a legal obligation. However, this complaint was immediately resolved as LinkedIn implemented some immediate actions. This ceased the use of user’s data for purposes that were a core reason behind the registered complaints.
Part 2 Of the Investigation:
However, the story didn’t end here. As the first part of the investigation laid many other suspicions which required a complete investigation of the social media network, the investigations were further carried to ensure that the LinkedIn follows appropriate systematic and organizational measures when it comes to non-user data.
According to the report:
“The audit identified that LinkedIn Corp was undertaking the pre-computation of a suggested professional network for non-LinkedIn members. As a result of the findings of our audit, LinkedIn Corp was instructed by LinkedIn Ireland, as data controller of EU user data, to cease pre-compute processing and to delete all personal data associated with such processing prior to 25 May 2018.”
When asked about all the issue, LinkedIn’s Head of Privacy, EMEA, Denis Kelleher told TechCrunch:
“We appreciate the DPC’s 2017 investigation of a complaint about an advertising campaign and fully cooperated. Unfortunately, the strong processes and procedures we have in place were not followed and for that we are sorry. We’ve taken appropriate action, and have improved the way we work to ensure that this will not happen again. During the audit, we also identified one further area where we could improve data privacy for non-members and we have voluntarily changed our practices as a result.”
After going through the DCP’s report, the thing that still bugs us is that from where did LinkedIn obtain these 18 million addresses?
We wish to hear more on the investigation and hope that you too. Stay tuned!