LinkedIn used 18 million non-user email addresses for Facebook ads
The Irish Data Protection Commissioner has reprimanded LinkedIn US for processing 18 million non-users’ email addresses in violation of privacy rules, in order to reach them through Facebook ads.
LinkedIn US processed Europeans’ email addresses outside of LinkedIn Ireland in 2017, as would be required under the GDPR. The Irish Data Protection Commissioner was investigating the case following a complaint from a person who did not use LinkedIn but was advertised on Facebook to create an account on Microsoft’s corporate social network.
The eighteen million email addresses were hashed, but it is not known how LinkedIn got the addresses. The company has ceased processing following the complaint and LinkedIn Ireland has instructed its parent company to destroy the relevant personal data prior to May 25 this year, the date when the GDPR came into effect. Due to LinkedIn’s cooperation, the Data Protection Commissioner has not imposed a fine or other sanction.