The investigation conducted by Ireland’s Data Protection Commission (DPC) asserted that LinkedIn had processed hacked email addresses of 18 million non-LinkedIn members approximately and targeted individuals holding those email addresses on Facebook without necessary permission, a new report has revealed.
According to the Verge report on Saturday, the investigation report recently published encapsulates the activities of the Microsoft-owned professional networking platform during the first half of 2018.
The Friday reports claim that Data Protection Commission (DPC) has expedited the audit LinkedIn Ireland Unlimited Company (LinkedIn) in respect to personal data mining following an investigation of a complaint filed against LinkedIn to the DPC by a non-LinkedIn user.
The complaint rotates around the issue of LinkedIn’s fetching and use of the claimant’s email address for the purpose of targeted advertising on the Facebook.
The investigation uncovered the fact that LinkedIn Corporation in the US is not entrusted with the required permission from the data controller – LinkedIn Ireland — to process hashed email addresses of 18 million non-LinkedIn members.
After the whistle being blown, LinkedIn implemented a fixed number of urgent actions with the motive of restraining the user data processing for the alleged purpose of target advertising on Facebook.
The investigating authority was on a mission to dissolve the identified systematic issues that are proved to be grave in the modern day scenario and therefore conducted a second audit to see if LinkedIn had adequate technical security and organisational measures.
DPC was surprised to find that the website is undertaking the pre-computation of a suggested professional network for non-LinkedIn members and ordered the management to halt the practice and delete connected data that existed before May 25 of this year, the day that marks the introduction of General Data Protection Regulation (GDPR).
According to a press release, Denis Kelleher, Head of Privacy, Europe, the Middle East and Africa, for LinkedIn, told TechCrunch that LinkedIn appreciates the DPC’s 2017 investigation of a complaint about an advertising campaign and therefore shown full co-operation in abolishing such practices.
He expressed his apology by saying that LinkedIn failed to abide by the stringent regulations and procedures in executing such an advertising campaign. The investigation has forced them to take appropriate measures and work in a better way by complying with the guidelines set by the regulatory authority. Breaching of user’s data is a heinous crime, and it must be ensured that such practices should be strictly called off.
However, LinkedIn was not subjected to a financial penalty during this process because, until the implementation of GDPR at the end of May, the regulator was void of authorisation to enforce fines.