LinkedIn Privacy News

A class action lawsuit was filed against LinkedIn alleging the platform disclosed users' private messages to third parties for AI model training without consent. The suit claimed LinkedIn shared private InMail conversations with AI companies to train large language models, violating user expectations of privacy. The case was later dropped by the plaintiff.

The Irish Data Protection Commission fined LinkedIn Ireland 310 million euros for GDPR violations related to behavioral analysis and targeted advertising. The DPC found LinkedIn lacked valid consent for third-party data use, that legitimate interests claims were outweighed by user rights, and that the platform failed to provide transparent information about its data processing.

LinkedIn was found to have used user data for AI model training before updating its terms of service to disclose this practice. Users in the U.S. were auto-opted in to data sharing for generative AI training, while EU, EEA, and Swiss users were excluded due to data protection regulations. The UK's ICO intervened, causing LinkedIn to pause AI training in the UK.

Multiple class action lawsuits were filed against LinkedIn under the California Invasion of Privacy Act, alleging that LinkedIn's Insight Tag tracking pixel improperly collected sensitive user data from healthcare websites. Plaintiffs alleged the tracker captured information about gender, sexual orientation, and health conditions from fertility clinics, therapy platforms, and urgent care sites.

The hiQ Labs v. LinkedIn case concluded with a stipulated judgment. hiQ agreed to pay $500,000 and cease all data scraping on LinkedIn, destroy all scraped data and derived algorithms. LinkedIn secured a permanent injunction prohibiting hiQ's scraping activities and use of fake accounts.

The Ninth Circuit reaffirmed its ruling in hiQ Labs v. LinkedIn, holding that scraping publicly available data does not violate the Computer Fraud and Abuse Act. The decision established important precedent for the legality of web scraping of public data, though the case later settled with a $500,000 judgment against hiQ.

A second, larger data scraping incident exposed records of approximately 700 million LinkedIn users -- roughly 92% of the platform's user base. A hacker known as 'GOD User TomLiner' posted the dataset for sale on RaidForums. Exposed data included names, gender, email addresses, phone numbers, and employment information.

The U.S. Supreme Court vacated the Ninth Circuit's ruling in hiQ Labs v. LinkedIn, a landmark data scraping case, and remanded it for reconsideration in light of the Van Buren v. United States decision. The case questioned whether scraping publicly available data violates the Computer Fraud and Abuse Act.

Data scraped from approximately 500 million LinkedIn user profiles was posted for sale on a hacker forum, with 2 million records leaked as proof. The exposed data included full names, email addresses, phone numbers, and job titles. LinkedIn stated it was not a data breach but a scraping of publicly available data.