LinkedIn is facing renewed regulatory scrutiny in Europe over how it handles user data, particularly the visibility of profile visitors and compliance with access rights under General Data Protection Regulation. The issue centers on LinkedIn’s practice of tracking profile visits while restricting access to this data behind its Premium subscription model.
LinkedIn allows users to see who has viewed their profiles over the past 365 days, but only if they subscribe to its paid Premium service. This feature has become a key monetization tool, incentivizing users to upgrade for deeper insights. However, privacy advocates argue that such data constitutes personal information and should be made freely available upon request under Article 15 of GDPR, which guarantees users the right to access their personal data.
The complaint, filed in Germany by noyb, challenges LinkedIn’s refusal to provide this information through a standard access request. According to the filing, LinkedIn declined to disclose profile visitor data when requested under GDPR, citing concerns about the privacy rights of other users. This position has raised questions about consistency, as the same data is made accessible through a paid subscription.
At the heart of the dispute is whether LinkedIn can justify restricting access to data that it is otherwise willing to sell. Legal experts argue that if users are informed that their profile visits may be visible, and LinkedIn processes this data for commercial purposes, it should also be disclosed free of charge when requested. The case highlights a broader tension between data monetization strategies and regulatory obligations in the digital economy.
Martin Baumann criticized LinkedIn’s stance, stating that companies often emphasize privacy concerns selectively. He noted that while organizations are quick to commercialize user data, they may invoke data protection arguments to deny users their legal rights. This dual approach, he argues, undermines the intent of GDPR, which is designed to empower users with transparency and control over their data.
Another critical aspect of the complaint is LinkedIn’s tracking mechanism itself. While the platform records profile visits and uses this data for personalization and advertising, it reportedly does not require explicit opt-in consent from users. Instead, users must opt out if they do not wish to be tracked. This approach raises additional compliance concerns under GDPR, which typically mandates clear and affirmative consent for processing personal data.
The case also reflects a wider industry pattern, where companies embed data-driven features within premium offerings while limiting free access to the same information. Regulators across Europe have increasingly scrutinized such practices, especially when they conflict with fundamental user rights.
noyb has filed the complaint with the Austrian Data Protection Authority, seeking enforcement action and potential fines against LinkedIn. The organization argues that allowing companies to charge for access to personal data could set a dangerous precedent, effectively turning fundamental privacy rights into revenue streams.
BABURAJAN KIZHAKEDATH