LinkedIn - the professional networking website owned by Microsoft
The answer to this question may be contained in a report published by Ireland's Data Protection Commissioner. According to the report, LinkedIn illicitly obtained and employed the use of 18 million non-user emails to buy targeted advertisements on Facebook
LinkedIn immediately acknowledged its actions, seeing as it violated an important tenet of the GDPR, a regulatory mechanism put in place in Europe that requires tech companies to reveal how personal data is being used.
"The complaint was ultimately amicably resolved, with LinkedIn implementing a number of immediate actions to cease the processing of user data for the purposes that gave rise to the complaint," reads the report.
However, that's not all the report revealed. It also showed that LinkedIn manipulated consumer data in order to create algorithmically generated networks for users. This is why LinkedIn is able to suggest connections with such accuracy and precision, a product of its tendency to engage in what the DPC calls "pre-computation."
There is still another pressing issue: it's not clear how LinkedIn obtained the 18 million emails in the first place. The discrepancy unveils a deep-seated and insidious issue that plagues the tech world, relating to the manipulation of user data and possible violations of personal spheres.
Denis Kelleher, Head of Privacy for LinkedIn, responded to the allegations with the following statement: "We appreciate the DPC's 2017 investigation of a complaint about an advertising campaign and fully cooperated. Unfortunately, the strong processes and procedures we have in place were not followed and for that we are sorry. We've taken appropriate action, and have improved the way we work to ensure that this will not happen again. During the audit, we also identified one further area where we could improve data privacy for non-members and we have voluntarily changed our practices as a result."
LinkedIn is not incurring any fiscal penalties for this transgression, because the GDPR was only implemented at the end of May and had no power to impose fines on any corporate entity.
The report states: "As a result of the findings of our audit, LinkedIn Corp was instructed by LinkedIn Ireland, as data controller of EU user data, to cease pre-compute processing and to delete all personal data associated with such processing prior to 25 May 2018."
It is worth tracking the "wider systemic issues" that were identified in the audit, including this type of manipulation of data by other tech companies that are also under the scanner. Such companies and apps include Facebook, Google