Today, LinkedIn has deprecated the targeting of adverts based on the personal sensitive data of users on its platform.
In a major win for civil society, LinkedIn will no longer allow advertisers globally to target users in the European Economic Area (EEA) with adverts based on LinkedIn group names, which can contain or reveal sensitive categories of personal data such as sexuality, political opinions, or race.
The move by LinkedIn addresses the concerns complainants raised that this kind of targeting infringes the DSA’s new prohibition of targeting online adverts based on profiling using such sensitive categories of personal data. Unfortunately, the new restrictions will only apply to adverts that are targeted at people in the EEA. People in other parts of the world will continue to be subjected to this invasive form of profiling and targeting.
“The changes introduced by LinkedIn are a win for privacy and will better protect people from targeted discrimination based on their sensitive characteristics. This case demonstrates that the DSA can work when the European Commission deals with the evidence provided by civil society as quickly and effectively as they did here. We look forward to seeing more of that.” Jan Penfrat (EDRi)
“We are pleased to see that LinkedIn has stopped targeting users based on sensitive personal data to comply with the Digital Services Act. While tech companies should comply with the DSA proactively, this win underlines the crucial role civil society plays in holding tech companies to account and enforcing European law.” Svea Windwehr (GFF)
“Campaigners fought hard for the European Commission to bring in protections against the worst forms of surveillance advertising in the Digital Services Act and it’s very welcome to see it having impact already. Forced by Europe to act, LinkedIn must now widen this policy to users everywhere and ensure it’s not just those in Europe who are protected from invasive ad targeting.” Nienke Palstra (Global Witness)
However, advertisers on LinkedIn will continue to be able to target users based on other categories of personal data, as the scope of the DSA’s ad targeting prohibition is limited to sensitive categories of personal data as defined by Article 9 GDPR.
While the DSA has been effectively enforced in this instance, this example underlines that the law leaves plenty of room for online platforms to target users with online ads using intrusive profiling and that additional legislation is needed to fill the regulatory gaps around commercial surveillance.
