This follows an investigation into the platform’s handling of personal data, specifically concerning its methods for behavioural analysis and targeted advertising.

The inquiry, prompted by a complaint from the French Data Protection Authority, concluded that LinkedIn had failed to comply with provisions of the General Data Protection Regulation (GDPR). 

Notably, the DPC identified serious violations regarding the legality, fairness, and transparency of how LinkedIn processed user data.

Key findings revealed that LinkedIn did not secure valid consent from users for the utilisation of their personal data in targeted advertising, breaching Article 6(1)(a) of the GDPR. 

The consent that was acquired was deemed neither freely given nor sufficiently informed, infringing on the fundamental rights of the platform’s users. Furthermore, the DPC also noted that LinkedIn misrepresented its use of user data under the guise of legitimate interests, as outlined in Article 6(1)(f) of the GDPR.

In this case, the company’s interests were found to be overridden by the rights of its users, thereby rendering the processing unlawful.

In its assessment, the DPC also determined that LinkedIn wrongly relied on Article 6(1)(b) of the GDPR, which pertains to contractual necessity, to justify its data processing for behavioural analysis—asserting this was not essential for fulfilling user agreements. 

Added to these, LinkedIn failed to provide users with clear information regarding the legal bases upon which it relied for processing their data, violating Articles 13(1)(c) and 14(1)(c) of the GDPR.

Graham Doyle, deputy commissioner of the DPC, stressed the importance of lawful data processing in protecting user rights. He stated, “The lawfulness of processing is a fundamental aspect of data protection law, and processing personal data without an appropriate legal basis is a clear and serious violation of a data subject’s fundamental right to data protection.”

In light of the ruling, LinkedIn has been directed to reform its data processing methods to align with GDPR requirements. 

NOYB accuses Mozilla of breaching the European Union’s General Data Protection Regulation (GDPR) by enabling this feature by default, without obtaining user consent.

The feature, called Privacy-Preserving Attribution (PPA), is designed to allow advertisers to measure the success of their ads without gathering identifiable personal data. 

However, NOYB argues that it still involves tracking user behaviour across websites, which they claim is a violation of users’ privacy rights under GDPR. The complaint has been lodged with the Austrian Data Protection Authority.

Mozilla, often recognised for its standpoint on privacy, is now facing accusations for this update, as users were not explicitly informed or given the option to opt-in to the new tracking mechanism. 

Instead, PPA was turned on automatically following a software update. According to NOYB, this move undermines user autonomy and transparency, which are key pillars of GDPR compliance.

Commenting on the matter, Felix Mikolasch, a data protection lawyer at NOYB, criticised Mozilla’s approach, stating, “Users should have the right to choose whether they want to be tracked, and this feature should never have been enabled by default.”

Mozilla responded by defending the introduction of PPA, asserting that the feature was part of a goal to reduce more invasive forms of tracking that rely on cookies. 

The company emphasised that PPA is a more privacy-friendly solution that avoids identifying individual users, instead relying on aggregated data to provide advertisers with insight. Mozilla also clarified that users can manually disable the feature through the browser settings.

NOYB’s request includes a demand that Mozilla switch to an opt-in system and delete any data collected thus far through the PPA feature. 

Should the complaint succeed, Mozilla could face some penalties under GDPR, which allow fines of up to 4% of global revenue.

Meta recently notified users in the UK and Europe that, starting June 26, publicly shared information could be used to “develop and improve” its AI products. This includes posts, images, captions, comments, and Stories, but excludes private messages.

The European advocacy group NOYB (None of Your Business) has criticized Meta’s move, filing complaints with data protection authorities in 11 countries, including Austria, Belgium, France, and Germany. 

NOYB says that Meta’s use of years’ worth of user content constitutes an “abuse of personal data for AI.” The group has urged regulators to intervene and halt Meta’s plans, emphasizing that the changes contravene the EU’s General Data Protection Regulation (GDPR).

Meta, however, maintains that its approach complies with privacy laws and is similar to practices adopted by other major tech firms. The company insists that its use of public user data is essential for training AI systems to reflect the diverse cultures and languages of European communities. 

In a blog post from May 22, Meta stated that such data would enhance the rollout of its generative AI features, which include chatbots and image generators.

Individuals, including NOYB founder Max Schrems, argue that Meta should seek explicit user consent rather than relying on a complex opt-out process. 

Users who wish to object must utilize a form explaining how the data processing affects them, a process Schrems describes as “highly awkward” and potentially dissuasive. 

Schrems has also pointed out that the European Court of Justice has previously ruled against similar uses of user data by Meta for advertising purposes, questioning the legitimacy of the company’s current approach.

Meta’s policy shift has drawn attention to issues of data privacy and the ethical use of personal information in AI development. The Irish Data Protection Commission, which oversees Meta’s compliance with EU laws, has acknowledged receiving complaints from NOYB and is investigating the matter.

The complaints centre on concerns about transparency and the processing of children’s data on the Microsoft platform, potentially violating the European Union’s General Data Protection Regulation (GDPR).

The first complaint alleges a lack of transparency around data processing. noyb asserts that Microsoft’s contracts with schools attempt to shift responsibility for GDPR compliance onto them. 

Schools, however, lack the capacity to monitor or enforce Microsoft’s data practices, creating a situation where children’s data may be processed in ways that don’t comply with GDPR.

noyb further criticizes Microsoft for providing “consistently vague” information regarding data collection practices within Microsoft 365 Education. This lack of transparency makes it difficult, if not impossible, for parents and children to understand how their data is being used.

The second complaint highlights the use of tracking cookies within Microsoft 365 Education software. These cookies reportedly collect user browsing data and analyze user behaviour, potentially for advertising purposes. 

noyb says such tracking practices occur without the consent of users or the knowledge of the schools themselves, and there appears to be no legal justification for it under GDPR.

The GDPR mandates strong protections for children’s data, emphasizing transparency and accountability. Violations can result in significant fines, potentially reaching up to 4% of a company’s global annual turnover, which could translate to billions of dollars for Microsoft.

noyb has requested that the Austrian DPA investigate the complaints and determine the extent of data processing by Microsoft 365 Education. The company has also urged the authority to impose fines if GDPR violations are confirmed.

Microsoft has yet to respond to the complaints. While the company has a European headquarters in Ireland, noyb emphasizes the “locally relevant” nature of the complaints due to its focus on Austrian schools and children. This could lead to a faster investigation and potential enforcement action by the Austrian DPA.

The GDPR has resulted in hefty penalties for violations involving children’s data in the past, with major social media platforms like Meta and TikTok facing fines. 

Microsoft’s cloud services have also faced investigation in Europe, with the European Data Protection Supervisor raising issues about the EU’s own use of Microsoft 365. These latest complaints add to the ongoing legal complexities surrounding Microsoft’s cloud products in the European Union.