Microsoft Sets Aside $425M For Anticipated GDPR Fine – Source: www.govinfosecurity.com

General Data Protection Regulation (GDPR)
,
Standards, Regulations & Compliance

Targeted Advertising on LinkedIn May Violate Europeans’ Privacy

David Perera (@daveperera) •
June 3, 2023    

Microsoft is warning investors it may receive a fine from European privacy regulators adding up to at least hundreds of millions of dollars over targeted advertising on its LinkedIn social network.

See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm

The computing giant bought LinkedIn in 2016 for $26 billion, two years before the European Union’s General Data Protection Regulation went into effect. European data protection authorities have shown increased willingness to use the GDPR to limit targeted advertising on privacy grounds.

In a Thursday disclosure, Microsoft says it received an April notification from the Irish Data Protection Commission that the agency intends to impose a fine at the conclusion of an investigation into a 2018 complaint asserting that targeted advertising on LinkedIn and other sites violates the GDPR. Microsoft says it’s increasing the size of a reserve fund and will “take a charge of approximately $425 million in the fourth quarter” of this year.

The Irish Data Protection Commission fined Facebook parent company Meta 390 million euros in January following an investigation into the company’s targeted advertising practices.

Targeted advertising tailors ads to individual users by monitoring consumer behavior across the internet. ProPublica in 2016 calculated that Facebook uses more than 52,000 unique attributes about individuals to classify users into categories. Targeted advertising differs from contextual advertising, which displays ads based on the content of the webpage rather than characteristics of the reader.

The January Meta decision issued by the Irish Data Protection Commission said Meta violated the GDPR by asserting that ad personalization is a core element of the user experience that users can reject only by not using Facebook or Instagram.

The Irish agency issued the decision under pressure from the European Data Protection Board, which directed Irish Data Protection Commissioner Helen Dixon to find that Meta unlawfully processed personal data for behavioral advertising.

Facebook said it would appeal the decision. It announced in March a new legal justification for targeted advertising in Europe, changing the legal basis from the “contractual necessity” claim that European regulators said was illegal by invoking another section of the GDPR that authorizes businesses to pursue “legitimate interests.”

“Advertisers can continue to use our platforms to reach potential customers and grow their business,” the company said.

Some outside analysts say the change in legal basis may bring Meta only a temporary reprieve from GDPR-based crackdowns on targeted advertising, since the regulation provides consumers an absolute right to object to direct marketing that overrides business interests.