News & Analysis

Microsoft Under EU Scanner over LinkedIn

The Commission has sought information under the recently approved Digital Services Act

Professional social network LinkedIn is the latest amongst the big tech global companies to attract the attention of the European Union. The data protection commission, which oversees compliance around utilization of user data on larger platforms, has now sent a request for information (RFI) to the Microsoft-owned company. 

The Commission operates under the revamped Digital Services Act (DSA) that was approved by the EU and implemented starting February 17 this year. It oversees the subset of risk management, transparency and algorithm accountability rules in the eCommerce rulebook with the aim to keep big tech companies on the straight around usage of user data. 

Data use for targeted ads under review

In this case, the specific concern appears to be around how LinkedIn is using such data for ads targeting and in doing so whether it is breaching any of the provisions of the DSA. As per the rules, sensitive data refers to categories such as health information, political, religious and philosophical allegiance, racial profile or ethnicity, sexual orientation etc. 

In case any of the above is used to target ads, the EU could take action against such entities as per the DSA. The regulation also requires that very large platforms provide users with basic information about the nature and origins of an ad, while also making them publicly available and searchable.

It is still not a formal investigation yet 

In a press statement, the Commission said it was asking for more details of how their (LinkedIn) services comply with the prohibition of presenting ads based on profiling using special categories of personal data. Further, it flagged the social network’s requirement to provide users with ad targeting information. LinkedIn needs to respond before April 5.  

From LinkedIn’s perspective, a spokesperson noted that the company complies with the DSA including the provisions for ad targeting and would be cooperating with the Commission on this matter. Readers would be aware that the RFI is the first stage of the EU process that only indicates the possibility of grounds for further investigation. 

In case the Commission finds cause for concerns and goes ahead with an advanced probe, companies stand to attract fines of up to 6% of global annual turnover. Furthermore, the DSA also empowers the regional grouping to impose fines for incorrect, incomplete or misleading information in response to their RFIs. 

In this instance, the Commission has noted that the RFI was a result of complaints from civil society organizations that called for “effective enforcement of the DSA”. Some of these mentioned in the statement include EDRi, Global Witness, and Gesellschaft fur Freiheitsrechte among others. 

Post DSA, the Commission has been active

After the implementation of new rules under the DSA, the Commission has sent RFIs to several big tech companies including Meta, which owns Facebook and Instagram, not to mention its ire at Apple as well as the careful observation of the cloud business that is virtually controlled by three big tech companies – Amazon, Microsoft and Google. 

It also took up a formal investigation of a marketplace – Alibaba’s AliExpress – on grounds of suspected violations. Then there are also the probes around social media sites X (formerly Twitter) and TikTok, besides questioning the ability of tech giants around risks related to AI-led political deep fakes.