LinkedIn’s overeager networking lands them in trouble

During Mark Zuckerberg’s congressional testimony on the Cambridge Analytica data scandal, it came out that a personality app quiz on Facebook had accessed information not only on those who took it, but their friends as well.  This private database on some 50 million users was then shared with Cambridge Analytica.

Unfortunately, it appears that LinkedIn employed a variation on that theme.  According to a report from Ireland’s Data Protection Commissioner (DPC), a 2017 investigation revealed that the company obtained about 18 million emails for people who were not users, then leveraged those for targeted ads on Facebook.  Ideally, of course, this would drum up more registration for their own service.  But there seems to have been another, perhaps less insidious goal, whereby the data would be used to create pre-established networks to assist new users who would otherwise have to build new networks from scratch.  Nevertheless, the practice was irresponsible, and it appears to have ceased.

We’ve been waiting to see some substantive effects of GDPR implementation, and as it happens, it was LinkedIn’s dealing with this European regulator that led to this discovery.  Though the DPC had no power to enforce fines prior to May 25, when GDPR came into effect, the looming promise of real punitive measures would be a compelling argument to stop LinkedIn’s “pre-compute processing” and delete the data already compiled.

For their part, LinkedIn has complied with the orders, although it remains a mystery where the company acquired the 18 million email addresses to begin with.  That is something we’ll have to keep an eye on.  Still, it’s nice to see whenever a company fixes a problem that adversely affects users, even if it does take external pressure to enact.  Consumers face ever more threats to the data that play major roles in their lives.  And it’s not going to get any smoother in 2019, with rises in social engineering, malware attacks, and vulnerabilities in older, insecure devices being predicted.

LinkedIn’s error may or may not have been as malicious as what resulted from Facebook and Cambridge Analytica’s malfeasance, but such cavalier treatment of users’ data is not acceptable, and those using similar practices need to rectify them.  Otherwise, they won’t get off as easy as LinkedIn managed this time.


By: Jonathan Weicher, post on November 29, 2018
Originally published at:
Copyright: NetLib Security