General Data Protection Regulation (GDPR) , Standards, Regulations & Compliance

Microsoft Sets Aside $425M for Anticipated GDPR Fine

Targeted Advertising on LinkedIn May Violate Europeans' Privacy
Microsoft Sets Aside $425M for Anticipated GDPR Fine
LinkedIn offices in San Francisco in a 2019 photo (Image: Shutterstock)

Microsoft is warning investors it may receive a fine from European privacy regulators adding up to at least hundreds of millions of dollars over targeted advertising on its LinkedIn social network.

See Also: MITRE and XDR Integration | Enhancing Threat Detection and Prioritization of Advanced Threats

The computing giant bought LinkedIn in 2016 for $26 billion, two years before the European Union's General Data Protection Regulation went into effect. European data protection authorities have shown increased willingness to use the GDPR to limit targeted advertising on privacy grounds.

In a Thursday disclosure, Microsoft said it had received a notification from the Irish Data Protection Commission in April saying that the agency intends to impose a fine at the conclusion of an investigation into a 2018 complaint asserting that targeted advertising on LinkedIn and other sites violates the GDPR. Microsoft says it's increasing the size of a reserve fund and will "take a charge of approximately $425 million in the fourth quarter" of this year.

The Irish Data Protection Commission fined Facebook parent company Meta 390 million euros in January following an investigation into the company's targeted advertising practices.

Targeted advertising tailors ads to individual users by monitoring consumer behavior across the internet. ProPublica in 2016 calculated that Facebook uses more than 52,000 unique attributes about individuals to classify users into categories. Targeted advertising differs from contextual advertising, which displays ads based on the content of the webpage rather than characteristics of the reader.

The January Meta decision issued by the Irish Data Protection Commission said Meta had violated the GDPR by asserting that ad personalization is a core element of the user experience that users can reject only by not using Facebook or Instagram.

The Irish agency issued the decision under pressure from the European Data Protection Board, which directed Irish Data Protection Commissioner Helen Dixon to find that Meta had unlawfully processed personal data for behavioral advertising.

Facebook said it would appeal the decision. It announced in March a new legal justification for targeted advertising in Europe, changing the legal basis from the "contractual necessity" claim that European regulators said was illegal by invoking another section of the GDPR that authorizes businesses to pursue "legitimate interests."

"Advertisers can continue to use our platforms to reach potential customers and grow their business," the company said.

Some outside analysts say the change in legal basis may bring Meta only a temporary reprieve from GDPR-based crackdowns on targeted advertising, since the regulation provides consumers an absolute right to object to direct marketing that overrides business interests.


About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.