The Irish Data Protection Commission has fined Microsoft-owned LinkedIn €310 million after finding the site was illegally processing users’ personal information to send targeted ads. The regulator said the app violated the European Union’s strict data protection laws.

DPC Deputy Commissioner Graham Doyle said in a statement that LinkedIn’s unlawful processing of personal data was a “clear and serious breach” of EU citizens’ privacy rights. The case stems from a complaint filed with regulators in France in 2018 regarding LinkedIn’s digital advertising activities in Europe.

Lawfulness of processing is a fundamental element of data protection legislation and the processing of personal data without an appropriate legal basis is a clear and serious violation of data subjects’ fundamental right to data protection.

Nvidia’s Huang says nuclear energy is an option for powering data centers

Under the EU’s General Data Protection Regulation (GDPR), which came into force in 2018, companies are required to be transparent about how they handle people’s personal information and obtain appropriately informed consent from users. The DPC launched its investigation following a complaint asking whether LinkedIn had a legal basis to process EU members’ personal data for targeted advertising.

It now appears that the Irish regulator has ordered LinkedIn to implement changes to comply with GDPR rules. LinkedIn said it believes it complies with the GDPR but will work to ensure its apps comply with the DPC before the deadline.

Today, the Irish Data Protection Commission (IDPC) made a final decision on 2018 allegations relating to some of our digital advertising work in the EU. While we believe we are compliant with the General Data Protection Regulation (GDPR), we are working to bring our advertising practices into compliance by the IDPC deadline.

It’s worth noting that since the company is headquartered in Ireland, Irish privacy watchdogs have assumed the authority to enforce LinkedIn’s compliance with European data rules.