A Closer Look at the LinkedIn GDPR Complaint
Most LinkedIn users scroll right past the “Who’s viewed your profile” section without a second thought. For non-paying members, that area shows vague summaries like “12 people found you through the homepage” or “Someone with a title from a certain company stopped by.” Clicking on those hints leads straight to a premium sign-up page. This seemingly minor feature has now sparked a major linkedin gdpr complaint filed by the privacy advocacy group noyb (none of your business). The case could redefine how companies handle personal data that they normally sell back to users.
The dispute centers on whether a free LinkedIn user has the right to receive a full list of everyone who visited their profile, even though that information is normally reserved for paying Premium members. An unnamed user exercised their rights under GDPR Article 15 and requested all personal data LinkedIn had processed about them. LinkedIn refused, citing the need to protect other users’ data. Now noyb is taking the fight to the Austrian data protection authority.
Why This LinkedIn GDPR Complaint Matters for All Users
This case is not just about one feature on one platform. It addresses a broader practice: companies collecting data from users, processing it, and then charging those same users to see the results. LinkedIn is far from alone. Many social networks, job platforms, and analytics services follow similar models. If noyb wins, it could force a fundamental shift in how these businesses operate.
Consider a hypothetical scenario: A fitness app tracks your workouts and generates a monthly performance report. The app offers a free tier that shows only a summary, while the full report with detailed metrics is behind a paywall. Under the same logic as the LinkedIn case, the user should be able to request that full report under Article 15 without paying. The data is about them, processed by the app, and therefore belongs to them.
The linkedin gdpr complaint could therefore ripple across industries, from job boards to health trackers to e-commerce platforms. Any service that collects behavioral data and then sells access to that data back to the user may need to reconsider its business model.
The Legal Sticking Point: Rights and Freedoms of Others
The only real defense LinkedIn has is Article 15(4), which states that the right to obtain a copy shall not adversely affect the rights and freedoms of others. The profile visitors have their own privacy rights. But noyb counters that LinkedIn already undermines those rights by showing names to Premium users. If the company can justify that disclosure to paying customers, it cannot suddenly claim that the same disclosure would harm visitors when given to the data subject themselves. The logic is inconsistent.
Furthermore, LinkedIn offers users the option to toggle off profile visibility. Visitors who want to remain anonymous can already do so. That opt-out mechanism exists regardless of whether the data subject is a free or Premium user. So the risk to visitors’ rights is already mitigated by the platform’s own settings.
What Users Can Do Right Now
While the legal process plays out, non-premium LinkedIn users are not powerless. If you want to see who viewed your profile, you can submit a formal GDPR Article 15 request to LinkedIn. Although the company may initially refuse, citing the same arguments, you can escalate the request to your local data protection authority. The noyb case provides a strong precedent that such refusals may be unlawful.
Here are practical steps:
You may also enjoy reading: Conspiracy Theory About QR Codes Led to Chaos in GA Midterms.
- Send a clear email to LinkedIn’s data protection officer or use their online privacy request form. Specify that you are requesting a copy of all personal data processed, including the full list of profile visitors with names, job titles, and employers.
- If LinkedIn denies the request, ask for a written explanation citing the specific exemption they rely on.
- File a complaint with your national data protection authority (e.g., the ICO in the UK, the CNIL in France, or the Austrian DPA where noyb filed).
- Consider joining forces with noyb or other privacy groups that may take on similar cases.
Even if you are not directly affected, supporting such actions helps clarify the law for everyone.
The Bigger Picture: GDPR’s Right of Access vs. Business Models
GDPR was designed to give individuals control over their personal data. Article 15 is a cornerstone of that control. When companies erect paywalls around that data, they undermine the spirit of the regulation. The linkedin gdpr complaint is a test case for whether the law can adapt to modern data monetization schemes.
noyb has a track record of winning similar battles. They previously forced Facebook to change its data processing practices and secured fines against Google for forced consent. The organization’s approach is methodical: identify a clear violation, find a willing plaintiff, and push the case through the legal system until a binding precedent is set. This LinkedIn case fits that pattern perfectly.
The outcome will likely take months or even years, but the implications are already clear. Companies that treat user data as a product to be sold back to the user are on notice. The right of access does not come with a price tag.
As Baumann put it, “A full list of profile visitors seemingly should fall under Article 15 data – even if it’s normally reserved for paying users and presented to them in a nicer way, it should still be accessible to free users who actually request it.”
For now, the ball is in the court of the Austrian data protection authority. If they rule in favor of noyb, LinkedIn will have to either provide the data for free or stop collecting it altogether. Either outcome would be a win for user privacy.
