Microsoft, parent company of LinkedIn, recently disclosed that it had taken a $425m charge in relation to an Irish Data Protection Commission (DPC) investigation into LinkedIn targeted advertising practices, which allegedly violated the GDPR:
“After review and analysis, the company will increase its existing reserve for the matter and, based on current exchange rates take a charge of approximately $425m in the fourth quarter of fiscal year 2023,”
In a statement to investors Microsoft said that the Irish DPC issued a preliminary non-public finding in April following an investigation into LinkedIn and other companies that began in 2018. There is no set timeline for the final decision. It said it would defend the legal basis for allegations and the size of the proposed fine:
“… after receiving a final decision, Microsoft will consider all legal options and intends to defend itself vigorously in this matter.”
In Ireland, as in much of the EU, GDPR fines are uninsurable as a matter of public policy.
The proposed fine shows how the DPC in Ireland (where many large tech companies are headquartered) is taking a more muscular approach to GDPR enforcement. Companies need to take care that they ensure their targeted advertising solutions are compliant, for example, by completing a DPIA. HewardMills provides global data protection services to a range of fast-growing companies. If you wish to understand how to design and develop marketing processes that are privacy-compliant, please do not hesitate to contact us.
