Love it, the article referring to a statement by a LinkedIn spokesperson: "The first part of that statement is false, as you can see from the screenshot above. Given the obvious untrustworthiness of that half of the statement, we didn't bother wasting any time trying to evaluate the second part."
Seriously, this is what I miss the most in legacy media. Much too often "journalists" will simply relay politicians' statements uncritically, when they're obviously fallacious or straight lies. This is very refreshing on The Register's part.
Noyb basically built a logic trap linkedin can't squirm out of: either selling the visitor list to premium users is illegal or handing it over for free under article 15 is mandatory - pick one
Oh I LOVE this, we can't have enough of these privacy-focused non-profits making tech companies' lives difficult. They have such a strong argument here, too. I can imagine that whoever came up with this is very pleased with theirselves, and rightfully so.
Not sure I follow the logic. The list of profiles I visit feels like it’s my data, not the owners of target profile. By that logic can I GDPR chrome for the browsing history of anyone who has visited my site? IANAL but I thought GDPR is about getting a copy of your data, not others.
I'm not a fan of how LinkedIn operates ... or the culture there in general.
At the same time I wonder what happens when users realize everything they look at is now more visible than ever? People just make fake accounts for browsing?
Maybe it should be that way, but there's an interesting dynamic to "what you look at (even if not a full picture) is visible to some people".
I think the key point here is that LinkedIn distributes personal data of the profile owner to the visitor. That data is subject to GDPR, so the plaintiff assumes that they have the right to know who received that data from LinkedIn.
What kind of personal data of the website owner does google analytics distribute that makes that analogy work?
I don't quite get the "GDPR requires you to share with someone the personal details of people who happened to visit a webpage that you setup on a free website" angle here. I don't get how that's your data and not the data of the people who visited the page?
That seems to violate the GDPR more than the current state, no? If I accidentally click on your profile you're entitled to my name and employer and that's your data now? Makes no sense, other than from a "GDPR good, US tech bad!" angle, I guess.
Agree, I don't fully understand the argument that this would be the owning profiles data, and not either Linkedin's or the viewer's.
Would you be entitled to search query data from Google because your website is in some query results, and Google has to provide you that metadata for free?
(copied from my earlier comment) I think it's very close to C-579/21 which was about audit logs. In that one CJEU ruled that audit logs are personal data of you and the person who performed the action. They did allow censoring the person's name in that case (and exact timestamp), but given that in this case LI is selling this information to same person then "protecting others" rings pretty hollow.
Dating apps do this too; one of the major selling points of Tinder's premium plan is that you can see who swiped right on you.
They're not at as much of a risk though, as it's much more difficult to begin a chat with a Tinder user than it is on Linked In. Knowing the profile ID or whatever won't help you, if you can't open their profile in-app and swipe right on it, you can't begin a conversation.
If you mean that Meta probably has a list of which users visited which other users and that they use it for internal stuff? Well, then Meta could argue they won’t tell you who visited you because they need to protect their privacy (harder for LinkedIn since they are selling that data so clearly they don’t care)
LinkedIn shared a public profile a user filled out for the purposes of sharing.
Someone viewed the profile.
How exactly is it “personal data” who viewed the profile?
If I put my resume on my website, is my ISP required to tell me who visited my website? (The logs give technical data, but not the name of the person viewing.)
Personal data is data that relates to to you. What relates to you is the list of users who viewed your profile.
I think it's very close to C-579/21 which was about audit logs. In that one CJEU ruled that audit logs are personal data of you and the person who performed the action. They did allow censoring the person's name in that case (and exact timestamp), but given that in this case LI is selling this information to same person then "protecting others" rings pretty hollow.
I think SaaS pricing model has long been abusive. So, you have a platform, which takes real money to build and maintain. But then you build features on top of that platform, where some features are build-once and require not a lot of maintenance and no additional expenses - the code is just sitting there doing the stuff. Then you request additional money for that feature, which is effectively free for you.
Unlike physical goods where a higher price reflects higher production cost, SaaS companies have to engineer scarcity into a product that is naturally abundant.
In this LinkedIn example, they already collect the profile visitors for everyone. Instead, they spent additional engineering resources building the restriction layer and then charge the users to undo the sabotage.
The price of something is not necessarily the function of the cost of producing it. It is the value to the buyer. Of course, you have edge cases on both sides of the scale, some things are of less value (to some markets) than the cost of producing them, and some things are of high value when producing them costs almost nothing. That's part of why free markets are so great, they are value-oriented and not only cost-based.
26 comments
[ 2.9 ms ] story [ 53.2 ms ] thread> LinkedIn rejected the request on the grounds that protecting that data took precedence.
Guess that implies that paying takes precedence on data protection
Linkedin is the best thing what happened for phishing since 4ever.
If you have a profile there, you're already lost. They gather your data and even network layout if you just open linkedin.
At the same time I wonder what happens when users realize everything they look at is now more visible than ever? People just make fake accounts for browsing?
Maybe it should be that way, but there's an interesting dynamic to "what you look at (even if not a full picture) is visible to some people".
What kind of personal data of the website owner does google analytics distribute that makes that analogy work?
That seems to violate the GDPR more than the current state, no? If I accidentally click on your profile you're entitled to my name and employer and that's your data now? Makes no sense, other than from a "GDPR good, US tech bad!" angle, I guess.
(copied from my earlier comment) I think it's very close to C-579/21 which was about audit logs. In that one CJEU ruled that audit logs are personal data of you and the person who performed the action. They did allow censoring the person's name in that case (and exact timestamp), but given that in this case LI is selling this information to same person then "protecting others" rings pretty hollow.
They're not at as much of a risk though, as it's much more difficult to begin a chat with a Tinder user than it is on Linked In. Knowing the profile ID or whatever won't help you, if you can't open their profile in-app and swipe right on it, you can't begin a conversation.
LinkedIn shared a public profile a user filled out for the purposes of sharing.
Someone viewed the profile.
How exactly is it “personal data” who viewed the profile?
If I put my resume on my website, is my ISP required to tell me who visited my website? (The logs give technical data, but not the name of the person viewing.)
I think it's very close to C-579/21 which was about audit logs. In that one CJEU ruled that audit logs are personal data of you and the person who performed the action. They did allow censoring the person's name in that case (and exact timestamp), but given that in this case LI is selling this information to same person then "protecting others" rings pretty hollow.
Unlike physical goods where a higher price reflects higher production cost, SaaS companies have to engineer scarcity into a product that is naturally abundant.
In this LinkedIn example, they already collect the profile visitors for everyone. Instead, they spent additional engineering resources building the restriction layer and then charge the users to undo the sabotage.