Microsoft reserves $425M for LinkedIn GDPR penalty

Microsoft, which made the disclosure Thursday on its investor relations page, said the Irish DPC began investigating a complaint against LinkedIn in 2018, alleging the platform’s targeted advertising practices violated the GDPR. The stringent European Union privacy law took effect that year.

In April, Microsoft said it received a preliminary draft decision from the Irish DPC that found LinkedIn’s targeted advertising practices violated the GDPR. Microsoft said it cooperated with the inquiry.

The money will be set aside in the fourth quarter of fiscal year 2023, Microsoft said.

The company said it will appeal the decision when it is finalized and made public.

“The company intends to dispute the legal basis for, and the amount of, the proposed fine and will continue to defend its compliance with GDPR,” Microsoft said. “There is no set timeline as to when the [Irish DPC] will issue a final decision. However, after receiving a final decision, Microsoft will consider all legal options and intends to defend itself vigorously in this matter.”

In January, the Irish DPC issued a fine of 390 million euros (then-U.S. $414 million) against Meta for forcing users to agree their personal data can be used for targeted advertising to access Facebook and Instagram.

The Meta case highlighted concerns over the way tech companies use contract terms to secure users’ consent to monetize personal data to drive their business models.

Meta last month was fined a record €1.2 billion (then-U.S. $1.3 billion) by the Irish DPC for violating the GDPR regarding transatlantic data transfers. Amazon disclosed in July 2021 the Luxembourg National Commission for Data Protection proposed fining it €746 million (U.S. $800 million) for its unlawful processing of personal data, but the agency has yet to confirm the penalty.