- LinkedIn informed customers that “do-not-track” signals are ignored.
- Default setting regarding visibility of member profiles is unlawful.
- Unsolicited sending of emails to non-members is prohibited.
The social network LinkedIn is no longer allowed to inform customers on their website that “do-not-track” signals are ignored. Users select this option to prevent tracking of their online activities. The ruling by the Berlin District Court follows legal action brought by the Federation of German Consumer Organisations (Verbraucherzentrale Bundesverbands – vzbv). The court also prohibited the company from using a default setting that makes member profiles visible on other websites and applications. Last year, the court already prohibited the sending of unsolicited emails to non-members.
“Consumers who activate their browser’s ‘do-not-track’ function are sending a clear message: they do not want their online activity to be monitored for advertising and other purposes,” says Rosemarie Rodden, Policy Officer Team Litigation at vzbv. “Websites must respect this wish.”
Internet users can select a browser setting so that websites they visit receive a “do-not-track” (DNT) signal. It sends the message that they do not want their online activities to be tracked and analysed. LinkedIn stated on its website that it ignores these DNT signals. This means that, by using the site, personal data such as IP address and information about the use of websites can be analysed, for example for marketing purposes, against users’ wishes and even by third parties.
The Berlin District Court upheld vzbv’s view that the company’s statement was misleading, as it suggested that use of the DNT signal was legally irrelevant and that the company was under no obligation to observe it. This is, in fact, not the case. According to the General Data Protection Regulation (GDPR), the right to object to the processing of personal data can also be expressed using an automated procedure. A DNT signal represents a valid objection.
The court rejected a further related claim for procedural reasons.
vzbv’s legal action was fully successful in all other respects. The court prohibited LinkedIn from activating the “profile visibility” function during initial registration. This default setting meant the individual’s LinkedIn profile was also publicly visible to non-members outside the network, for example in search engine results, without the individual’s consent. The judge stated that a default setting did not fulfil the requirements for valid consent to the publishing of personal data. “Making user profiles automatically visible to the public when they are first created is not permitted,” says Rosemarie Rodden.
The Berlin District Court had already ruled in favour of part of the legal action last year. As a result, LinkedIn is no longer allowed to send email invitations to consumers who are not members of the network and who have not consented to the use of their email address. The court also prohibited, via an additional partial ruling, the use of several conditions in the company’s general terms and conditions, including clauses according to which only the English language version of the contract is legally binding and litigation may only be pursued in Dublin, Ireland.