Trust and safety

Privacy and Data Protection Review of LinkedIn Ireland: Some New Features To Know About

At LinkedIn, we are grateful for the trust of our members.  We believe that trust is earned by taking privacy and security seriously every day and by being transparent with you about how we use your personal data.

LinkedIn recognizes the Office of the Irish Data Protection Commissioner (IDPC) as our lead regulator on data protection and privacy practices in Europe. The IDPC came to us in 2013 with a request to review our practices in these areas. Since May 2013, we have actively engaged with the IDPC in a full audit of our data protection and privacy practices. [1]  The IDPC’s audit efforts were comprehensive and included on-site visits, interviews with dozens of our staff, code review, and examinations of policies and practices related to data privacy and security.

The audit was completed in July 2014. Following this review, the IDPC noted our strong commitment to respecting the privacy rights of our members. It also made a number of best practice recommendations about how we could enhance our data protection and privacy practices.

LinkedIn embraces many of the IDPC’s recommendations and believes that they will largely improve your experience by providing you with increased clarity, consistency and control. Nearly all of the best practice recommendations that we have agreed to take action on have already been put in place as part of our ongoing product development process, including our updated Privacy Policy, which became effective on October 23, 2014. More will be completed before the end of the year.  In some cases, we went beyond the best practice recommendations to do more, such as our adding a self-service tool for you to request the data that LinkedIn has about you. Because these improvements can benefit members all over the world, not just in Europe, these changes are effective globally.

We will continue to work to ensure that we maintain our high standards of privacy and data protection for you, including engaging on an on-going basis with the IDPC.

Below is an overview of the changes that we believe will most benefit you. In some cases, you will see these changes when you visit the site. In other cases, the changes made are “behind the scenes” improvements that provide additional privacy and security protections for you.

 

Access to Your Data

We believe that it is important to be transparent with you about the personal data we gather about you.   We wanted to make it easier for you to access and remove your data from LinkedIn if you wish.

  • New Help Center Information. We have always given our members access to how we use the personal information they give us, and we have recently updated our Help Center articles so that you have more information about how our access request policies and processes work. There you will find a step-by-step guide to accessing your account data, as well as details of what you will see, including your login history, email address history and the photos you’ve uploaded.
  • New Data Management Tool. We have also made available an automated, self-service tool for members to request a comprehensive set of your data into a downloadable file. You can request your data through a link in the settings portal and receive your data by email. You'll receive an email within 72 hours when your data archive is ready to be downloaded and this process is protected with authentication requirements.

 

Understanding Your Visibility and Choices

Many of our members come to LinkedIn to be found for opportunities and to connect and share with other professionals. We wanted to be clearer about who can find you and see what you post, share, and follow on LinkedIn.

  • Updates to Our Privacy Policy. You can now get more information about how people see and find you through our Privacy Policy. This year we updated the Privacy Policy to make it clearer that other people may find your LinkedIn profile information through search engines, that you can choose which parts of your public profile are accessible to public search engines in your settings, and that you can use services like Twitter in conjunction with your LinkedIn account.
  • De-Identification of Data. We also conducted a thorough review of our privacy settings to make them more user-friendly. You may have noticed that we have already removed a setting that gave our members choices about how their personal data was collected by us when they visited third-party sites that have a LinkedIn “Share” button. Instead of waiting for you to let us know you want your visits to sites with our “Share” buttons to be anonymous by changing your setting, we now promptly and automatically de-identify this data for all of our members. We also added a setting that allows our members to block unwanted contact through LinkedIn. We also provided a dashboard to allow you to see information about your recent login history with the ability to logout other sessions or devices signed in to your LinkedIn account.
  • More Information on Closing Accounts. We have always provided members with the ability to close an account. We now provide more information to members who register for LinkedIn but are subsequently “inactive” for a long period of time about the steps they can take if they want to close their accounts.

We plan more improvements to our settings in the future.

 

Building Your Professional Network

Many of our members choose to upload their address books so that they can find and connect with people – one of the main reasons members use LinkedIn. We wanted to be clearer about how to build your network and choose who to include in it.

  • More Information about Address Books. We have expanded the information that we provide to members who choose to import their address books (or contacts lists). We have also added a “Learn More” link at invitation stage, so that you have access to more information about the permissions you are granting to us and the data that we will collect if you choose to import this data. We have also provided additional clarity about sending invitations to members to connect on LinkedIn and guests to join LinkedIn, such as showing the number of invitations that will be sent.
  • More Choices for and about Non-Members. More information about how our “People You May Know” feature works has been added to our Privacy Policy. In addition, we have changed our practices around how we process the information of individuals who are not members of LinkedIn. If we receive an unsubscribe signal from a non-member (e.g., in response to an invitation to join LinkedIn), we will stop processing their information in our recommendations feature. In addition, we have launched a new page where those who are not members will have another way to tell us not to send them invitations to join LinkedIn.

 

Advertising and Cookies

Like many online services, we depend on “cookies” to deliver our services and to serve relevant ads to you. We wanted to be clearer about the cookies we use.

  • Updated Cookie Policy. In October 2014, we updated our Cookie Policy to provide more information about how we use cookies. Our revised Cookie Policy provides, among other things, more detail about our use of behavioral advertising and data provided to us by third parties.
  • More Information About Third-Party Cookies. We also added links to our third-party cookie providers, so that you have more information about these third parties and have an easier way to opt-out of those cookies.
  • Deletion of Cookies. We are also deleting cookies that we no longer needed and have revised our practices for deciding when it’s appropriate to add new cookies.
  • More Cookie Security. For better security, we have marked all security-sensitive cookies that are used (e.g., for us to authenticate that you are who you say you are) so that it is harder for hackers who might try to misuse JavaScript (a type of computer programming language) to impersonate you.
  • Updated Opt-Out Settings. We have revised our settings to provide members and non-members easier ways to opt-out of our tracking of behavior on third-party sites and our use of information from advertising partners to target ads. We have tested and confirmed that these opt-outs are honored by LinkedIn.
  • Clarification of Policies on Sensitive Categories. We have also revised our Advertising Guidelines  to document the practice we always had in place of prohibiting our customers from targeting their ads based on sensitive categories such as race or religion.

 

Protecting Your Data

We take the protection of your personal information very seriously. We have added additional security to protect your private data.

  • Improving Our Privacy and Security Processes. We continue to improve and formalize our processes to assess privacy and security risks during product development, so that we can implement security and privacy by design. For example, a cross-functional LinkedIn privacy and security team works with product and engineering teams to assess and test products throughout our product development lifecycle. Since the second quarter of 2014, all new products have gone through this more rigorous security and privacy review.
  • Enhancing Our Security Practices. To improve security, we have implemented enhanced security practices such as implementing HTTPS by default for the LinkedIn service in most countries and STARTTLS (which allows for encryption of data channels)for SMTP communications (the internet standard for electronic mail). In addition, to test ourselves, we hired a third party to challenge our security on some important features.
  • Internal Access. To improve your privacy, we have tightened internal access controls to protect member’s private data.

 

Retention and Deletion of Your Data

It’s important that you have control over your data, even if you decide that you no longer want be a member.

  • Deletion of Data. If you close your LinkedIn account, we delete your data as explained in our updated Privacy Policy. Our efforts to delete data at the request of a member have been expanded to include copies that might exist in some of the servers we use to store members’ media content (e.g. profile photos) in different locations to enable faster loading of webpage content in different countries (i.e., our content delivery network).

 

Third Parties’ Access To Data About You

It is equally important that you know about and have control over the access third parties have to data about you.

  • New Monitoring of API Uses by Third Parties. Like many online services, LinkedIn has an Application Programming Interface (“API”) program, which allows third-party developers to access personal information with the consent of our members. We have always provided members with granular controls to revoke this consent. We have always had a practice of terminating third parties who materially breach these API terms, but to further enhance security, we have added new ways to monitor these third-party developers’ use of these API’s and provided more information to developers about security best practices. We have also made technical changes, such as adding further limits to authorization token exchanges, ensuring all API URLs returned in API responses default to using https protocol (which makes it more difficult for hackers and others to track users), and reducing the permissible number of daily connection requests.

 

More Clarity

Simpler is better. We try to be clear, simple and transparent when explaining what we do with your data.

  • Enhancements of Our Disclosure and Education Materials. You may have already noticed that LinkedIn has added more information and detail about how certain features may collect, use or share your personal information. In the last few months we have added further detail to our Privacy Policy, Cookie Policy, Help Center, and better descriptions at the time you interact with those features. For example, in our updated Privacy Policy (https://lnkd.in/bdB7tcE) we provided more clarity around our already existing practice of only scanning private messages for security purposes (e.g., virus or other malicious code) and in our Help Center we provided more information about how we use location data sent to us by mobile devices.
  • Update of Our User Agreement. We have also re-written our User Agreement to make it easier to read and understand, including cutting the length by half and using more plain language throughout.
  • Updates of Other Disclosures. In many instances, we expanded our disclosures about products in numerous relevant ways. For example, with regard to Groups, we revised our Groups Terms of Service, enhanced explanations in Group settings, and expanded in-line descriptions. We have also added further information about other features such as search, messaging, social plugins, our premium products, introductions feature, endorsements and recommendations, company pages, use of member IDs, and integrations with third parties such as Twitter.

 

[1]   LinkedIn Ireland is the company that contracts with our members to provide LinkedIn’s services outside of the U.S.