Privacy and Data Protection Review of LinkedIn Ireland: Some New Features To Know About
December 18, 2014
At LinkedIn, we are grateful for the trust of our members. We believe that trust is earned by taking privacy and security seriously every day and by being transparent with you about how we use your personal data.
LinkedIn recognizes the Office of the Irish Data Protection Commissioner (IDPC) as our lead regulator on data protection and privacy practices in Europe. The IDPC came to us in 2013 with a request to review our practices in these areas. Since May 2013, we have actively engaged with the IDPC in a full audit of our data protection and privacy practices.  The IDPC’s audit efforts were comprehensive and included on-site visits, interviews with dozens of our staff, code review, and examinations of policies and practices related to data privacy and security.
The audit was completed in July 2014. Following this review, the IDPC noted our strong commitment to respecting the privacy rights of our members. It also made a number of best practice recommendations about how we could enhance our data protection and privacy practices.
We will continue to work to ensure that we maintain our high standards of privacy and data protection for you, including engaging on an on-going basis with the IDPC.
Below is an overview of the changes that we believe will most benefit you. In some cases, you will see these changes when you visit the site. In other cases, the changes made are “behind the scenes” improvements that provide additional privacy and security protections for you.
Access to Your Data
We believe that it is important to be transparent with you about the personal data we gather about you. We wanted to make it easier for you to access and remove your data from LinkedIn if you wish.
- New Help Center Information. We have always given our members access to how we use the personal information they give us, and we have recently updated our Help Center articles so that you have more information about how our access request policies and processes work. There you will find a step-by-step guide to accessing your account data, as well as details of what you will see, including your login history, email address history and the photos you’ve uploaded.
- New Data Management Tool. We have also made available an automated, self-service tool for members to request a comprehensive set of your data into a downloadable file. You can request your data through a link in the settings portal and receive your data by email. You'll receive an email within 72 hours when your data archive is ready to be downloaded and this process is protected with authentication requirements.
Understanding Your Visibility and Choices
Many of our members come to LinkedIn to be found for opportunities and to connect and share with other professionals. We wanted to be clearer about who can find you and see what you post, share, and follow on LinkedIn.
- De-Identification of Data. We also conducted a thorough review of our privacy settings to make them more user-friendly. You may have noticed that we have already removed a setting that gave our members choices about how their personal data was collected by us when they visited third-party sites that have a LinkedIn “Share” button. Instead of waiting for you to let us know you want your visits to sites with our “Share” buttons to be anonymous by changing your setting, we now promptly and automatically de-identify this data for all of our members. We also added a setting that allows our members to block unwanted contact through LinkedIn. We also provided a dashboard to allow you to see information about your recent login history with the ability to logout other sessions or devices signed in to your LinkedIn account.
- More Information on Closing Accounts. We have always provided members with the ability to close an account. We now provide more information to members who register for LinkedIn but are subsequently “inactive” for a long period of time about the steps they can take if they want to close their accounts.
We plan more improvements to our settings in the future.
Building Your Professional Network
Many of our members choose to upload their address books so that they can find and connect with people – one of the main reasons members use LinkedIn. We wanted to be clearer about how to build your network and choose who to include in it.
- More Information about Address Books. We have expanded the information that we provide to members who choose to import their address books (or contacts lists). We have also added a “Learn More” link at invitation stage, so that you have access to more information about the permissions you are granting to us and the data that we will collect if you choose to import this data. We have also provided additional clarity about sending invitations to members to connect on LinkedIn and guests to join LinkedIn, such as showing the number of invitations that will be sent.
Advertising and Cookies
Like many online services, we depend on “cookies” to deliver our services and to serve relevant ads to you. We wanted to be clearer about the cookies we use.
- More Information About Third-Party Cookies. We also added links to our third-party cookie providers, so that you have more information about these third parties and have an easier way to opt-out of those cookies.
- Deletion of Cookies. We are also deleting cookies that we no longer needed and have revised our practices for deciding when it’s appropriate to add new cookies.
- Updated Opt-Out Settings. We have revised our settings to provide members and non-members easier ways to opt-out of our tracking of behavior on third-party sites and our use of information from advertising partners to target ads. We have tested and confirmed that these opt-outs are honored by LinkedIn.
- Clarification of Policies on Sensitive Categories. We have also revised our Advertising Guidelines to document the practice we always had in place of prohibiting our customers from targeting their ads based on sensitive categories such as race or religion.
Protecting Your Data
We take the protection of your personal information very seriously. We have added additional security to protect your private data.
- Improving Our Privacy and Security Processes. We continue to improve and formalize our processes to assess privacy and security risks during product development, so that we can implement security and privacy by design. For example, a cross-functional LinkedIn privacy and security team works with product and engineering teams to assess and test products throughout our product development lifecycle. Since the second quarter of 2014, all new products have gone through this more rigorous security and privacy review.
- Enhancing Our Security Practices. To improve security, we have implemented enhanced security practices such as implementing HTTPS by default for the LinkedIn service in most countries and STARTTLS (which allows for encryption of data channels)for SMTP communications (the internet standard for electronic mail). In addition, to test ourselves, we hired a third party to challenge our security on some important features.
- Internal Access. To improve your privacy, we have tightened internal access controls to protect member’s private data.
Retention and Deletion of Your Data
It’s important that you have control over your data, even if you decide that you no longer want be a member.
Third Parties’ Access To Data About You
It is equally important that you know about and have control over the access third parties have to data about you.
- New Monitoring of API Uses by Third Parties. Like many online services, LinkedIn has an Application Programming Interface (“API”) program, which allows third-party developers to access personal information with the consent of our members. We have always provided members with granular controls to revoke this consent. We have always had a practice of terminating third parties who materially breach these API terms, but to further enhance security, we have added new ways to monitor these third-party developers’ use of these API’s and provided more information to developers about security best practices. We have also made technical changes, such as adding further limits to authorization token exchanges, ensuring all API URLs returned in API responses default to using https protocol (which makes it more difficult for hackers and others to track users), and reducing the permissible number of daily connection requests.
Simpler is better. We try to be clear, simple and transparent when explaining what we do with your data.
- Update of Our User Agreement. We have also re-written our User Agreement to make it easier to read and understand, including cutting the length by half and using more plain language throughout.
- Updates of Other Disclosures. In many instances, we expanded our disclosures about products in numerous relevant ways. For example, with regard to Groups, we revised our Groups Terms of Service, enhanced explanations in Group settings, and expanded in-line descriptions. We have also added further information about other features such as search, messaging, social plugins, our premium products, introductions feature, endorsements and recommendations, company pages, use of member IDs, and integrations with third parties such as Twitter.
 LinkedIn Ireland is the company that contracts with our members to provide LinkedIn’s services outside of the U.S.