The Berlin Regional Court found LinkedIn's ignoring of "Do Not Track" signals and publishing of profiles without permission to be illegal. The ruling supported consumer control over personal data.

The court found that LinkedIn cannot ignore “Do Not Track” signals sent by users’ browsers. These signals allow internet users to opt-out of having their online activities tracked. Despite receiving these signals, LinkedIn still announced on its website that it engages in tracking for analysis and marketing purposes. The court said this communication is misleading, as LinkedIn is legally required to respect the Do Not Track requests.

Additionally, the court banned LinkedIn from automatically making users’ profiles publicly visible when they first create an account. This “Profile Visibility” default setting published users’ information without their consent, violating data protection regulations. Users must expressly agree before their profiles can be visible to non-members.

    • lemmyvoreEnglish
      178 months ago

      What do you mean? The setting is still present in the latest Firefox and Chrome.

      • @tal@lemmy.todayEnglish
        48 months ago

        I don’t know whether DNT is deprecated or not, but “deprecated” doesn’t mean “not present”. It means that it’s no longer something that one should use, but remains present. A deprecated thing might be removed in the future, but while being deprecated, it remains present.

        https://en.wikipedia.org/wiki/Deprecation

        In several fields, especially computing, deprecation is the discouragement of use of some terminology, feature, design, or practice, typically because it has been superseded or is no longer considered efficient or safe, without completely removing it or prohibiting its use. Typically, deprecated materials are not completely removed to ensure legacy compatibility or back up practice in case new methods are not functional in an odd scenario.

        It can also imply that a feature, design, or practice will be removed or discontinued entirely in the future.[1]

    • ThomasEnglish
      438 months ago

      If you tell LinkedIn they do something illegal, they’ll just ignore you. If you ask a court to tell them, they’ll at least have to make a calculation what is cheaper: complying with a court order (less profit from using your data) or ignoring it (more legal fees). We will soon know.

      • @anlumo@feddit.deEnglish
        108 months ago

        Considering how comically low these fines are, we all know the answer to that one.

        • @Opafi@feddit.deEnglish
          318 months ago

          Actually, gdpr violation fines are ridiculously high, so at least there’s hope that they’ll consider complying.

          • Blue and OrangeEnglish
            108 months ago

            So they should be. Not respecting user privacy should be incredibly costly!

          • admiralteal
            88 months ago

            One day I hope a regulator just gets to do day fine minimums.

            “The fine for violation is €x OR 120 days of gross profits, whichever is larger.”

            • snooggums
              118 months ago

              Fuck gross profits.

              Just gross. All income. Make it actually hurt.

            • @ChrisLicht@lemm.eeEnglish
              88 months ago

              I was at a company where something shitty we did was eventually fined seven figures by federal regulators, and the CEO laughed because we made that in a month of doing it.

              Here’s how it works:

              1. You commit the shitty act for as long as you can, until the regulators finally catch on and/or have enough of the violation(s).

              2. You hire a specialty lawyer who was a senior attorney or management at the regulator before shifting to private practice. That lawyer negotiates with his former co-workers/employees for six to nine months, then comes back with your deal.

              3. Your fine in the deal looks like a big number in a regulator press release, but is usually <25% of the profits you’ve made off the shitty act.

              4. If you’ve been particularly bad and you’re considered to be dicks, your deal might include a consent decree that attaches to the company and sometimes the execs personally. This is often just an annoyance for big companies, but can be bad for smaller companies whose execs really don’t want to be personally named, so you’ll sometimes see companies negotiate for a higher fine in exchange for removing execs’ personal names from the decree.

              5. You pay the fine, sometimes in installments, and do the lightest possible rework of your business practices to bring you into compliance, and drive on. If you’re under a consent decree, you’re a bit more disciplined about reforming your practices. Otherwise, you look forward to the day when the consent decree ends, and you can backslide into the bad behavior again.

        • @albert180@feddit.deEnglish
          68 months ago

          It’s not the Irish data “protection” agency which views their task to be as lax as possible to attract companies and has to get sued to even act and fine companies violating the rules

    • lemmyvoreEnglish
      168 months ago

      This is civil law, not criminal. It needs to be brought to court, otherwise if everybody just quietly ignores it it can go on forever unchallenged. Which is exactly what has happened so far: technically, ignoring “do not track” is in breach of GDPR but it’s pretty hard to prove that a company does it. What’s different about this case is that LinkedIn publicly declared they ignore it, which made it an open and shut case. And now that they got the ball rolling it’s going to be easier to go after other companies.