A good lawyer can probably make the case that the profiles you view if tracked is your data that you are allowed to see under GDPR. But claiming that knowing who views you is part of GDPR seems like a big stretch.
Better for them to focus on the companies that don't allow you to opt out of what should be considered optional tracking without paying them.
You have a right under the GDPR to get a copy of all data associated with you PII data. Not just your PII data, but every table where PII is a field, or is transitively joinable. If they can provide somebody else something with your name associated with it, they have to provide it to you
I also don't understand what principle they have behind the GDPR claim. On LinkedIn you have some control on the visibility of your profile, and most infomation can be hidden if you want to (?!)
Buy when others see your profile, feels to me not different from a public addressbook lookup.
I used to handle DSAR requests for one of the big 4, we'd redact the names of other people on joint accounts / mortgages / etc. Obviously the requestor would know these (I hope), but someone elses name is not your personal data. We redacted those names to be compliant with GDPR, so I dont think there's any case here.
If anything the case could be made that sharing the names of who viewed your profile when you pay for premium is a GDPR breach, but I dont use LinkedIn so don't know if theres any way to opt out of this. If there is (i.e private profile), then under GDPR it's fine. Still a bit scummy but like its LinkedIn, its purpose is networking, best route here is not using it, not trying to make the argument that other peoples personal data is yours because its somewhat related.
Great that someone is taking action! It seems more often then not the GDPR is not taken serious and is violated without repercussions. This is a great case because the data ends up public facing. Sadly a lot of violations of the GDPR are difficult to discover or check.
Not entirely convinced who viewed your profile falls under your personal information
Source: used to handle DSAR requests for one of the big 4 banks, we'd redact all names that weren't the requestors, even names on a joint account they'd obviously know
Potential argument under GDPR you could request LinkedIn to not share who's profiles you are viewing, but thats a separate issue
Actually the GDPR definition of personal data is very wide, a bit to wide in my opinion (one of the reasons GDPR is not always taken serious) but that is a different topic.
IANAL but the way I read it is that any data that can be linked with you as a natural person could be considered personal data.
Therefore if LinkedIn is saving a log in a database similar to: "profile x viewed person y" and profile y has your name that would qualify as personal data in my view.
Especially interesting is the section "Personal data and the purpose for processing" since LinkedIn is selling access to the data of who viewed your profile the perspective of if it is or is not personal data may be shifted.
A good lawyer can probably make the case that the profiles you view if tracked is your data that you are allowed to see under GDPR. But claiming that knowing who views you is part of GDPR seems like a big stretch.
Better for them to focus on the companies that don't allow you to opt out of what should be considered optional tracking without paying them.
You have a right under the GDPR to get a copy of all data associated with you PII data. Not just your PII data, but every table where PII is a field, or is transitively joinable. If they can provide somebody else something with your name associated with it, they have to provide it to you
I also don't understand what principle they have behind the GDPR claim. On LinkedIn you have some control on the visibility of your profile, and most infomation can be hidden if you want to (?!)
Buy when others see your profile, feels to me not different from a public addressbook lookup.
I used to handle DSAR requests for one of the big 4, we'd redact the names of other people on joint accounts / mortgages / etc. Obviously the requestor would know these (I hope), but someone elses name is not your personal data. We redacted those names to be compliant with GDPR, so I dont think there's any case here.
If anything the case could be made that sharing the names of who viewed your profile when you pay for premium is a GDPR breach, but I dont use LinkedIn so don't know if theres any way to opt out of this. If there is (i.e private profile), then under GDPR it's fine. Still a bit scummy but like its LinkedIn, its purpose is networking, best route here is not using it, not trying to make the argument that other peoples personal data is yours because its somewhat related.
Not surprised this is LinkedIn.
Great that someone is taking action! It seems more often then not the GDPR is not taken serious and is violated without repercussions. This is a great case because the data ends up public facing. Sadly a lot of violations of the GDPR are difficult to discover or check.
Not entirely convinced who viewed your profile falls under your personal information
Source: used to handle DSAR requests for one of the big 4 banks, we'd redact all names that weren't the requestors, even names on a joint account they'd obviously know
Potential argument under GDPR you could request LinkedIn to not share who's profiles you are viewing, but thats a separate issue
Actually the GDPR definition of personal data is very wide, a bit to wide in my opinion (one of the reasons GDPR is not always taken serious) but that is a different topic.
IANAL but the way I read it is that any data that can be linked with you as a natural person could be considered personal data.
Therefore if LinkedIn is saving a log in a database similar to: "profile x viewed person y" and profile y has your name that would qualify as personal data in my view.
https://gdpr.eu/eu-gdpr-personal-data/
Especially interesting is the section "Personal data and the purpose for processing" since LinkedIn is selling access to the data of who viewed your profile the perspective of if it is or is not personal data may be shifted.