Microsoft-owned professional social network, LinkedIn, is the latest to get a formal request for information (RFI) from the EU. The Commission, which oversees larger platforms’ compliance with a subset of risk management, transparency and algorithm accountability rules in its ecommerce rulebook, the Digital Services Act (DSA), is asking questions about LinkedIn’s use of user data for ad targeting.
Of specific concern is whether LinkedIn is breaching the DSA’s prohibition on larger platforms’ use of sensitive data for ad targeting.
Sensitive data under EU law refers to categories of personal data such as health information, political, religious or philosophical views, racial or ethnic origin, sexual orientation and trade union membership. Profiling based on such data to target ads is banned under the law.
The regulation also requires larger platforms (aka VLOPs) to provide users with basic information about the nature and origins of an ad. They must also make an ads archive publicly available and searchable — in a further measure aimed at driving accountability around paid messaging on popular platforms.
In a press release announcing the RFI Thursday, the Commission wrote that it’s asking for “more details on how their service complies with the prohibition of presenting advertisements based on profiling using special categories of personal data”. It also flagged LinkedIn’s requirement to provide users with ad targeting info.
LinkedIn has been given until April 5 to respond to the RFI.
Reached for a response to the Commission’s action, a LinkedIn spokesperson responded by email — stating: “LinkedIn complies with the DSA, including its provisions regarding ad targeting. We look forward to cooperating with the Commission on this matter.”
The RFI represents an early stage in a potential DSA enforcement procedure — suggesting the EU has found issues which are prompting it to ask questions about how LinkedIn adheres to the ban on sensitive data for ads but hasn’t yet established preliminary concerns which would lead it to open a formal investigation. Such a step may follow, though, if it’s not satisfied with the answers it gets.
Compliance is serious business as confirmed violations of the DSA can attract fines of up to 6% of global annual turnover. The DSA also empowers the EU to impose fines for incorrect, incomplete, or misleading information in response to an RFI.
The Commission said its RFI to LinkedIn follows a complaint by civil society organizations, EDRi, Global Witness, Gesellschaft für Freiheitsrechte and Bits of Freedom, back in February — which called for “effective enforcement of the DSA”.
LinkedIn isn’t the only platform to be in the EU’s spotlight when it comes to use of data for ads. Earlier this month, Meta, the owner of Facebook and Instagram, received an RFI from the Commission asking for more details about how it complies with the DSA’s requirement that use of people’s data for ads needs explicit consent.
A number of other RFIs have also been fired at VLOPs by the EU since the regulation began to apply on them in August last year.
The Commission has said its enforcement is prioritizing action on illegal content/hate speech, child protection, election security and marketplace safety.
Earlier today it announced its first formal investigation of a marketplace, Alibaba’s AliExpress, citing a long list of suspected violations. It also has two open probes of social media sites X and TikTok — raising another string of concerns, such as around illegal content and risk management; and content moderation practices and transparency.
Add to that, today the Commission dialled up scrutiny on how tech giants are responding to risks related to generative AI, such as political deepfakes — sending a bundle of RFIs, including with a eye on the upcoming European Parliament elections in June.