GDPR (and LinkedIn)

As mentioned before if you are a business handling personal data you will need to be thinking about how you are handling the personal data that you are collecting via networking.

If you are using LinkedIn is purely for personal activities your use of LinkedIn is not subject to the articles of the GDPR.

The GDPR rules don’t apply to data processed by an individual for purely personal reasons or for activities carried out in one’s home, provided there is no connection to a professional or commercial activity. When an individual uses personal data outside the personal sphere, for socio-cultural or financial activities, for example, then the data protection law has to be respected.

Regardless of whether it is for business or personal reasons LinkedIn to connect with people. I personally use LinkedIn as a way to follow-up with people who I meet in person while networking.  I use it to message personal contacts and keep them updated (through my personal feed activity). However, if you a business using LinkedIn you may want to consider how GDPR impacts your use of LinkedIn practically.

Connection Requests on LinkedIn

As LinkedIn itself is a business social media platform for the purpose of networking, it can be argued that making unsolicited connection requests cannot be considered prohibited and can be considered legitimate business interests on the basis of reasonable expectation (by being a user of LinkedIn). I am personally still not a fan of unsolicited connection requests.  I will personally decline these automatically unless I have met you in person or if I haven’t you have also sent me a compelling introductory message.

It can be argued that there is a reasonable expectation to assume that people will want to connect and network with you as this is the purposes of LinkedIn and as an individual, you also have the ability to decline their invitation. When someone accepts your personal invitation to connect on LinkedIn, they are effectively ‘opting in’ to receive messages from you as an individual, read your status updates and be notified of your LinkedIn activities.

Whatever your personal preference – you are permitted to reach out to potential connections on LinkedIn and they have the ability to accept or decline your invitation. What is less clear is the use of InMail (by premium members). Again, it is likely that they are relying on the argument that this is covered by a reasonable expectation of legitimate business interests. From an individuals perspective you can also control your preferences there are additional layers of protection with account options enabling you to determine whether you want to receive InMails from LinkedIn members you are not connected to.

Using Contact Details found on LinkedIn

Different users set up their profile settings in different ways. However, some members will display external contact details (such as phone number or email address) which are only visible after a connection request has been accepted. These are not “public” in the true sense but you do of course have access to these details. If you use these details for the purposes of a business (when unsolicited) you will as a data controller need to show the legitimate legal basis for processing this information.

Don’t scrape the email addresses and spam. Don’t automatically add the data to a CRM system. If you are a business produce a strategy and a policy for using LinkedIn that is GDPR compliant.  Think about where and why you are keeping personal data. Think about how you are using it. Give your employees clear instructions as to what good practice looks like.

Using LinkedIn Groups and Posting Content

There is no real change in using LinkedIn groups. Individuals can choose whether or not to be members of groups and you can continue the post content in the usual way. There is also no real change to how you post content to Corporate Feeds. More people are now tagging business and individuals in posts and updates. If you are an individual and don’t want people to tag you (for whatever reason) do remember you can control your privacy and turn off this functionality.

Finally please note that this post (and the others in our GDPR series) are not legal advice and should not be relied on as such.