Linkedin – Court Ruling (Netherlands, 2024)
A Dutch court ruled that LinkedIn placed tracking cookies on users' devices even after they refused consent. This matters because it shows that companies must respect users' choices about their data. Website operators should ensure they have proper consent mechanisms in place.
What happened
LinkedIn tracked users by placing cookies on their devices without obtaining consent after users refused.
Who was affected
Website visitors who declined cookie consent but still had tracking cookies placed by LinkedIn.
What the authority found
The court decided that LinkedIn lacked a valid legal basis for processing personal data, violating GDPR rules.
Why this matters
This ruling highlights that companies must comply with user consent regarding cookies. It sets a precedent for holding tech companies accountable for tracking practices.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The data subject visited several popular websites and refused all cookies. However, tracking cookies were still placed on the data subject’s device. The controllers are Linkedin Ireland, Linkedin Netherlands, Microsoft Corporation (US), Microsoft Ireland Operations, Microsoft (NL) and Xandr (US). LinkedIn offers an advertising service and allows for companies to place tracking cookies on the browsers of a user after they view or click their ads. Microsoft has an advertising service that sells ad space on various websites. The service also allows advertisers to show their ads on the ad space of 'third-party' website operators and can place tracking cookies on the devices of website visitors. Xandr is an online platform that buys and sells digital ads. To use the services of Xandr, website users need to install a Java-script that places tracking cookies on the devices of website visitors. All of them are part of the Microsoft Group. The data subject hired a third party specialist to make an independent analysis of the controllers’ collection of personal data via the placed cookies. The analysis confirmed that out of the 30 websites the data subject visited, 27 websites placed and/or read cookies without the data subject’s consent. 24 websites did this even after explicit refusal to consent. Thus, the controllers were collecting personal data of the data subject’s browsing habits without their consent. The data subject filed an urgency procedure (“kort geding”) at the Amsterdam District Court (“Rechtbank Amsterdam”), asking the court to forbid the controllers to place tracking cookies without the data subject’s consent. Jurisdiction of the court [https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32012R1215 Brussels I bis Regulation] regulates which courts of the EU Member States have jurisdiction in cases with links to more than one Member State in the EU. [https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32012R1215 Article 7(2) Brussels I bi
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Violations (3)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Tracking cookies remain active or are re-placed even after the user explicitly rejects them.
Art. 6(1) GDPR
Third-party tracking cookies or scripts are loaded without obtaining prior user consent.
Art. 13, 14 GDPR
Related Cases (0)
No other cases found for Linkedin in NL
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Linkedin - Netherlands (2024). Retrieved from cookiefines.eu
Last updated: