Linkedin – Court Ruling (Netherlands, 2024)
A court in the Netherlands ruled that LinkedIn and its partners collected personal data without user consent by placing tracking cookies. Despite users refusing cookies, many were still tracked across websites. This ruling serves as a reminder for companies to respect user privacy choices regarding cookies.
What happened
LinkedIn and its partners placed tracking cookies on users' devices even after they refused consent.
Who was affected
Users who visited websites that used LinkedIn's advertising services were affected by the unauthorized tracking.
What the authority found
The court held that LinkedIn and its partners violated GDPR rules by failing to obtain valid consent for placing cookies on users' devices.
Why this matters
This ruling highlights the need for companies to ensure they have proper consent mechanisms in place for tracking technologies. Website operators should review their cookie policies to comply with privacy laws.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
Entities Involved
The data subject visited several popular websites and refused all cookies. However, tracking cookies were still placed on the data subject’s device. The controllers are Linkedin Ireland, Linkedin Netherlands, Microsoft Corporation (US), Microsoft Ireland Operations, Microsoft (NL) and Xandr (US). LinkedIn offers an advertising service and allows for companies to place tracking cookies on the browsers of a user after they view or click their ads. Microsoft has an advertising service that sells ad space on various websites. The service also allows advertisers to show their ads on the ad space of 'third-party' website operators and can place tracking cookies on the devices of website visitors. Xandr is an online platform that buys and sells digital ads. To use the services of Xandr, website users need to install a Java-script that places tracking cookies on the devices of website visitors. All of them are part of the Microsoft Group. The data subject hired a third party specialist to make an independent analysis of the controllers’ collection of personal data via the placed cookies. The analysis confirmed that out of the 30 websites the data subject visited, 27 websites placed and/or read cookies without the data subject’s consent. 24 websites did this even after explicit refusal to consent. Thus, the controllers were collecting personal data of the data subject’s browsing habits without their consent. The data subject filed an urgency procedure (“kort geding”) at the Amsterdam District Court (“Rechtbank Amsterdam”), asking the court to forbid the controllers to place tracking cookies without the data subject’s consent. Jurisdiction of the court [https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32012R1215 Brussels I bis Regulation] regulates which courts of the EU Member States have jurisdiction in cases with links to more than one Member State in the EU. [https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32012R1215 Article 7(2) Brussels I bi
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Violations (3)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Tracking cookies remain active or are re-placed even after the user explicitly rejects them.
Art. 6(1) GDPR
Third-party tracking cookies or scripts are loaded without obtaining prior user consent.
Art. 13, 14 GDPR
Related Cases (0)
No other cases found for Linkedin in NL
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Linkedin - Netherlands (2024). Retrieved from cookiefines.eu
Last updated: