LinkedIn Accused of GDPR Violation Over Paid Profile Visitor Data Access

Introduction

LinkedIn, the professional networking platform owned by Microsoft, is facing a legal challenge from the digital rights group None of Your Business (NOYB). The complaint, filed in an Austrian court, alleges that LinkedIn’s practice of reserving the ‘Who’s Viewed Your Profile’ feature exclusively for paid subscribers violates the European Union’s General Data Protection Regulation (GDPR). Specifically, NOYB argues that this policy denies free users their right to access personal data, as guaranteed under Article 15 of the GDPR.

Source: www.computerworld.com

Background: NOYB’s History with Tech Giants

NOYB, founded by privacy activist Max Schrems, has a track record of challenging major technology companies over data practices. In 2025, the group’s complaints led to a €325 million ($381 million) fine against Google by France’s privacy regulator, the CNIL, for alleged violations related to data collection and advertising. This latest action against LinkedIn underscores NOYB’s ongoing mission to enforce GDPR compliance across the digital landscape.

The Contradictory Policy at Issue

LinkedIn introduced the ability for users to see who viewed their profiles around 2007. Later, the company made this feature a paid perk—a move that pre-dated the GDPR, which came into force in 2018. According to NOYB, this commercialization creates a paradox. Under GDPR, EU citizens have the right to access their personal data, including information about who has visited their profile. However, when non-paid users submit a formal Data Subject Access Request (DSAR) to obtain this data, LinkedIn refuses, citing data protection concerns for other users.

Yet, if a user subscribes to LinkedIn Premium Career (starting at €30 per month, or $40 in the US), the same data becomes instantly accessible. NOYB’s press release calls this “particularly absurd,” noting that LinkedIn is using a supposed “data protection interest” to deny a fundamental GDPR right. In the group’s view, the policy is contradictory: either the data should be inaccessible to everyone, or—if visitors understand their visits are recorded—it must be disclosed freely under Article 15.

NOYB’s Core Argument

NOYB contends that LinkedIn’s paywall effectively monetizes a legal right. The group claims that limiting access to profile visitor data undermines the incentive for users to pay for the feature, and therefore LinkedIn is deliberately restricting access to data that should be freely available. “Either the data must not be accessible to anyone, or – if it is clear to the visitor that the data is visible – it must also be disclosed in accordance with Article 15 GDPR,” NOYB stated.

The User’s Right to View and LinkedIn’s Defenses

LinkedIn is expected to point out that all users, including those on free accounts, have options to control visibility. For instance, users can disable the ‘Visibility when viewing other profiles’ setting in their account’s Visibility tab. Once toggled off, each profile visit is recorded as ‘Anonymous LinkedIn Member.’ Additionally, free users can see the last five visitors to their own profile, provided those visitors have not chosen anonymity.

Source: www.computerworld.com

The company may argue that under Article 15, the rights of one user to know who viewed their profile conflict with the privacy rights of other users who may not want their browsing activity disclosed. This tension, LinkedIn might contend, justifies the current system, where paid subscribers get full access while others receive limited or anonymized data.

LinkedIn’s Official Response

When contacted for comment, a LinkedIn spokesperson issued a statement (not fully quoted here) emphasizing the company’s commitment to privacy and legal compliance. The company will likely argue that its practices align with GDPR requirements, as users are informed about data collection and have the ability to control their own visibility.

Implications for GDPR Enforcement

The case, now before the Austrian Data Protection Authority, could set a precedent for how social media platforms handle access to personal data. If NOYB prevails, LinkedIn may be forced to provide profile visitor information to all EU users without charge, potentially disrupting its premium subscription model. The group is also calling for fines to prevent future breaches.

At its core, the dispute highlights a broader tension between commercial interests and data privacy rights. As GDPR continues to shape digital business practices, this case serves as a reminder that companies must carefully balance monetization strategies with the legal requirements of data protection.

This article is for informational purposes only and does not constitute legal advice.

Tags: