The General Data Protection Regulation (GDPR) is a comprehensive European data protection law that provides greater data rights for individuals, including LinkedIn members. At LinkedIn, we take a members-first approach in the way we build products and work with our partners and customers.
Members have control over how LinkedIn uses their data for personalized ads, including measurement and improvement, through their ad settings. LinkedIn serves ads that are “personalized” which means we use the data that our members allow us to use to try to make the ads we serve our members (whether shown on or off LinkedIn) relevant to them. This includes measuring how ads perform (such as clicks and views) and using what we learn to improve our ad tools to make them more effective. The reports we share with customers only include aggregated data about ad performance.
a. Data from LinkedIn
For personalized ads, LinkedIn uses some personal data on an opt-out basis and other personal data on an opt-in basis.
Opt-out (Legitimate Interest): Unless members opt out in their ad settings, LinkedIn uses data from their LinkedIn profile (such as their city, employer, industry, education, skills - whether explicit or inferred - or job type) to show and measure ads. The reports we share with customers are aggregated data about ad performance (such as ad views by company or ad clicks by job types).
Opt-in (Consent): For members residing in the Designated Countries, we need member consent to also use the following data for personalized ads, including measurement and improvement:
- Inferred City Location: LinkedIn infers member city based on member IP address. We do not use member precise location to target ads.
- Inferred Gender and/or Age Range: We infer these from member LinkedIn profiles (such as name and graduation dates). We don’t permit advertisers to target job ads by age or discriminate based on gender.
- LinkedIn Activity Data: Member activity on LinkedIn (such as your searches and engagement with jobs, ads and company content).
- Inferred Interests and Traits: We infer member interests and traits based on their LinkedIn profile and activity on LinkedIn. These do not include special categories of personal data, but can include inferred attributes such as expat, frequent traveler, job seeker, and more. We do not infer interests or traits from member “Off-LinkedIn Data.”
b. Off LinkedIn Data
“Off LinkedIn Data” refers to data provided to LinkedIn from others for personalized ads, including measurement and improvement. When LinkedIn shares ad reports with advertising customers, LinkedIn only includes aggregated data that does not identify its members.
LinkedIn does not use this Off LinkedIn Data to infer “Interests or Traits” about members or link it to their iOS LinkedIn app activity data (e.g. build or enhance profiles).
LinkedIn needs a member’s consent to use “Off LinkedIn Data” that we can connect to members for ads.
- Ad Partner Data for Ads Off LinkedIn: Ad exchanges and other partners (such as site and app publishers) provide data (such as cookies and ad IDs) about visitors to their sites and apps. LinkedIn uses this data to recognize our members and decide whether to bid to place ads on other sites and apps. If we serve an ad off LinkedIn (such as on the LinkedIn Audience Network), we measure the ad performance of theseads (such as views and clicks) and include them in our aggregate reports for advertisers and use that information to improve our ad tools.
- Advertiser Data for Ads (Matched Audiences): Advertisers provide LinkedIn data (such as name, contact, or site visit info) about their users to help LinkedIn show ads to these and similar audiences. LinkedIn measures the performance of these ads (such as views and clicks) and include them in our aggregate reports for advertisers that do not identify members, and also uses that information to improve our ad tools.
- Advertiser Data to Measure Ad Success (Conversion Tracking): Advertisers provide LinkedIn data about actions taken in response to ads (such as website visits, sign-ups and purchases). If we can connect this data to our members, we match it to data about ads we’ve shown so that we can measure ad performance. We also use that information to improve our ad tools, subject to the LinkedIn Ads Agreement. We generate ad reports for advertisers that measure ad performance (such as the conversion of an ad into a sale). These aggregated reports do not identify members.
Members can control the use of their data for these purposes through their ad settings at any time.
Deletion of data: Personal data that is stored by advertisers in LinkedIn Campaign Manager is automatically deleted regularly; within 30 days with respect to contact lists (e.g., hashed emails), rolling 90 days for audiences created based on the contact lists (if not actively used by the customer), 365 days for data submitted in Lead Gen Forms, 180 days for pseudonymized website visit data and offline conversion data, and within 12 months for CRM data, unless it is modified by the advertiser.
Important to know
LinkedIn recommends that customers get advice from their own counsel regarding GDPR applicability to their ad activities.
In-product consent interstitial for members in Designated Countries
The following is the in-product consent interstitial that will be shown to members in the Designated Countries (not expanded):
The following is the in-product consent interstitial that is fully expanded:
Frequently Asked Questions
- Customers are responsible for legal compliance for any personal data they provide to LinkedIn and should ensure they have a legal basis and right to provide LinkedIn any personal data (including hashed email form) for advertising purposes on LinkedIn. Customers are also responsible for the content of their ads, including GDPR compliance for any personal data contained in the ad, and any personal data that they may gather in response to their ads, including a recipient providing contact information. LinkedIn recommends customers get advice from their own counsel regarding the applicability of the GDPR to their ad activities. Matched Audiences will only match members who have opted in from the EU, EEA, UK or Switzerland and members who have not opted out from other countries.
- In many cases, customers will not need to take any additional action to use LinkedIn's Sponsored Messaging products. However, if customers are providing personal data to LinkedIn to target Sponsored Messaging, customers should ensure that they have a legal basis and right under GDPR to provide LinkedIn any personal data (even in hashed email form) for advertising purposes. It should be noted that customers are always responsible for any personal data contained in the ad, and customers are responsible for any personal data that they may gather in response to their ads, including a recipient providing contact information. LinkedIn recommends customers get advice from their own counsel regarding the applicability of the GDPR to their activities. See also LinkedIn Sponsored Messaging in the European Union.
- Products such as the Insight Tag, Conversions API, and Revenue Attribution Report will adjust to consented member data only based on members’ preference in their ad settings. Basic Campaign Manager business reporting metrics (for example, first party analytics and measurement based on ads targeted on profile data, like total clicks and impressions) will still be available under legitimate interest.
- LinkedIn continues to offer the same types of reporting, including campaign professional demographics and conversion tracking. Members in the Designated Countries will be invited to opt-in to conversion tracking and all members can manage their preferences in their ad settings.
- LinkedIn uses a model to estimate conversions in instances where a conversion is no longer observable due to industry-wide privacy change or member setting selections.
- Lead Gen Forms are a valuable way for potential users to express interest in an advertiser’s products and services. In most cases our lead gen customers will not have to take additional action to comply with GDPR when it comes to targeting users with Lead Gen Form ads because LinkedIn is already working behind the scenes to manage GDPR compliance. That said, keep in mind that customers are always responsible for the content of their ads, including GDPR compliance for any personal data contained in the ad, are responsible for any personal data that they may gather in response to their ads, including personal information users provide in the Lead Gen Form, and are responsible for GDPR compliance for any personal data that they provide to LinkedIn to target an ad.
- We have updated Lead Gen Forms to better call out the customer's privacy policy and how it will use the data, along with the users' consent to it, as described here. In addition, members are able to revoke their lead gen submission and have their data deleted from LinkedIn at any point during the 365-day period that lead gen data is stored. LinkedIn recommends that customers get advice from their own counsel regarding GDPR applicability to their ad activities.
- Advertisers should include descriptions of how they use data with consent checkboxes when creating their new Lead Gen Forms. This is reflected in the advertisers' preview during form creation.
- Customers can have members see one or more opt-in checkboxes above the blue “Submit” button when they submit information on a Lead Gen Form. Members are presented a new consent screen in their privacy settings. This allows members to revoke their consent on a per lead basis, as long as the submission occurred fewer than 365 days prior. Lead data is deleted from LinkedIn's servers automatically after 365 days, so advertisers must download or pass their leads from LinkedIn to their own third-party tool beforehand.
- Regardless of whether a customer has sought and received permission from its audience to target ads to them using personal data (such as email addresses), a member's personal data sharing preferences (their ad settings) on LinkedIn ultimately determine whether the advertiser is allowed to use such data to target that member with ads on the LinkedIn platform.
- Advertisers need to comply with the law at all times. Advertisers who have concerns about whether their data is GDPR compliant should address these matters with their own legal counsel.
- Opt-out (Legitimate Interest): Unless members opt out in their ad settings, LinkedIn uses data from their LinkedIn profile (such as their city, employer, industry, or job type) to show and measure ads.
- Matched Audiences (retargeting audiences) require GDPR consent from members in the European Economic Area (EEA), Switzerland and UK for member-level matching. LinkedIn will only match to those members who have provided consent and those who have not opted out globally.
- Modeled audiences, such as predictive audiences, audience expansion and accelerate audiences, require GDPR consent from members in the EEA and Switzerland to use certain first-party ads data to generate an audience.
- Please note, LinkedIn disables targeted advertising to members in the European Union that may be under the age of 18.
Members will need to opt-in to receive ads on the LinkedIn Audience Network. The targeting of ads (whether on LinkedIn or the LinkedIn Audience Network) also requires opt-in consent from residents of the European Economic Area (EEA) and Switzerland. Publishers are also required to comply with the GDPR to the extent they collect or use personal data of residents of the EEA or Switzerland. It is the responsibility of each individual publisher to remain compliant with the GDPR.
Yes. Refer to our Trust and Compliance page for a comprehensive list of industry standard certifications to validate our commitment to members first. Our members entrust us with their information every day and we take their security seriously. We follow industry standards and have developed our own best practices.
Please take time to familiarize yourself with the LinkedIn Data Processing Agreement (DPA) to see how you and LinkedIn process data when using LinkedIn products. Please also refer to the European Regional Privacy Notice for more information.
All materials have been prepared for general information purposes only; they are intended to permit you to learn more about LinkedIn's position on GDPR. The information presented is not legal advice, is not to be acted on as such, may not be current, and is subject to change without notice.