LinkedIn Faces GDPR Scrutiny Over Paid Profile View Data and Access Rights Dispute

LinkedIn’s premium feature that reveals who has viewed a user’s profile has become a lucrative hook for its subscription business, but it also sits at the heart of a fresh GDPR complaint filed by the privacy group noyb. The organization alleges that the social network violates Article 15, which guarantees individuals the right to access any personal data the controller holds. By limiting the visitor list to paying members and refusing a standard data‑access request, LinkedIn appears to treat the same information as both a commercial product and a protected personal record, prompting regulators to take a closer look.

Legal experts point out that GDPR’s consent regime requires a clear, affirmative opt‑in before processing personal data for marketing or profiling. LinkedIn’s current model, which records every profile visit and only offers an opt‑out, runs counter to that standard and could be deemed unlawful processing. Moreover, Article 15 does not differentiate between data collected for internal analytics and data sold as a premium service; the law obliges the controller to provide the data free of charge when the data subject requests it. If the complaint succeeds, LinkedIn may have to redesign its tracking architecture and open the visitor list to all users on request.

The dispute signals a broader regulatory shift toward cracking down on data‑monetization practices that sideline user rights. European data‑protection authorities have already fined firms for charging for access to personal information, and a ruling against LinkedIn could set a precedent that forces other platforms to separate premium features from GDPR‑covered data. Companies should audit their consent flows, ensure opt‑in mechanisms for any profiling, and prepare to honor access requests without additional fees. Staying ahead of these compliance demands will be critical as the EU tightens enforcement across the digital economy.