The curious flows of your LinkedIn data

The curious flows of your LinkedIn data

“Privacy matters,” states LinkedIn in relation to our online data protection. In the context of the data-driven economy, reconciling good intentions, reality and privacy frameworks is not always easy. This blog gives some hints as to why this is the case.

On June 7 LinkedIn announced changes to its privacy policy. The sweet-sounding subtitle “Your privacy matters” tries to convey the message that the LinkedIn team does care about our online data protection. However, having put the policy into the context of the data-driven economy, I have run into some difficulties with reconciling good intentions, reality and privacy frameworks (in particular the upcoming GDPR). This blog explains some of them.

The policy contains a typical set of privacy-related provisions, informing users about the ways in which their data is collected and used. The aim is to manage expectations and to show how users themselves can influence data processing on the platform.

A comparison of the text of the new privacy policy with an earlier policy from 2014 indicates several key changes. For example, the new policy describes the sophisticated data analytics (the so-called machine learning) performed on users’ communication data, refers to the self-regulatory principles in relation to possible social experiments, informs about enhanced data coupling and foresees location data processing.

Online services are increasingly becoming data-driven and LinkedIn’s new privacy policy reflects these changes. Internally generated data does not suffice anymore – additional data being provided by various third parties seems to have become a must. Also LinkedIn enriches their own databases with data flowing from data brokers such as Acxiom (see paragraph 2.4 of their policy). This means LinkedIn might know more about you than you would like them to. To illustrate: you might be silent about your health issues while applying for a new job, but a data broker might hold the data about your visits to the doctor and this same data could later be merged with your profile information on LinkedIn. This can be reflected in an ad that is presented to you on the platform. But can you be sure that LinkedIn does not couple data in a way that affects you negatively in the job hunting process? Let us assume that an employer decides to base his candidate search on LinkedIn’s How you rank feature, which compares professionals within the same network. For some reason, your rank is low. Could it be the health issue information coming from the third-party source that’s behind the disappointing score? This is impossible to say unless you know the algorithm and metrics that LinkedIn used to calculate the score. (A disclaimer: LinkedIn recently removed the feature from the platform.)

Another aspect of the data-driven economy is the interoperability of services and their mutual integration. A post recently went viral on Twitter claiming that LinkedIn’s Rapportive app revealed users’ profiles regardless of the fact that some users had had their profile visibility turned off. Opening profiles to all sorts of services is something that LinkedIn enables by default. This is a problematic point of departure to say the least. An opt out is of course possible, but how likely is it that everyone is aware of that option and capable of effectively setting the mode in the way he or she prefers to? The recently adopted GDPR clearly supports the idea of individual control by giving users the so-called big data protection rights (data portability, the right to be forgotten, the right to access etc.). While they look promising on paper, they might turn out to be toothless in practice. Technical feasibility is critical. (At this point it should be noted that LinkedIn’s policy does put some effort into making controls more approachable by providing users with clear instructions and means to change settings and/or download their data (see for example paragraph 4.2 on the access options)).

Lastly, LinkedIn has been growing rapidly. In only 13 years, LinkedIn has grown from 0 to 500 million users, meaning that it currently manages a strikingly large amount of personal data. This data is not only valuable on an individual level, but even more so on the level of a group. Through analysis of large datasets, a company is able to spot trends that pertain to the entire population. What a treasure of information! Unfortunately, exercising almost absolute control over large datasets also means that data is easier to be manipulated. In 2013, Facebook caused public outrage when it was revealed that they allowed psychological experiments. LinkedIn adopted their own internal rules to prevent such outcomes. It remains open, however, whether the self-regulatory approach poses a sufficient barrier to practices that are risky and potentially illegal. In addition, it is not entirely clear why LinkedIn makes such explicit promises not to share data with third parties. Unless users consent to this type of data processing, it is not allowed anyway.

Data can be both a treasure and a curse. It will take lots of courage, knowledge and smart regulation to make sure the former prevails.


Add a comment