GDPR and LinkedIn Profile Views: A Guide to Your Data Access Rights in the EU

Overview

Have you ever wondered who's been checking out your LinkedIn profile? For years, LinkedIn has offered a premium feature called 'Who's Viewed Your Profile' exclusively to paying subscribers. But according to a recent legal complaint by the digital rights group None of Your Business (NOYB), this practice may be violating the European Union's General Data Protection Regulation (GDPR). The complaint, filed in an Austrian court, argues that LinkedIn's paywall on profile visitor data contradicts Article 15 of the GDPR, which grants individuals the right to access their personal data. This guide will walk you through the issue, your rights, and the steps you can take to request your data—even if you're using a free account.

Understanding this topic is crucial for EU users who want to exercise their data privacy rights. We'll cover the prerequisites, provide a step-by-step process for filing a Data Subject Access Request (DSAR), highlight common mistakes, and summarize the key takeaways. Whether you're a LinkedIn free user or a premium subscriber, this guide will help you navigate the intersection of social media and GDPR.

Prerequisites

Before diving into the steps, ensure you have the following:

• A LinkedIn account – either free or premium; the steps apply to both.
• Residence in the European Union – the GDPR protects individuals in the EU, regardless of nationality.
• Basic understanding of GDPR – specifically Article 15 on the right of access.
• Email access – to send a DSAR and receive LinkedIn's response.
• Patience – companies have up to one month to respond to DSARs under GDPR.

Step-by-Step Instructions

Understanding GDPR Article 15

Article 15 of the GDPR gives you the right to know what personal data a company holds about you, including how it was collected, processed, and shared. This includes data like who viewed your LinkedIn profile. LinkedIn's 'Who's Viewed Your Profile' feature tracks visitors, and that information is considered your personal data. Under Article 15, you can request this data for free, but LinkedIn currently only provides it to paying subscribers through its Premium plans (starting at €30/month in the EU).

The 'Who's Viewed Your Profile' Paywall

LinkedIn introduced the visitor list around 2007, later restricting it to premium users. Free users can see only the last five visitors (provided those visitors haven't opted for anonymity) and can also choose to browse anonymously. NOYB argues that this paywall creates a contradiction: LinkedIn denies free users access to their own data citing data protection, yet sells the same data to premium users. This selective access may violate the GDPR.

How to File a Data Subject Access Request (DSAR)

To request your profile visitor data, you must send a formal DSAR to LinkedIn. Here's how:

1. Log in to your LinkedIn account and go to your Settings & Privacy page.
2. Navigate to the Data Privacy tab.
3. Click on Request an archive of your data. LinkedIn provides a form to download selected data, but for a full DSAR, you may need to use email.
4. Prepare a clear request via email to privacy@linkedin.com. State that you are exercising your right of access under Article 15 GDPR and want a list of all profile visitors (including their names, profiles, and timestamps) for your account.
5. Include your full name, LinkedIn profile URL, and any relevant account details.
6. Send the email and keep a copy for your records.

Template DSAR Email

Use this template for your request:

Subject: Data Subject Access Request – LinkedIn Profile Visitor Data

Dear LinkedIn Data Protection Officer,

Pursuant to Article 15 of the General Data Protection Regulation (GDPR), I hereby request access to my personal data held by you. Specifically, I request a complete list of individuals who have viewed my LinkedIn profile, including their full names, profile URLs, and the dates/times of each visit, for the period from [start date] to [end date] or for the entire history if possible.

My details:
- Full name: [Your Name]
- LinkedIn profile URL: [Your Profile URL]
- Email associated with account: [Your Email]

Please provide this information in a commonly used electronic format. If you deny or limit this request, please state the legal basis for doing so under the GDPR.

Thank you.

[Your Name]

What to Do If LinkedIn Refuses

LinkedIn may argue that providing visitor data violates other users' privacy. If they refuse your DSAR, you can take these steps:

• Request a written explanation of the refusal, citing specific GDPR exemptions.
• If unsatisfied, file a complaint with your national data protection authority (e.g., the CNIL in France or the Austrian DPA).
• Consider joining NOYB's legal action or similar collective complaints.

Remember, the burden is on LinkedIn to prove that denying access is lawful.

Common Mistakes

Confusing Opt-Out with Access Denial

Many users think that by turning on anonymous browsing (Settings > Visibility > 'Visibility when viewing other profiles' > 'Private mode'), they can avoid sharing their own visit data. While this hides your visits from others, it does not prevent you from requesting your own data. You still have the right to know who visited you, even if you choose to be anonymous.

Assuming Free Account Shows Full List

Free users often rely on the 'last five visitors' widget and assume that's all the data LinkedIn has. In reality, LinkedIn stores the full history for all accounts, but only displays a subset for free tiers. Your DSAR should request the complete list.

Not Keeping Records

When filing a DSAR, always save your sent email and any responses. If you need to escalate to a data protection authority, you'll need proof of your request.

Waiting Too Long to Follow Up

LinkedIn has up to one month to respond. If you hear nothing, send a polite follow-up after 30 days. Extended delays can be reported as a violation.

Summary

LinkedIn's practice of restricting access to profile visitor data behind a paywall is being challenged under the GDPR by NOYB. As an EU user, you have a legal right to this data for free under Article 15. By filing a proper Data Subject Access Request, you can assert that right. Understand the interplay between privacy settings and access rights, avoid common mistakes like confusing opt-out with denial, and be prepared to escalate if necessary. The outcome of NOYB's complaint could set a precedent for how social media platforms handle personal data access in the EU. In the meantime, don't hesitate to exercise your rights – your data belongs to you.