LinkedIn profile visitor lists belong to the people, says Noyb(www.theregister.com)

131 pointsby robin_reala4 hours ago12 comments

strictneina minute ago
[delayed]
menno-sh3 hours ago
Oh I LOVE this, we can't have enough of these privacy-focused non-profits making tech companies' lives difficult. They have such a strong argument here, too. I can imagine that whoever came up with this is very pleased with theirselves, and rightfully so.
- k33n2 hours ago
  [flagged]
  - robin_reala2 hours ago
    It’s about having rights, and exercising them. If companies find that difficult to work with then they’re not even hitting the minimum baseline.
    shimman26 minutes ago
    Also why should we allow such companies to exist if the vast majority of people don't like their actions? There's no fundamental right to starting a business, so might as well make businesses socially acceptable rather than fucking the public for profit.
  - greggoB2 hours ago
    > It’s a very European concept, that making life difficult is a worthy pursuit
    This is an incredibly bold statement, and something I really cannot relate to having lived in Europe for over a decade.
    It comes across as more of a knee-jerk reaction from someone who believes oversight or accountability of any kind is by definition a needless burden.
    k33n2 hours ago
    [flagged]
    jmkd2 hours ago
    So you don't want to be accountable to users, or to bureaucrats? If you had to choose one who would it be?
    skeeter2020an hour ago
    Might be tough for a Florida-man to understand but there's a difference between being bold and being an a-hole.
    Pay0844 minutes ago
    Yeah, that's a very... interesting definition of "bold". One might argue that since operating inside a regulated environment is so out of his comfort zone, setting up shop in the EU would be the bold thing to do.
    greggoB2 hours ago
    Nobody's holding a gun to your head, you're welcome to setup shop in the most anarchist society you can find. Good luck with whatever version of "operating" you're able to manage while there :)
    vrganj44 minutes ago
    You do know that "the bureaucrats" is just a slur for our democratically elected government, right?
    In other words, the will of the people.
    shimman25 minutes ago
    Yeah but the opponents of the people literally believe democracy is bad and want to go back to monarchism in the form of unaccountable CEO kings that decide the will of the people.
    Sadly this is like half the tech workforce too. People too brainwashed to see how destructive their work is to the world.
    vrganj7 minutes ago
    I believe it is up to the other half to stand up for decency, for democracy and for the rule of law.
    Don't be quiet, don't just let things happen. Use your voice while you still have it!
  - atwrk2 hours ago
    You think standing in for people's rights against the profit interests of transnational corporations means "making life difficult"? Whose life exactly? That of the CEO of Microsoft?
    fellowmartianan hour ago
    Hey, he MIGHT be that CEO one day. Currently he’s temporarily embarrassed billionaire.
    k33n2 hours ago
    > Oh I LOVE this, we can't have enough of these privacy-focused non-profits making tech companies' lives difficult.
    Literally the comment I replied to.
    an hour ago
    undefined
  - john_strinlaian hour ago
    it is a very American concept, that company interests should be placed above human interests and rights.
    malfist44 minutes ago
    Well, not all Americans. Just ones of a specific political bent that is common on this site. And the wealthy ones, because they have the money hoarding disease
    1234letshaveatwan hour ago
    [flagged]
    john_strinlaian hour ago
    a generic "europe bad" comment doesnt deserve much more than a generic "america bad" comment as a reply
  - newyankee2 hours ago
    When an entity becomes almost a monopoly, surely the rules about some behaviours should be stronger
  - embedding-shape2 hours ago
    > It’s a very European concept, that making life difficult is a worthy pursuit.
    It's really hard to understand concepts when you're internationally masking and misleading yourself.
    Obviously no one things "making life difficult is a worthy pursuit", but, doing the right thing sometimes is worth a bit of the difficulties it introduces, this is why you see moves like this.
  - harrouetan hour ago
    You don't pay them anything but you are the product, genius !
  - jbxntuehineohan hour ago
    making life difficult for _people i don't like_ is a worthy pursuit
  - well_ackshually2 hours ago
    You force yourself onto my life (because, for various reasons, most of the career listings are there for example) and then you attempt to make it miserable too, by using and abusing every FOMO tool in the box ?
    You bet your ass I'm going to make your life difficult. If you want it to stop, you're the one with the ball on your side of the court, you know exactly what to do.
    It's a very American concept, to believe you can just ignore systems and networks. The guy shitting in your yard every day doesn't go away just because you're not looking at him do it.
  - vrganj2 hours ago
    Making the lives of those that wish to exploit us and monetize our relationships on their enshittified platforms is not the same as making everyone's life difficult.
    amarcheschi2 hours ago
    I would say that they are the first that decide to make everyone's life harder on purpose, first. Trying to pay them back is the least somebody could do
- theturtlemoves16 minutes ago
  [flagged]
  - isodev14 minutes ago
    Correction, we hate making money at the expense of other peoples rights and liberties. It's kind of frustrating to have to explain that to US folks over and over again... all that "freedom" in their things is apparently very decorative.
    theturtlemoves12 minutes ago
    Depends on what you mean by right. Oftentimes it's rephrased as "The other guy's obligation".
phasefactor3 hours ago
Love it, the article referring to a statement by a LinkedIn spokesperson: "The first part of that statement is false, as you can see from the screenshot above. Given the obvious untrustworthiness of that half of the statement, we didn't bother wasting any time trying to evaluate the second part."
- elsjaakoan hour ago
  To be technically correct: if even a single non-premium member can, for some reason, see who viewed their profile, then the statement "only Premium members can see who has viewed their profile" is false.
  So technically, you can't say that the first part of the statement is false from the screenshot.
- noutella3 hours ago
  They do say they won’t bother, but the rest of the article is actually precisely covering this second point, aka Article 15 of LK Privacy Policy
  - loloquwowndueo2 hours ago
    Rhetorical argument is rhetorical?
  - SAI_Peregrinusan hour ago
    It's covering article 15 of the GDPR, not of LinkedIn's Privacy Policy.
    SAI_Peregrinusan hour ago
    Also, I just checked, and LinkedIn's privacy policy page doesn't contain any information about who viewed my profile in the last year. No usernames, no company names, it's just a generic privacy policy. So the data isn't there either.
duxup2 hours ago
I'm not a fan of how LinkedIn operates ... or the culture there in general.
At the same time I wonder what happens when users realize everything they look at is now more visible than ever? People just make fake accounts for browsing?
Maybe it should be that way, but there's an interesting dynamic to "what you look at (even if not a full picture) is visible to some people".
- 5 minutes ago
  undefined
- ruskan hour ago
  Like a reverse panopticon - a truly terrifying concept if you tease it out …
  - therobots92715 minutes ago
    I’m interested in hearing your thoughts further on this…
noname1203 hours ago
This is the ludicrous part:
> LinkedIn rejected the request on the grounds that protecting that data took precedence.
Guess that implies that paying takes precedence on data protection
- bee_rider2 hours ago
  I wonder if they will be able to make any argument along the lines of: we’re much more confident about the identities of paying customers so we think there’s less privacy risk in that case.
  I think they should lose the case but I’m curious if anyone can think of a good argument for their side, at all (in the European context where there are data laws, “it’s their website they do what they want” is the conventional US perspective but I don’t really see what that leaves us to discuss).
  - jmkd2 hours ago
    They should give the data to people who ask, which will be a snapshot in time presented in a spreadsheet. Then what you are paying for is the interface that shows you who clicked yesterday with a thumbnail and a link to their profile, and who will click tomorrow, as long as you keep paying. But refusing the download option is not on.
dec0dedab0dean hour ago
Interesting, does that mean if you use google analytics you can demand the details google has about every user that hits your site?
tensegrist10 minutes ago
isn't this also a thing on dating apps
scosman3 hours ago
Not sure I follow the logic. The list of profiles I visit feels like it’s my data, not the owners of target profile. By that logic can I GDPR chrome for the browsing history of anyone who has visited my site? IANAL but I thought GDPR is about getting a copy of your data, not others.
- Macha2 hours ago
  The problem for linkedin is they try to simultaneously claim that it’s the visitors data and therefore they can’t disclose it at the same time as claiming its linkedin’s data so they can sell access to it
- zkmon2 hours ago
  Going by that logic, they shouldn't be selling your data to their premium users. Either way, LinkedIn is on the wrong footing.
  - nananana92 hours ago
    They can spin it as "the list of profiles you visit is your data", this list they'll probably give you if requested, but in addition they're also willing to sell you others' data (the list of people who visit you).
    Not precisely a nice way to put it, but it seems consistent to me.
    luma2 hours ago
    It falls on its face as soon as they offer to sell that data to someone else, which is exactly what they're doing. Can't have it both ways.
    Ravus2 hours ago
    "personal data’ means any information relating to an identified or identifiable natural person" - GDPR article 4
    Data often pertains to multiple people (trivial case: direct messages between two users); the rights of GDPR apply to your data, regardless of whether it also pertains to multiple others, subject to some restrictions to safeguard the rights of others. Those legal restrictions clearly don't apply because you could pay to obtain that access.
    LinkedIn would need to prove in court that the list of users who visited your profile is not your data.
    Additionally, your profile is undisputably your data. Per article 15 of the GDPR, you have a right to access "the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations".
- Hamuko2 hours ago
  If Google approached me and offered me Chrome Premium that allows me to see the identities of everyone who has visited my site, I feel like we wouldn't be having this discussion right now.
- ajdude2 hours ago
  I think it's more like if you owned a blogspot site, and you're gdpr'ing the list of users who visited your site (given Google logged every single user who visited, and associated that visit specifically with you).
  Linkedin is recording every person who visits your profile and keeps that in your user records, and they are already selling it back to you. The argument is that you have a right to that data.
  Linkedin is arguing that this data needs to be protected for the privacy of those visiting your profile and the argument is that if they really believed that, they wouldn't sell it back to you, compromising that privacy anyway.
ChrisArchitect17 minutes ago
[dupe] Some more on source: https://noyb.eu/en/linkedin-locks-your-gdpr-rights-behind-pa... (https://news.ycombinator.com/item?id=48019775)
immanuwell3 hours ago
Noyb basically built a logic trap linkedin can't squirm out of: either selling the visitor list to premium users is illegal or handing it over for free under article 15 is mandatory - pick one
Fokamul2 hours ago
Linkedin, aka premium database for spear-phishing?
Linkedin is the best thing what happened for phishing since 4ever.
If you have a profile there, you're already lost. They gather your data and even network layout if you just open linkedin.
krystalgamer3 hours ago
don't see the issue, the data of who visited my profile belongs first to the visitor and to me iff i pay for it. seems pretty clear, no?
- throw_a_grenade3 hours ago
  No, that's the point. If the data pertains to you, it's yours. No "iff I pay for it".
  - chasd003 hours ago
    wouldn't that mean every piece of cctv footage that has me in it also belongs to me? i don't see it (no pun intended).
    bee_rider3 hours ago
    I don’t think anyone has tested that in court. I wouldn’t be surprised if it should belong to you but fact that most CCTV footage is (or at least was) stored by small independent entities means that you aren’t aware that your CCTV data exists, or wouldn’t find it worthwhile to request it all.
    It would be an interesting angle of attack against classic surveillance, though. If there are any vendors that store the video in some centralized system, so you can request it all at once.
    But, I think there will be some hurdles, this case specifically relies on the fact that LinkedIn clearly doesn’t believe there’s any reason to keep this data private (they sell users access to it, after all).
    vidarh2 hours ago
    You absolutely can request CCTV footage of you in the EEA. You need to specify time period with sufficient specificity, and how to identify you so they can ensure they are handing out footage of you, but you have a right to it.
    It's rarely going to be worth requesting, but if you e.g. need evidence for a civil case, for example, it could be.
    k33n2 hours ago
    It’s a little more complicated than that, because ultimately I control whether you see that I viewed your profile or not, even if you’re a Premium member. If I don’t want other users to see that I viewed their profile, then I don’t get to see who viewed my profile. It’s a setting.
    bee_rider2 hours ago
    Oh, I assumed this was just about the views from the folks who hadn’t enabled the private viewing option.
    k33n2 hours ago
    It would have to be, if they were to try and take this argument further. But ultimately the question of who the data is concerning/belongs to is more complex than the article lets on because there are two users involved in the scenario that generated the data.
    bee_rider2 hours ago
    In either case it must belong to one of the users, so I guess it will be good to clarify.
    cge2 hours ago
    That is true in the EU in a number of circumstances. You can do a data access request for CCTV footage of yourself; I’ve successfully done this before, and some organizations give out CCTV footage this way often enough they have websites about their procedures. For organizations I know of, they blur other people in the footage.
    throw_a_grenade2 hours ago
    Yes, of course. In European cities there are GDPR disclosures hanged on the lampposts on which CCTV cameras are mounted. The disclosure contains retention period and contact to data processing inspector where you can request the data. You probably need to specify the timestamps and haw to recognise you.
    In commercial buildings the disclosure may hang on the wall besides main entrance.
    Everything as designed.
  - krystalgamer2 hours ago
    exactly, but it doesn’t pertain to you until you pay.
    if we assume there’s a directional graph with edges labeled as “visited”. what linkedin is offering is to traverse it backwards for a fee.
    what they’re demanding is ludicrous. pure entitlement that would have horrible ramifications for all social media platforms.
    should a gdpr export include who has unliked/unreposted your posts too? it definitely pertains to you.
    scronkfinklean hour ago
    "Pertains" is doing a lot of work in your argument, and you're using it wrong. The data about who viewed your profile pertains to you from the moment the visit happens. That's what that word means, so your first statement is false.
    The other important detail is that LinkedIn already has processed this data that definitely pertains to you, whether you paid for it or not, and are trying to sell it to you. In fact, to quote the article, LinkedIn's argument for not giving it to the user is "on the grounds that protecting that data took precedence". LinkedIn isn't withholding viewer data to protect viewer privacy. We know this because they sell it. If the viewer's privacy interest were so compelling that it overrides your Article 15 right (which is what Noyb is referring to), it would also be compelling enough to prevent LinkedIn from selling that same data to Premium subscribers.
    The argument being made for this specific feature (not the ones you added) is that you can't simultaneously claim the data is too privacy-sensitive to disclose under GDPR and then sell it as a product feature
    throw_a_grenadean hour ago
    > it doesn’t pertain to you until you pay
    Respectfully, that's bollocks. The data, by itself, either does, or it does not. Exchange of unrelated money does not change anything in the data itself. IOW, it's the data that matters, not a wannabe-service that is pitched to the rightful owners.