Microsoft says Irish DPC intends to slam LinkedIn with a $425m fine

1 Jun 2023

Image: © Sundry Photography/Stock.adobe.com

In a statement to investors, Microsoft vowed to dispute the draft decision and fine by the Irish DPC and ‘defend itself vigorously’ in case it becomes a final decision.

Microsoft has told investors that the Irish Data Protection Commission (DPC) has sent the company a draft decision with a large fine for alleged GDPR violations through targeted ad practices by LinkedIn.

Published in the investor relations section of its website today (1 June), the Microsoft statement said the Irish DPC sent it a non-public draft decision in April with a proposed fine of approximately $425m.

“After review and analysis, the company will increase its existing reserve for the matter and, based on current exchange rates take a charge of approximately $425m in the fourth quarter of fiscal year 2023,” the statement reads.

Microsoft intends to respond to the draft decision.

“The company intends to dispute the legal basis for, and the amount of, the proposed fine and will continue to defend its compliance with GDPR. There is no set timeline as to when the IDPC will issue a final decision,” Microsoft wrote.

It added that, upon receiving a final decision, Microsoft will “consider all legal options and intends to defend itself vigorously in this matter”.

The Irish DPC first began investigating a complaint against LinkedIn and other companies about their alleged violations of Europe’s GDPR through their targeted advertising practices. Microsoft said it cooperated with the DPC “throughout the period of inquiry”.

In a speech to the European Parliament last week, data protection commissioner Helen Dixon responded to criticisms against the Irish regulatory body as she faces EU pressure about ongoing investigations, calling the criticisms “misplaced”.

In March, the Irish DPC said it had issued fines of more than $1bn in 2022. An upcoming proposal by the European Commission is set to streamline cross-border cooperation in enforcing GDPR within the EU, potentially impacting the position of the Irish DPC.

The Irish DPC could not be reached for comment at this time.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain is a journalist with Silicon Republic

editorial@siliconrepublic.com