LinkedIn Lawsuit: Mining Email Contact Lists

linkedin_lawsuitPrivacy Alert: LinkedIn is facing a lawsuit for using its users’ external contacts lists to send recruitment messages to potential new users. If you have a LinkedIn account, this could be happening to you.

LinkedIn Contact List Mining

When you sign up for a LinkedIn account, you must connect the account to an external email address. When you do so, you also give the company consent to access that email’s contacts list. This is how LinkedIn creates its People you may know function – people you may know are simply LinkedIn users who have registered accounts using an email address that also appears on your contacts list.

As LinkedIn states in its Privacy Policy:

We collect information when you sync non-LinkedIn content – like your email address book, mobile device contacts, or calendar – with your account. We use this information to improve your experience and allow you and your network to be better connected. You can remove your address book and any other synced information whenever you’d like.

The issue at hand, and the reason LinkedIn is facing a lawsuit is that they are also using their users’ external email accounts to send LinkedIn marketing emails to contacts who are not LinkedIn members.

To be clear, as much of the media surrounding this issue is not, LinkedIn is not hacking their users’ external email accounts – they are simply accessing information they have been given consent to access and using pre-existing members’ identities as LinkedIn endorsements.

So, for example, if you are not a LinkedIn member but your friend Bob is and you are on Bob’s email’s contacts list, you might receive an email from LinkedIn saying something to the effect of “Join Bob on LinkedIn.”

The problem, and the reason this lawsuit is moving forward, is that LinkedIn is somewhat aggressive in their email marketing frequency. If a non-member receives a recruitment email and they do not respond, they will subsequently receive multiple recruitment reminders – all to the effect of “Look what you’re missing out on. You should Join Bob.”

According to U.S. District Judge Lucy H. Koh, these reminders may violate California’s right of publicity, “which protects against the appropriation of someone’s name or likeness, without their consent, for commercial purposes,” because “nothing in LinkedIn’s disclosures alerts users to the possibility that their contacts will receive not just one invitation, but three.”

Legitimate Concern or a Class Action Cash Cow?

Those pressing charges against LinkedIn want the company to stop what it is doing. They also want to be compensated for any profit LinkedIn may have earned through the use of their identities in LinkedIn endorsements. Of course, LinkedIn is innocent of all charges until proven guilty, and until that time the question remains:

Should a social network be allowed to extend its reach without its users’ explicit consent?

The answer has important implications that will undoubtedly affect the future of our Internet.

Emsisoft Endpoint Protection: Award-Winning Security Made Simple

Experience effortless next-gen technology. Start Free Trial

Have a Great (Malware-Free) Day!

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next