LinkedIn Faces Legal Challenge Over GDPR ‘Paywall’ for Profile Data
LinkedIn is under fire from the digital rights group None of Your Business (NOYB), which claims the professional networking site is illegally charging EU users for access to their own data. The dispute centers on the “Who’s Viewed Your Profile” feature, a long-standing tool that LinkedIn has transitioned into a paid perk for subscribers.
In a complaint filed in an Austrian court, NOYB argues that by locking this information behind a paywall, LinkedIn is violating the General Data Protection Regulation (GDPR)—specifically Article 15, which guarantees individuals the right to access the personal data a company holds about them.
- The Complaint: NOYB alleges LinkedIn violates GDPR Article 15 by charging for profile visitor data.
- The Contradiction: LinkedIn denies access to this data during formal Data Subject Access Requests (DSAR) citing privacy, yet sells the same data via Premium subscriptions.
- Potential Impact: If successful, LinkedIn could face substantial fines or be forced to provide visitor data to all EU users for free.
- Legal Precedent: NOYB previously triggered a €325 million ($381 million) fine against Google via the French regulator CNIL in 2025.
The Conflict: Privacy vs. Monetization
LinkedIn introduced the ability to see profile visitors around 2007, eventually moving the feature into its paid subscription tiers. For users in the EU, this creates a legal paradox. Under the GDPR, citizens can submit a Data Subject Access Request (DSAR) to see what data a company has collected on them. According to NOYB, LinkedIn refuses these requests for visitor data, claiming it must protect the privacy of the people who visited the profile.
However, that “data protection” argument vanishes if the user pays for a LinkedIn Premium Career plan, which starts at €30 per month (or $40 per month in the US). Once the subscription is active, the same data suddenly becomes available.
“It is particularly absurd that LinkedIn is using a supposed ‘data protection interest’ as an argument to deny the right of access to data under the GDPR,” NOYB stated in a press release.
NOYB contends that LinkedIn’s policy is contradictory: the company limits access to data that should be legally free simply to maintain the incentive for users to pay for Premium subscriptions.
LinkedIn’s Defense and the ‘Right to View’
LinkedIn has pushed back against the claims. A company spokesperson stated that NOYB’s assertions are false, arguing that Premium membership isn’t the only way to see viewers and that the company satisfies GDPR Article 15 by disclosing relevant information within its Privacy Policy.
The company may also argue that the rights of the profile owner to know who viewed them conflict with the visitor’s right to privacy. LinkedIn currently allows all users to remain anonymous by toggling the “Visibility when viewing other profiles” setting in their visibility tab. Free users can see their last five visitors, provided those visitors haven’t enabled anonymity settings.
Expert Analysis: The Legal Stakes
Helen Brain, partner and head of commercial at Square One Law in the UK, suggests that NOYB has a strong foundation for its complaint. Brain notes that if the visitor’s data is too private to be disclosed in a DSAR, it logically shouldn’t be disclosed to Premium members either.
The outcome of the Austrian court case could have significant ramifications:
- Substantial Fines: The Austrian Data Protection Authority could issue heavy penalties if a breach is found.
- Feature Changes: LinkedIn might be ordered to stop disclosing profile searchers entirely or make the data available for free via DSARs.
- Industry Shift: A ruling against LinkedIn could threaten other tech companies that use “data as a feature” to drive paid subscriptions.
Despite the risks, Brain suggests LinkedIn might find a workaround, such as updating how it gains consent from users to lawfully disclose searcher data while continuing to charge for the service.
Frequently Asked Questions
What is GDPR Article 15?
Article 15 of the General Data Protection Regulation provides the “Right of Access,” allowing individuals to obtain confirmation from a data controller as to whether their personal data is being processed and to access that data.
What is a Data Subject Access Request (DSAR)?
A DSAR is a formal request made by an individual to an organization asking for a copy of the personal data the organization holds about them. Under GDPR, these requests must generally be fulfilled free of charge.
Can I still browse LinkedIn profiles anonymously?
Yes. In the Settings > Visibility tab, users can adjust their “Visibility when viewing other profiles” to appear as an “Anonymous LinkedIn Member.”
Looking Ahead
This case highlights a growing tension between the “freemium” business models of massive tech and the strict data sovereignty laws of the European Union. As regulators increasingly scrutinize how personal data is commodified, companies may be forced to decouple legal data rights from paid feature sets. The ruling in Austria will likely serve as a bellwether for how “Right of Access” is interpreted when data has commercial value.