LinkedIn's Aggressive Contact Harvesting and Spam Practices
Investigation into LinkedIn's history of importing users' entire contact lists and sending connection invitations without clear consent, resulting in a $13 million settlement.
Unlock Full Privacy Intelligence
Get deep-dive reports on every company that touches your data. SeekerPro members see breach timelines, DSAR success rate...
Learn MoreAudit Your Site Free
Run a full privacy and compliance audit on any website in 60 seconds. NexusBro scans cookie consent, tracker behavior, a...
Learn MoreAutomate Privacy Compliance
Stop wasting hours on manual DSAR filings and cookie consent management. BliniBot handles the busywork so your team can ...
Learn MoreKey Findings
- #1$13 million settlement for importing contacts and sending invitations without clear consent
- #2Add Connections feature imported entire address books for automated outreach
- #3Up to three reminder emails sent to each contact on user's behalf
- #4Interface reportedly made it unclear that full contact lists would be accessed
- #5FTC investigation led to improved disclosure requirements
Investigation Details
LinkedIn paid a $13 million settlement in 2015 over allegations that it accessed users' external email accounts and sent repeated connection invitation emails to their contacts without clear consent. According to court filings, LinkedIn's 'Add Connections' feature imported entire address books and then sent up to three reminder emails to each contact on the user's behalf. Users alleged the interface made it unclear that LinkedIn would access their full contact list and send messages automatically. The FTC investigated LinkedIn's practices, and the settlement required improved disclosure of how contact information would be used. Privacy researchers noted this as an early example of growth hacking through consent manipulation that harvested relationship data at scale.
linkedin has been the subject of increasing scrutiny over its consent manipulation practices. Privacy researchers and regulatory bodies across multiple jurisdictions have documented concerns about how the company handles user data, particularly regarding consent, transparency, and data minimization principles. The findings suggest a pattern of prioritizing business metrics over user privacy, a trend observed across the broader technology industry. Users affected by these practices have limited recourse without proactive intervention such as filing formal complaints with data protection authorities or submitting DSAR requests.
Regulatory responses have varied significantly. European data protection authorities have been more aggressive in enforcement under GDPR, while US enforcement remains fragmented across state-level privacy laws. The investigation highlights the need for stronger federal privacy legislation and more transparent corporate data practices. Affected users should consider reviewing their privacy settings, submitting data deletion requests, and exploring privacy-preserving alternatives recommended by independent researchers.
Related Scandals
Take Action
Protect Your Data Across Every Platform
Tools trusted by thousands of privacy-conscious users worldwide
No card charged today. Cancel anytime.
Frequently Asked Questions
What data does linkedin collect?
Our investigation reveals linkedin engages in consent manipulation. Investigation into LinkedIn's history of importing users' entire contact lists and sending connection invitations without clear consent, resulting in a $13 million settlement.
Is linkedin's consent manipulation legal?
The legality of linkedin's practices varies by jurisdiction. Under GDPR, companies must have a lawful basis for data processing. Under CCPA, California residents can opt out of data sales.
How can I protect myself from linkedin?
You can submit a data subject access request (DSAR) to linkedin, opt out of data collection through their privacy settings, or use privacy-preserving alternatives.