LinkedIn has become the world’s largest professional networking platform, with over 700 million members globally. As more professionals use LinkedIn to network, look for jobs, and promote their skills and experiences, questions around data privacy have emerged. In particular, there is an ongoing debate around whether the personal information contained in a LinkedIn profile should be considered sensitive personal data that requires special protections and restrictions on use.
What kind of information is contained in a LinkedIn profile?
A typical LinkedIn profile contains a significant amount of personal and professional information, including:
- Full name
- Photo
- Location
- Email address
- Phone number
- Employment history
- Education history
- Skills
- Recommendations and endorsements
- Accomplishments
- Interests and hobbies
- Groups and associations
- Published articles and presentations
In many cases, a LinkedIn profile provides a fairly comprehensive overview of an individual’s career path, abilities, accomplishments, affiliations, and interests. Some users even choose to add additional personal details like date of birth, relationship status, religious views, and political affiliations.
How is sensitive personal data defined?
There is no single universal definition of sensitive personal data. However, some key characteristics that are often cited include:
- Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs.
- Trade union membership.
- Genetic data and biometric data uniquely identifying a person.
- Health data.
- Data concerning a person’s sex life or sexual orientation.
The sensitivity is judged based on the potential harm or discrimination that could ensue if the data is misused.
Privacy regulations on sensitive personal data
Given the risks associated with misuse of sensitive data, many jurisdictions impose stricter standards and requirements for obtaining, processing, and sharing sensitive personal data. For example:
- The European Union’s General Data Protection Regulation (GDPR) prohibits processing sensitive personal data unless certain conditions are met, such as obtaining explicit consent.
- In the United States, the California Consumer Privacy Act (CCPA) requires that businesses disclose how they collect, use, and share all types of personal information.
- Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) requires consent for collecting, using or disclosing personal information.
Organizations may face substantial fines or penalties for mishandling sensitive personal data without proper disclosures and consents.
Does a LinkedIn profile contain sensitive personal data?
Opinions differ on whether a LinkedIn profile constitutes sensitive personal data in whole or in part. Here are some key considerations:
Information that is generally considered sensitive
Some specific types of information sometimes included on LinkedIn could be considered sensitive:
- Age or birthdate – Reveals age which could be used to discriminate.
- Race/ethnicity – Photos often reveal race/ethnicity.
- Nationality/citizenship – Visa status may indicate nationality.
- Relationship status/family – Could indicate sexual orientation.
- Political/religious views – Views shared in profile or group memberships.
Including this type of information puts some obligation on LinkedIn to use the data only for appropriate purposes.
Employment and educational history
At their core, LinkedIn profiles focus on professional experiences, skills, and qualifications. Several experts assert that this career-oriented information is distinct from sensitive personal attributes, and should be afforded fewer privacy protections. However, others argue employment and education histories could reveal:
- Details about illness, disabilities, or time off.
- Experiences indicative of gender, orientation, or beliefs.
- Performance issues or other stigmatizing events.
So some of this data arguably edges toward sensitive territory.
Contact information and identifiers
Basic contact details like names, email address and phone numbers are not inherently sensitive. However, they do uniquely identify an individual, meaning improper use or sharing could enable privacy violations or tracking.
Photos
Profile pictures help personalize profiles, but also contribute recognizable likenesses of individuals. And again, photos can often reveal racial, ethnic, and gender characteristics.
LinkedIn’s policies on data privacy
LinkedIn’s privacy policy states:
We recognize that privacy is very important to our members, so we design and operate our services with the protection of members’ privacy in mind. This policy describes what data we collect and how we use it to provide our services.
In terms of sensitive data, LinkedIn maintains they:
- Do not require or request sensitive personal data from members.
- Only process sensitive data members choose to provide in limited cases where they have consented.
- Allow members to control visibility of sensitive data like age and contact info.
- Censor hate speech, bullying behavior, nudity, etc.
Members can also opt out of certain types of data usage like ad targeting. However, many privacy advocates argue LinkedIn could still do more to protect sensitive data and prevent misuse.
Risks of LinkedIn data misuse
If sensitive profile data fell into the wrong hands, individuals could face multiple types of harm:
- Discrimination – Data used to unfairly reject candidates, fire employees, etc.
- Identity theft – Emails/passwords stolen to access accounts and funds.
- Cyberbullying – Contact info used to harass individuals.
- Hacking – System breaches expose millions of profiles.
- Surveillance – Governments monitor profiles for political purposes.
These risks demonstrate the nuances around data sensitivity – it often depends on who is accessing the data and for what purpose.
How can LinkedIn users protect sensitive data?
Individuals who want to maximize privacy can take steps like:
- Using the strictest account privacy settings.
- Being selective about which details are included.
- Restricting access via networks and connections.
- Customizing visibility of name, photo, contacts, etc.
- Withholding sensitive personal interests and memberships.
However, this reduces the networking usefulness of LinkedIn if connections cannot view full profiles. And ultimately, members must trust LinkedIn itself to steward any sensitive data responsibly per their privacy policies.
Conclusion
In summary, while LinkedIn profiles focus on career histories and professional skills, they can potentially contain some sensitive personal information revealing demographics, beliefs, affiliations, and life experiences. LinkedIn does enable users to limit sharing of sensitive data, but privacy advocates caution that more safeguards are needed to prevent misuse that could enable discrimination, reputational damage or other harms. The debate over privacy versus utility will likely continue as more layers of personal data emerge via LinkedIn and other social platforms.