The policy contains a typical set of privacy-related provisions, informing users about the ways in which their data is collected and used. The aim is to manage expectations and to show how users themselves can influence data processing on the platform.
Another aspect of the data-driven economy is the interoperability of services and their mutual integration. A post recently went viral on Twitter claiming that LinkedIn’s Rapportive app revealed users’ profiles regardless of the fact that some users had had their profile visibility turned off. Opening profiles to all sorts of services is something that LinkedIn enables by default. This is a problematic point of departure to say the least. An opt out is of course possible, but how likely is it that everyone is aware of that option and capable of effectively setting the mode in the way he or she prefers to? The recently adopted GDPR clearly supports the idea of individual control by giving users the so-called big data protection rights (data portability, the right to be forgotten, the right to access etc.). While they look promising on paper, they might turn out to be toothless in practice. Technical feasibility is critical. (At this point it should be noted that LinkedIn’s policy does put some effort into making controls more approachable by providing users with clear instructions and means to change settings and/or download their data (see for example paragraph 4.2 on the access options)).
Lastly, LinkedIn has been growing rapidly. In only 13 years, LinkedIn has grown from 0 to 500 million users, meaning that it currently manages a strikingly large amount of personal data. This data is not only valuable on an individual level, but even more so on the level of a group. Through analysis of large datasets, a company is able to spot trends that pertain to the entire population. What a treasure of information! Unfortunately, exercising almost absolute control over large datasets also means that data is easier to be manipulated. In 2013, Facebook caused public outrage when it was revealed that they allowed psychological experiments. LinkedIn adopted their own internal rules to prevent such outcomes. It remains open, however, whether the self-regulatory approach poses a sufficient barrier to practices that are risky and potentially illegal. In addition, it is not entirely clear why LinkedIn makes such explicit promises not to share data with third parties. Unless users consent to this type of data processing, it is not allowed anyway.
Data can be both a treasure and a curse. It will take lots of courage, knowledge and smart regulation to make sure the former prevails.