Not even 2 weeks after the Irish Data Protection Commission (DPC) announced a record setting fine of $1.2B, Microsoft acknowledged on its investor website that the DPC has sent it an early draft of a decision finding that Microsoft's LinkedIn professional networking platform violated GDPR in its targeted advertising practices.
The decision and fine comes after the DPC launched an investigation in 2018 into whether LinkedIn's and other company's targeted advertising practice violated the GDPR. In April, the DPC announced that it had sent LinkedIn a preliminary decision in the investigation. The DPC has recently been criticized by the European Parliament regarding various ongoing investigations, which the DPC has suggested was "misplaced."
Microsoft has already vowed to appeal the decision upon receipt of the final decision. In the meantime, organizations subject to GDPR should be careful about targeted advertising advertising to their users without consent.