DPC statement on LinkedIn AI Training

The DPC has been engaging consistently with many of the companies at the forefront of AI development, with a focus on ensuring the responsible development and deployment of the technology for users across the EU/EEA

In March 2025, LinkedIn informed the DPC of its intention to train its own proprietary generative AI models using the personal data of LinkedIn members based in the EU/EEA, beginning in early November 2025. Further to a detailed review of the data protection documentation provided by LinkedIn and extensive direct engagement, the DPC identified a series of risks and other issues with the company's proposed processing of personal data. The DPC communicated these concerns and made a number of recommendations to LinkedIn to address the potential negative impact its plans could have on the data protection rights of individuals.

As a result, LinkedIn adopted a number of changes to its plan, including, but not limited to:

• Improved transparency notices for users helping them to understand the personal data LinkedIn will process to train its AI models and their ability to opt out if they so wish;
• A reduction in the scope of the personal data that LinkedIn would process to train its models, both in terms of the personal data to be used and the time period from which it proposed to draw the data;
• Improved measures to prevent the personal data of LinkedIn users under the age of 18 from being used to train the models;
• Improved measures to protect users, including through the implementation of filters to avoid the collection of potentially sensitive information shared on certain LinkedIn Pages and Groups, including trade union-related content; and
• The provision of more detailed risk assessments and other required documentation under the GDPR, such as their Legitimate Interest Assessment, Data Protection Impact Assessment and a Compatibility Assessment.

As it has done with other controllers, the DPC is also requiring LinkedIn to compile a report within five months of the commencement of processing which, amongst other things, will include an updated evaluation of the efficacy and appropriateness of the measures and safeguards it has introduced regarding the processing taking place.

The DPC will continue to actively monitor LinkedIn's rollout of this processing to ensure that everyone has an opportunity to take control of their personal data. Users should have received notifications from LinkedIn advising them on how they can assert their right to object under the GDPR by opting out of their personal data being used for the purpose of training LinkedIn's AI models. This can be done either via a dedicated toggle/switch within users' account settings, or alternatively via LinkedIn's Data Processing Objection Form.

We remind all individuals using internet platforms to regularly review their privacy settings and controls so that these continue to reflect their personal preferences.

The DPC's goal throughout this process has been to ensure that LinkedIn is delivering innovation responsibly, mitigating identified harms and risks to individuals and appropriately considering users' data subject rights by balancing and protecting their fundamental rights against the company's interests.

The DPC has not approved, or found compliant, LinkedIn's use of users' personal data for generative AI model training. However, the additional measures implemented by LinkedIn have sufficiently addressed the DPC's concerns such that further regulatory intervention is not considered necessary at present. The DPC will continue to monitor LinkedIn's GDPR compliance and will exercise further regulatory powers if necessary.

The DPC, as the Lead Supervisory Authority for many large global technology companies with their main establishment in Ireland, continues to regulate fairly, consistently and coherently, striving to ensure that the development and deployment of all AI models across the EU/EEA are treated in the same manner.