CSOonline. “We do disclose that we scan for browser extensions in our privacy policy, in order to detect abuse and provide defense for site stability.” When asked whether it uses that data solely to do those things, LinkedIn did not reply. The key person behind the allegations calls himself Steven Morrell (not his legal name, which he asked CsoOnline to not publish). The company he represents also has different names, including Teamfluence and Fairlinked. Morrell said that LinkedIn is gathering data that includes sensitive details, including information that he argued could be used to determine religious and political leanings. Gathering such data, Morrell said, could violate European privacy rules.But Morrell is not saying that LinkedIn is in fact using the data to determine those preferences, but merely that they could. Much the same could be said for almost all large companies.Morell isn’t exactly unbiased, however. He and LinkedIn are also involved in a legal dispute in Germany, in which Morrell said that LinkedIn violated EU rules and that it improperly kicked him, and others, off the service. LinkedIn countered that Morell and the other plaintiffs had violated its terms of service with their plugins. Last month, a judge in Munich sided with LinkedIn, dismissing the motion for a preliminary injunction.
Might cause compliance issues: Safayat Moahamad, research director at Info-Tech Research Group, said that compliance approaches throughout the European Union and the UK could indeed have some issues with this deep a level of data collection. “European courts are likely to support platforms that restrict automated data harvesting, when they can plausibly link organization-level policy enforcement actions to consumer protection and regulatory compliance,” Moahamad said.
Advice for CIOs: Cybersecurity consultant Brian Levine, executive director of FormerGov, said enterprise CIOs should use these allegations, even if they prove to be untrue, to help them tweak their data strategy and privacy policies for 2026.”Assuming the BrowserGate allegations are true, LinkedIn users should consider reducing the amount of identifiable, trackable, or sensitive data their browser exposes, and organizations should treat LinkedIn as a potentially hostile web environment until facts are verified,” Levine said. “Even if BrowserGate is exaggerated, browser fingerprinting is a real, widespread practice across the web. Treat LinkedIn like any other third-party data collector. LinkedIn has historically been treated as safe, [but] that assumption may need to be revisited.”Levine said IT executives should “assume that LinkedIn can map your tech stack” and that, if the claims are accurate, LinkedIn could infer “which SaaS tools your employees use, which competitors you rely on, which job search tools your staff is using and which political/religious extensions appear inside your workforce.”He added that IT should consider blocking LinkedIn on sensitive networks, or require it to only be accessed through VDI, as well as employing browser isolation techniques. Some companies might even want to use a separate isolated browser solely for LinkedIn, or, he said, “use a sandboxed browser session, such as Browserling or other cloud-isolated browsers.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4156064/questions-raised-about-how-linkedin-uses-the-petabytes-of-data-it-collects.html
