LinkedIn and the GDPR - what you need to know

Christian Hall

For B2B marketers the power of LinkedIn lies in its 560 million connections that you can market your products and services to. But we’re now in the post-GDPR world and using data for marketing purposes plays by new rules. Whatever your marketing strategy with LinkedIn you’ll know the value in pushing out sponsored content to a chosen target audience and not just relying on the slow build up of an organic plan.

LinkedIn has a number of important statements regarding GDPR (which came into effect on May 25, 2018), but the biggest requirement is that any data uploaded into it has been acquired with the correct permissions and that responsibility of that data remains with the company running the campaign through LinkedIn. Uploaded data is used when trying to utilise Matched Audiences for either an InMail or Sponsored Content campaign.

Take note that LinkedIn has handed power back to the user with new advertising settings which allows all members to opt out of the use of their demographic data in ad targeting. This includes the standard information of Job Title, Job Function, Seniority, Skills etc, which underpin the targeting abilities of all sponsored campaigns. LinkedIn has stated that these changes will filter through to estimated audience sizes in the Campaign Manager but will likely lead to slightly less accurate audience sizes overall. However, more importantly conversion tracking is unaffected as there’s no separate way of opting out of being tracked as converting user. Likewise, LinkedIn’s Insight Tag for collecting data on your website hasn’t changed and all collected data is encrypted.

"LinkedIn has handed power back to the user with new advertising settings which allows all members to opt out of the use of their demographic data in ad targeting"

So, what is LinkedIn’s (and other social networks) role specifically under the GDPR? LinkedIn is the ‘data controller’ (a party that collects and processes personal data for uses such as direct marketing). Don’t think you can be absolved of your responsibilities under that remit though. Once you have obtained data through LinkedIn your company becomes the data controller (and LinkedIn the ‘data processor') and consent comes into play to contact people from the data you’ve gathered. Let’s take a look at what’s covered in the data that you’re likely to be processing in a LinkedIn advertising activity.

Getting campaign data into LinkedIn

When using Matched Audiences in paid campaigns LinkedIn is keen to point out that all responsibility of the GDPR-compliant data uploaded is the responsibility of the advertiser.

  • Do advertisers need to certify that their data (like customer addresses) are GDPR compliant before using that data in a campaign? Yes, the responsibility lies with the advertiser to ensure GDPR compliance of any acquired data that is uploaded into LinkedIn.
  • What about Sponsored InMail? If using LinkedIn’s usual targeting options for an InMail campaign, advertisers don’t need to take any additional action, unless they are uploading a list from their own database.
  • Lead Gen Forms: Once again, because LinkedIn is managing GDPR compliance with regards to targeting and tracking of ads shown to members, the advertiser doesn’t have to do anything different. However, LinkedIn had upped the requirements for an advertiser’s Privacy Policy statement, you can no longer point to a generic area of a website in order to get a form approved. It must be explicit as to what the Privacy Policy is and how an advertiser intends to use the data.

Getting campaign data out of LinkedIn

The flipside to this is outputting data from LinkedIn for your external marketing efforts. There’s a huge amount of anonymised and profiled data that can be extracted from your campaigns.

  • Stored email addresses: LinkedIn has now set a limit of 90 days for email addresses to be stored in the Campaign Manager if they are not actively being used. After that time they will be removed.
  • Lead Gen Forms: Similarly, LinkedIn with delete Lead Gen Form submissions after 90 days, and members can revoke their submissions during this time.
  • Extracting other data? Remember that so-called data scraping is a big no-no. You can’t just harvest email addresses from LinkedIn and then input them into a CRM to use for marketing purposes there. You don’t have the consent for that. But then there’s ‘legitimate interest’ which can be a way of contacting for marketing purposes. But consent will trump interest unless the contact is being made in the vital interests of the user.

At TBT we stay on top of the latest trends in digital marketing and know how GDPR has changed marketing. Need help to move your digital campaigns going forward in the post-GDPR world? Then contact us today at [email protected] or reach us on +44 (0)1373 469 270.

Want to start a conversation?

Get in touch

We use cookies to ensure you get the best experience on our website. Learn more