Microsoft's insatiable hunger for user data has become something of a recurring talking point in discussions revolving around privacy. The lengths the organization goes to for retrieving people's PII is truly mind-boggling.
In the name of “improving user experience”, Microsoft has managed to dupe many people who use its products (including myself) by implementing invasive telemetry and surveillance-like features to their various offerings.
With that in mind, let's discuss the new lawsuit filed against LinkedIn, one of its most popular services that serves as a social media platform for professionals.
What's Happening: Filed as a class action on behalf of Alessandro De La Torre and all LinkedIn Premium customers (both mentioned as Plaintiff) in the federal court of San Jose, California (N.D. Cal.), the lawsuit alleges that LinkedIn has unlawfully disclosed private InMail messages to third parties for training generative AI models.
They point out that in Section 3.2 of the LinkedIn Subscription Agreement (LSA), LinkedIn promises that they won't disclose any confidential data of its paid customers.
However, a controversial policy change made by LinkedIn in September 2024, that allowed the company to use private messages (like the ones sent through InMail) to train AI models, allegedly contradicts this promise and forms the basis for the lawsuit.
📋
For clarity, the LSA is an additional user agreement for Premium subscribers that outlines the terms of service.
Alessandro has been a subscriber since July 2021, and between then and September 2024, he has sent/received numerous InMail messages that contained sensitive information on financing for startups, job-seeking, reconnecting with former colleagues, and so on.
As for things pertaining to the class action allegations, the exact number of affected individuals remains unknown, and the plaintiff argues that it would be impractical to have each person individually join the lawsuit.
They do assert that the defendant, in this case, LinkedIn, has millions of customers who fall into this specific group of Class members and that they can be identified via the defendant's records.
What's Next: The plaintiff demands a trial by jury and seeks actual damages along with statutory damages of $1,000 for each affected LinkedIn Premium user under the Stored Communications Act (18 U.S.C. § 2707), which addresses unauthorized access to electronic communications.
Moreover, they are also seeking the deletion/destruction of all models and algorithms that were trained using InMail messages.
Closing Thoughts
Their case appears well-grounded at first glance, but if the plaintiff fails to provide some concrete proof of any wrongdoing by LinkedIn, then it’s likely going to be an open-and-shut case.
On the other hand, even if the case goes the complainant's way, we already know that Big Tech earns enough to pay off any fines that come their way, so it's kind of a win-win situation for LinkedIn, and by extension its owner, Microsoft.
Sourav Rudra
