How to Claim Your Right to See Who Viewed Your LinkedIn Profile (Under GDPR)
Introduction
LinkedIn's 'Who's Viewed Your Profile' feature has become a paid perk for Premium subscribers, but digital rights group NOYB argues this violates the EU's General Data Protection Regulation (GDPR). Under Article 15, you have the right to access all personal data a controller holds about you, including who viewed your profile. LinkedIn currently only shows the last five visitors to free users and blocks full access unless you pay. This guide walks you through how to exercise your GDPR rights to retrieve your viewer data, and what to do if LinkedIn refuses.
What You Need
- A LinkedIn account (free or paid)
- Residence in the European Union (GDPR applies to EU residents, but you can still try if you're elsewhere)
- An email address linked to your LinkedIn account
- Patience (response times vary; the process may take several weeks)
- Basic familiarity with GDPR concepts (optional but helpful)
Step-by-Step Guide
Step 1: Understand Your GDPR Right of Access
Article 15 of the GDPR gives you the right to obtain confirmation from LinkedIn about whether your personal data is being processed, and if so, to access that data. This includes a log of who viewed your profile, the time of the visit, and any other related metadata. LinkedIn cannot legally charge a fee for this access unless the request is excessive.
Step 2: Check Your Current Visibility Settings
Before making a request, review your own privacy settings. Go to Settings & Privacy > Visibility > Visibility when viewing other profiles. If you have toggled on 'Private mode', your own visits become anonymous. Note that free users can see only the last five profile visitors who did not enable private mode. This limited view is not full access to your data under GDPR.
Step 3: Submit a Data Subject Access Request (DSAR) to LinkedIn
- Log in to your LinkedIn account.
- Navigate to Help Center (usually at the bottom of the page).
- Search for 'Data Subject Access Request' or 'Download your data'.
- Select the option to request a copy of your data. LinkedIn provides a form where you can specify the types of data you want.
- In the request, clearly state that you want all data related to profile visitors (including timestamps and linked profiles).
- Submit the request and save a screenshot or confirmation email.
LinkedIn typically responds within 30 days (extendable by two months for complex requests).
Step 4: Evaluate LinkedIn's Response
Many free users have reported that LinkedIn denies DSARs for visitor data, citing privacy concerns for other users (Article 15(4) allows refusal if it adversely affects the rights of others). However, NOYB argues this is contradictory because LinkedIn willingly provides the same data to paying subscribers. If LinkedIn refuses, note their reasoning.
Step 5: File a Complaint with Your Local Data Protection Authority (DPA)
If your DSAR is denied or incomplete, you can escalate. Each EU country has a DPA (e.g., CNIL in France, DPC in Ireland, DSB in Austria). Steps:
- Document your original DSAR, LinkedIn's response, and any evidence that paid users can access the data.
- Prepare a complaint citing: violation of Article 15 and the contradictory policy (paywall vs. privacy excuse).
- Submit the complaint online via your DPA's portal. You can reference NOYB's case (filed in Austria) as precedent.
- Wait for the DPA to investigate. They may demand LinkedIn comply and issue fines.
Step 6: Consider Joining a Collective Complaint
You can also support NOYB's ongoing legal action. Visit noyb.eu and check for updates on the LinkedIn case. While you can file individually, collective action often has more weight.
Tips for Success
- Be specific: In your DSAR, explicitly mention 'who has viewed my profile' to avoid generic data dumps.
- Time your request: Submit during business hours in Ireland (LinkedIn's EU headquarters) for faster processing.
- Know your rights: Article 12(3) requires LinkedIn to respond without undue delay. If they exceed 30 days, send a reminder.
- Don't pay for Premium just for this: The GDPR right is free. Paying undermines the legal argument.
- Keep evidence: Screenshot every page and email. If you eventually file a complaint, documentation is key.
- Understand limitations: LinkedIn may argue that revealing visitors violates their privacy. However, if a user visits your profile without using private mode, they implicitly consent to being seen. NOYB's case will test this balance.
By following these steps, you can assert your GDPR rights and potentially help force LinkedIn to change its policy. If successful, free users across the EU may regain full access to their profile viewer data.
Related Articles
- The AI Governance Playbook: Lessons from the Musk-Altman Legal Battle
- Apple Challenges CCI's Authority in Antitrust Dispute: Key Questions Answered
- EU Agrees to Delay High-Risk AI Compliance Deadlines, Offering Businesses More Preparation Time
- How to Contest an Antitrust Regulator's Demand for Global Financial Records
- A Practical Guide to Dismantling Mass Surveillance
- Apple AirTag Lawsuit Wave: 8 Critical Questions Answered
- EU AI Act Compliance: 10 Key Changes from the New Provisional Agreement
- Courtroom Showdown: Greg Brockman's $30 Billion OpenAI Stake and the Fight Over the Company's Mission