Viva la revolución: LinkedIn profile visitor lists belong to the people, says Noyb

GDPR Article 15 doesn't care if you want to make money by selling users' data back to them

by · The Register

A LinkedIn feature the average non-paying user likely only glances past could end up setting a legal precedent in the EU regarding how companies treat customer data that they've processed. 

Take a look at your LinkedIn profile, if you have one, and you'll see a space where you can look at profile viewers. For premium LinkedIn users, the list of people who visit one's profile goes back 365 days and includes names, job title and employer, and an easy link to the person's profile, unless they've toggled their visibility off for privacy reasons. 

What a premium LinkedIn user sees when they look at their profile viewers - Click to enlarge

Non-premium LinkedIn users, on the other hand, don't get nearly the same level of visibility on their profiles. If you don't fork over cash to LinkedIn owner Microsoft each month for the privilege, you'll just see things like "12 people found you though the homepage," or that someone with a certain job title from a certain company was scoping out your LinkedIn page. 

What you'll see on the profile viewers screen if you don't have a paid-for LinkedIn account - Click to enlarge

Clicking anything on the free user list redirects you to a LinkedIn premium signup page or search results for employees at one of the aforementioned companies.

One unnamed LinkedIn user refused to accept this lesser status, and approached Microsoft to exercise their GDPR Article 15 right to a copy of their personal data processed by LinkedIn. "Processed" can mean a variety of things, including something as broad as simply hosting a particular type of information. 

LinkedIn rejected the request on the grounds that protecting that data took precedence. Now the data protection warriors at EU privacy outfit Noyb ("none of your business") are getting involved.

"Selling data to its own users is a popular practice among companies," Noyb data protection lawyer Martin Baumann said of the case. "In reality, however, people have the right to receive their own data free of charge."

Take a look at the language of Article 15, and it's pretty clear: data subjects (i.e., users) have the right to a copy of any and all data concerning them that's been processed by the provider. A full list of profile visitors seemingly should fall under Article 15 data – even if it's normally reserved for paying users and presented to them in a nicer way, it should still be accessible to free users who actually request it. 

LinkedIn didn't appear to believe that it was doing anything wrong at all. In a clear denial of facts that are obviously apparent to any non-paying LinkedIn user, including the writer and both editors who worked on this story, a LinkedIn spokesperson told us, "Not only is it incorrect that only Premium members can see who has viewed their profile, but we also satisfy GDPR Article 15 by disclosing the information at issue via our Privacy Policy." The first part of that statement is false, as you can see from the screenshot above. Given the obvious untrustworthiness of that half of the statement, we didn't bother wasting any time trying to evaluate the second part.

Noyb acknowledges there's a clear bit of legal fuzz stuck in this corner of the GDPR when it comes to premium service offerings. 

"If any business processes a person's personal data, this information is generally covered by their right of access under the GDPR," Baumann told The Register. "It does not matter that the business would prefer to sell the data to the data subject or that it would be harmful for their business model if they would." 

There's only one exception in Article 15 that would give LinkedIn an out, Baumann told us, and that's the last paragraph, which says a person's right to their data can't adversely affect the rights and freedoms of others. Were LinkedIn to argue that it had to protect the identities of people who visited a data subject's profile, they could have an excuse. But not a good one, in Baumann's opinion. 

"Since LinkedIn does provide information about profile visits to paying Premium members, it cannot consider that disclosing the data would adversely affect the rights of the visitors whose data is disclosed," the Noyb lawyer explained. "Otherwise, providing this information to Premium users would be unlawful too."

What seems to be the sticking point here is where right of access begins and a company's right to make money off data they hold (data that was, ahem, supplied by users) ends. Baumann said he hopes this case can clear the legal air. 

"We expect a clarification concerning the fact that personal data that can be accessed when a user pays for it is also covered by their right of access," he explained. 

Think of it like this: LinkedIn has every right under the GDPR to take data it has about profile visitors, package it up, add analytics, and present it in its most useful form to those willing to pay the platform for such a premium service. But a masochistic user who wants to rawdog a CSV file of the same data should have the right to do that, too - and GDPR Article 15 gives it to them.

It's not just LinkedIn, either. Baumann said there are numerous other cases where similar legal clarification would be appreciated, citing the example of a bank that is unwilling to provide access to account statements in response to a GDPR request, but is happy to hand over similar data for a fee. 

"A precedent would be welcomed," Baumann said. ®

You have one week to opt out or become fodder for LinkedIn AI training: Nations previously exempt from scraping now in the firing lineBrandon Vigliarolo, 27 Oct 2025Europe's GDPR cops dished out €1.2B in fines last year as data breaches piled up: Regulators logged over 400 personal data breach notifications a day for first time since law came into forceCarly Page, 22 Jan 2026Go straight to sell! Windows second-chance setup hawks Microsoft services at IT's expenseopinion: The OS trying to upsell you subscriptions is more than just an annoyanceAvram Piltch, 26 Apr 2026Microsoft's turned Windows into a cesspool, but it wants to do betterkettle: Windows is a mess, GitHub keeps wobbling, Copilot draws flak - what’s wrong at Redmond?Brandon Vigliarolo, 03 May 2026