Microsoft has warned investors that it is facing a potential $425m GDPR fine for targeted advertising practices by LinkedIn – which it bought in 2016 – but has vowed to “defend itself vigorously” against the claims.
The Irish Data Protection Commission first received complaints in 2018 about LinkedIn and other companies over their targeted advertising practices.
Microsoft has said it was sent a draft decision by the Irish DPC in April this year, detailing the alleged breach of GDPR, although the tech giant insists it has co-operated with the regulator “throughout the period of inquiry”.
In a statement, published in the investor relations section of its website, Microsoft said: “After review and analysis, the company will increase its existing reserve for the matter and, based on current exchange rates take a charge of approximately $425m in the fourth quarter of fiscal year 2023.
“The company intends to dispute the legal basis for, and the amount of, the proposed fine and will continue to defend its compliance with GDPR. There is no set timeline as to when the Irish DPC will issue a final decision.”
It added that, upon receiving a final decision, Microsoft will “consider all legal options and intends to defend itself vigorously in this matter”.
The Irish DPC was not available for comment.
Last week, privacy campaigner Max Schrems has used the fifth anniversary of GDPR to launch a scathing attack against the lack of enforcement action, insisting that “behind closed doors, companies are very open about the fact that they don’t fear the authorities at all”.
Schrems’ organisation NOYB even criticised last week’s ruling which saw Meta slapped with a record €1.2bn (£1bn) fine and ordered to stop processing EU users data in the US, insisting it is an example of enforcement “not working”.
Related stories
GDPR five years on: ‘Firms just don’t fear enforcement’
GDPR five years on: The death knell for lazy marketing?
Meta ruling blows US data transfers out of the water
GDPR four years on: €1.6bn in fines but issues remain
GDPR three years on: ‘The aperitif to a cookieless world’
GDPR two years on: EU chiefs finally admit funding issue
GDPR one year on: Data is now a major boardroom issue
GDPR zero hour: Now the hard work begins say experts