LinkedIn Addresses User Data Collection for AI Training

Source: Chris Batson via Alamy Stock Photo

Professional social networking site LinkedIn allegedly used data from its users to train its artificial intelligence (AI) models, without alerting users it was doing so.

According to reports this week, LinkedIn hadn’t refreshed its privacy policy to reflect the fact that it was harvesting user data for AI training purposes.

Blake Lawit, LinkedIn’s senior vice president and general counsel, then posted on the company’s official blog that same day to announce that the company had corrected the oversight.

The updated policy, which includes a revised FAQ, confirms that contributions are automatically collected for AI training. According to the FAQ, LinkedIn’s GenAI features could use personal data to make suggestions when posting.

LinkedIn’s AI Data-Gathering Is Automatic

“When it comes to using members’ data for generative AI training, we offer an opt-out setting,” the LinkedIn post read. “Opting out means that LinkedIn and its affiliates won’t use your personal data or content on LinkedIn to train models going forward, but does not affect training that has already taken place.”

Shiva Nathan, founder and CEO of Onymos, expressed deep concern about LinkedIn’s use of prior user data to train its AI models without clear consent or updates to its terms of service.

Related:Dark Reading Confidential: The CISO and the SEC

“Millions of LinkedIn users have been opted in by default, allowing their personal information to fuel AI systems,” he said. “Why does this matter? Your data is personal and private. It fuels AI, but that shouldn’t come at the cost of your consent. When companies take liberties with our data, it creates a massive trust gap.”

Nathan added this is not just happening with LinkedIn, pointing out many technologies and software services that individuals and enterprises use today are doing the same.

“We need to change the way we think about data collection and its use for activities like AI model training,” he said. “We should not require our users or customers to give up their data in exchange for services or features, as this puts both them and us at risk.”

LinkedIn did explain that users can review and delete their personal data from past sessions using the platform’s data access tool, depending on the AI-powered feature involved.

LinkedIn Faces Tricky Waters

The US has no federal laws in place to govern data collection for AI use, and only a few states have passed laws on how users’ privacy choices should be respected via opt-out mechanisms. But in other parts of the world, LinkedIn has had to put its GenAI training on ice.

Related:An AI-Driven Approach to Risk-Scoring Systems in Cybersecurity

“At this time, we are not enabling training for generative AI on member data from the European Economic Area, Switzerland, and the United Kingdom,” the FAQ states, confirming that it has stopped the data collection in those geos.

Tarun Gangwani, principal product manager, DataGrail, says the recently enacted EU AI Act has provisions within the policy that require companies that trade in user-generated content be transparent about their use of it in AI modeling.

“The need for explicit permission for AI use on user data continues the EU’s general stance on protecting the rights of citizens by requiring explicit opt-in consent to the use of tracking,” Gangwani explains.

And indeed, the EU in particular has shown itself to be vigilant when it comes to privacy violations. Last year, LinkedIn parent company Microsoft had to pay out $425 million in fines for GDPR violations, while Facebook parent company Meta was slapped with a $275 million fine in 2022 for violating Europe’s data privacy rules.

The UK’s Information Commissioners Office (ICO) meanwhile released a statement today welcoming LinkedIn’s confirmation that it has suspended such model training pending further engagement with the ICO.

“In order to get the most out of generative AI and the opportunities it brings, it is crucial that the public can trust that their privacy rights will be respected from the outset,” ICO’s executive director, regulatory risk, Stephen Almond said in a statement. “We are pleased that LinkedIn has reflected on the concerns we raised about its approach to training generative AI models with information relating to its UK users.”

Related:How Shifts in Cyber Insurance Are Affecting the Security Landscape

Regardless of geography, it’s worth noting that businesses have been warned against using customer data for the purposes of training GenAI models in the past. In August 2023, communications platform Zoom abandoned plans to use customer content for AI training after customers voiced concerns over how that data could be used. And in July, smart exercise bike startup Peloton was slapped with a lawsuit alleging the company improperly scraped data gathered from customer service chats to train AI models.

About the Author

Nathan Eddy is a freelance journalist and award-winning documentary filmmaker specializing in IT security, autonomous vehicle technology, customer experience technology, and architecture and urban planning. A graduate of Northwestern University’s Medill School of Journalism, Nathan currently lives in Berlin, Germany.