Top professional networking platform LinkedIn has been dragged to court for sharing its premium users’ information for AI model training without consent.
The lawsuit filed on 21 January claims that the platform secretly shared InMail messages from Premium subscribers with third party companies to train AI models in violation of the Stored Communications Act (SCA).
LinkedIn is also accused of engaging in unlawful business practices under California’s Unfair Competition Law (UCL), and the plaintiff is asking for $1,000 per person in statutory damages under the SCA among other demands.
Quite harvesting of data
Premium LinkedIn users have access to certain features and services that free users don’t, one of which is InMail messages, which allows users to contact other users without following them.
Initially, the premium user agreement however doesn’t explicitly say that LinkedIn could share the users’ messages with third parties for training AI models.
However, the platform quietly introduced a setting that shares such messages by default without informing the user. Only users who found out and turned the setting off would save their data, which is a direct violation of their privacy.
The plaintiff also claimed that the platform updated its privacy policy to make room for the data harvesting, as well as the clause that information already used for AI training cannot be undone.
This also violates LinkedIn’s policy which states that users will be duly notified of changes and given an opportunity to object before they take effect.
In addition to the monetary compensation, the lawsuit is also demanding an injunctive relief to delete all AI models trained using improperly disclosed data.
Concerns on data privacy
The concerns for data privacy has never been higher, especially with the emergence and wide adoption of AI.
While the LinkedIn incident raises eyebrows around Microsoft’s other services and platforms, it doesn’t stop there.
Just recently, the Federal Trade Commission (FTC) sanctioned General Motors for illegally sharing its customers’ driver data with third parties without prior consent or knowledge of the users.