LinkedIn Faces GDPR Complaint Over Paywalled ‘Profile Visitor’ Data

Breaking: NOYB Files Legal Challenge in Austria

The digital rights group None of Your Business (NOYB) has filed a formal complaint in an Austrian court, alleging that LinkedIn’s practice of charging users to see who viewed their profile violates the European Union’s General Data Protection Regulation (GDPR). The complaint, submitted this week, centers on LinkedIn’s ‘Who’s Viewed Your Profile’ feature.

According to NOYB, LinkedIn’s policy contravenes Article 15 of the GDPR, which grants individuals the right to access their personal data. The group argues that profile visitor information constitutes personal data that must be provided free of charge upon request.

Quotes from NOYB

“It is particularly absurd that LinkedIn is using a supposed ‘data protection interest’ as an argument to deny the right of access to data under the GDPR,” said a spokesperson for NOYB in a press release. “Either the data must not be accessible to anyone, or – if it is clear to the visitor that the data is visible – it must also be disclosed in accordance with Article 15 GDPR.”

NOYB has a track record of taking on tech giants. In 2025, Google was fined €325 million ($381 million) by France’s CNIL after a NOYB complaint over data collection and advertising practices.

Background: From Free Feature to Paid Perk

LinkedIn introduced the ability to see who viewed your profile around 2007. The feature was initially free for all users. However, after GDPR took effect in 2018, LinkedIn paywalled it, making it available only to Premium subscribers at €30 per month ($40 in the US).

NOYB argues this creates a contradiction: free users cannot access their profile visitor data, yet if they pay, the same data becomes available. The group calls this an “illegal” commercialization of a data access right.

What This Means for Users and LinkedIn

If the complaint succeeds, LinkedIn could be forced to provide the ‘Who’s Viewed Your Profile’ data to all EU users at no cost. Beyond LinkedIn, this case could set a precedent for how social media platforms monetize user data under GDPR.

The complaint asks Austria’s Data Protection Authority to fine LinkedIn and order compliance. NOYB’s chairman, Max Schrems, noted: “Companies cannot use data protection as a shield to deny access rights while simultaneously selling that access.”

LinkedIn’s Defense: Opt-Out and Privacy Conflicts

LinkedIn may argue that free users can opt out of profile visibility by toggling off the feature in Settings > Visibility > ‘Visibility when viewing other profiles’. When disabled, visits appear as “Anonymous LinkedIn Member.” Free users can also see the last five visitors who haven’t chosen anonymity.

The company could also claim that granting full access conflicts with other users’ privacy rights under Article 15. In response to a query, a LinkedIn spokesperson sent a statement: “We take our obligations under GDPR seriously and believe our current approach balances transparency with privacy. We will review the complaint and respond appropriately.”

Urgency and Next Steps

The Austrian court will now consider whether to refer the case to the European Court of Justice. NOYB expects a preliminary ruling within months. Meanwhile, affected users may submit individual Data Subject Access Requests (DSARs) to LinkedIn, though NOYB warns the company often refuses these requests, citing data protection.

This case highlights ongoing tensions between EU privacy laws and corporate business models. As NOYB puts it: “Data access rights are not a luxury—they are a fundamental right.”