The Berlin Regional Court has issued a ruling against professional networking platform LinkedIn, prohibiting some of its data practices. The lawsuit was brought by the Federation of German Consumer Organizations (vzbv).
The court found that LinkedIn cannot ignore “Do Not Track” signals sent by users’ browsers. These signals allow internet users to opt-out of having their online activities tracked. Despite receiving these signals, LinkedIn still announced on its website that it engages in tracking for analysis and marketing purposes. The court said this communication is misleading, as LinkedIn is legally required to respect the Do Not Track requests.
Additionally, the court banned LinkedIn from automatically making users’ profiles publicly visible when they first create an account. This “Profile Visibility” default setting published users’ information without their consent, violating data protection regulations. Users must expressly agree before their profiles can be visible to non-members.
This comes after earlier partial rulings prohibited LinkedIn from sending unsolicited emails to non-members and using terms and conditions forcing users to waive certain legal rights.
Vzbv called the decision a victory for consumers: “When people activate ‘Do Not Track,’ it sends a clear message that they don’t want their online activities spied on. Website operators have to respect that.” The group said the ruling confirms internet users have control over their personal data.
Laws have little bite without enforcement
While the ruling against LinkedIn is a welcome development, I’m skeptical it will truly move the needle on respecting user privacy. Do Not Track has been around for years, yet sites continue ignoring it without consequence. This case may set a precedent, but it’s one isolated judgment in Germany.
For any real change, we need sustained enforcement across the EU, not just one-off lawsuits. But regulators have so far dragged their feet. And even if all sites in Europe complied, tech companies would likely just shift intrusive tracking outside the continent. Cookie consent banners have become pure theater.
Fundamentally, privacy and consent protections like Do Not Track rely on voluntary compliance by self-interested corporations. They find ways around rules meant to empower users. Some sites may make a show of respecting signals like DNT, but it’s trivial to bypass with superficial consent prompts.
Meaningful privacy ultimately requires rethinking how sites are built and monetized. But Silicon Valley has little incentive to abandon surveillance capitalism. Big Tech pays lip service to privacy while collecting as much data as possible. Unless that business model changes, I have little faith voluntary measures like DNT will be more than an empty gesture. This ruling is progress, but we need much bolder reforms.
