The Irish Data Protection Commissioner has tapped LinkedIn US for processing more than 18 million e-mail addresses from non-users, in violation of privacy rules, to target them via Facebook ads.

LinkedIn In 2017, US processed the e-mail addresses of Europeans outside of LinkedIn, as reported by the AVG. The Irish Data Protection Commissioner investigated the case following a complaint from a person who did not use LinkedIn, but got advertising on Facebook to create an account on Microsoft’s corporate social network.

The 18 million e-mail addresses had been hacked but it is not known how LinkedIn came to the addresses. The company ceased its processing after the complaint and LinkedIn Ireland instructed the parent company to destroy the relevant personal data from before 25 May this year, the date on which the AVG took effect. The Data Protection Commissioner has not imposed a fine or other sanction through the cooperation of LinkedIn.