LinkedIn’s expanded and more intelligible privacy policy

LinkedIn recently announced an update to its privacy policy and user agreement in a blog post titled “Updating LinkedIn’s Privacy Policy”. Although LinkedIn updated the user agreement too, the emphasis was more on updates to its privacy policy

Updated user agreement

The user agreement remained substantially the same as the previous version. The big change is more about layout and accessibility improvements. The new version makes use of summaries in a side panel which highlight the key points in the somewhat denser text in the main body of the document.

Other helpful features of the new version are a reminder about the contractually binding nature of the user agreement as well as a summary of the changes to this version (LinkedIn published a changes summary with its previous version in October 2012).

Updated privacy policy

The privacy policy received the same visual overhaul as the user agreement. An appealing change to the privacy policy which wasn’t applied to the user agreement is the use of a series of icons that remind me of the Mozilla-originated Privacy Icons project which was established to bring more clarity to privacy policies using descriptive icons. Although the icons in the LinkedIn privacy policy don’t go quite in the same direction or as far as the Privacy Icons project, they are helpful in ascertaining, at a glance, what the various sections are about.

One of the fundamental clauses in the privacy policy is the clause titled “Consent to LinkedIn Processing Information About You” which reminds users about the effect of the policy:

The personal information you provide to us may reveal or allow others to identify aspects of your life that are not expressly stated on your profile (for example, your picture or your name may reveal your gender). By providing personal information to us when you create or update your account and profile, you are expressly and voluntarily accepting the terms and conditions of LinkedIn’s User Agreement and freely accepting and agreeing to our processing of your personal information in ways set out by this Privacy Policy. Supplying information to us, including any information deemed “sensitive” by applicable law, is entirely voluntary on your part. You have the right to withdraw or modify your consent to LinkedIn’s collection and processing of the information you provide at any time, in accordance with the terms of this Privacy Policy and the User Agreement, by changing your Settings or by closing your account.

The new privacy policy goes onto quite a bit more detail about what personal information it collects from you and what it does with that personal information. For example, in the 2012 version, the privacy policy says the following about registration information:

When you register an account to become a LinkedIn user (“User”), such as your name, e-mail, employer, country, and a password.

In the new privacy policy, LinkedIn uses a more detailed clause:

To create an account on LinkedIn, you must provide us with at least your name, email address, and a password. You can choose to provide further information about yourself during the registration process (for example, your gender and location). We use this additional information to provide you with more customized services like language-specific profile pages and updates, more relevant ads, and more valuable career opportunities, and it may appear on your LInkedIn profile that is viewable by others. You understand that, by creating an account, LinkedIn and others will be able to identify you by your LinkedIn profile, and you allow LinkedIn to use this information in accordance with this Privacy Policy and our User Agreement. We may also ask for your credit card details if you purchase certain LinkedIn services.

Some clauses are entirely new and relate to LinkedIn’s expanded service offering. The clause dealing with “Address book, LinkedIn Contacts, and other services that sync with LinkedIn” deals largely with LinkedIn’s contacts import feature and its new LinkedIn Contacts app which combines contacts on your device with interactions on LinkedIn and select 3rd party services like Evernote and Tripit. This functionality introduces an interesting challenge, especially given LinkedIn’s professional focus. Users can add their contacts’ contact details and that information potentially has considerable value (imagine the value of, say, Richard Branson’s mobile number if you are fortunate to have it?).

LinkedIn allows users to remove data they have introduced to LinkedIn, to a degree. The following clause is part of the Address book clause:

Any information that you upload or sync with LinkedIn is covered by the User Agreement and this Privacy Policy. You can remove your information at your convenience using the features LinkedIn makes available or in accordance with Section 3. We collect information when you sync non-LinkedIn content—like your email address book, mobile device contacts, or calendar—with your account. We use this information to improve your experience. You can remove your address book and any other synced information at any time.

The user agreement’s relevance is largely that it contains license provisions which apply to content users submit to LinkedIn (for example, an image of Richard Branson’s business card submitted with LinkedIn’s CardMunch app). These provisions state the following (I highlighted some of the more interesting words and phrases):

You own the information you provide LinkedIn under this Agreement, and may request its deletion at any time, unless you have shared information or content with others and they have not deleted it, or it was copied or stored by other users. Additionally, you grant LinkedIn a nonexclusive, irrevocable, worldwide, perpetual, unlimited, assignable, sublicenseable, fully paid up and royalty-free right to us to copy, prepare derivative works of, improve, distribute, publish, remove, retain, add, process, analyze, use and commercialize, in any way now known or in the future discovered, any information you provide, directly or indirectly to LinkedIn, including, but not limited to, any user generated content, ideas, concepts, techniques and/or data to the services, you submit to LinkedIn, without any further consent, notice and/or compensation to you or to any third parties. Any information you submit to us is at your own risk of loss. By providing information to us, you represent and warrant that you are entitled to submit the information and that the information is accurate, not confidential, and not in violation of any contractual restrictions or other third party rights. It is your responsibility to keep your LinkedIn profile information accurate and updated.

Submitting information to LinkedIn requires users to take responsibility for what they are submitting. Bearing in mind that LinkedIn has extended its platform to 3rd party websites and services in a manner that is not all that different to Facebook’s Platform extensions (although Facebook seems to have taken more care to give its users options for removing information they submit to Facebook), sharing sensitive information with LinkedIn can have problematic consequences.

This is especially important bearing in mind LinkedIn’s “Indemnification” clause in the user agreement which provides as follows:

You agree to indemnify us and hold us harmless for all damages, losses and costs (including, but not limited to, reasonable attorneys’ fees and costs) related to all third party claims, charges, and investigations, caused by (1) your failure to comply with this Agreement, including, without limitation, your submission of content that violates third party rights or applicable laws, (2) any content you submit to the Services, and (3) any activity in which you engage on or through LinkedIn.

Although LinkedIn references your ability to close your account and remove your data from the service repeatedly, it may not be quite so simple. LinkedIn reserves the right to retain data after you have closed your account. This is not unusual but you should factor this into your planning when you share information:

We retain the personal information you provide while your account is active or as needed to provide you services. LinkedIn may retain your personal information even after you have closed your account if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes between Members, prevent fraud and abuse, or enforce this Privacy Policy and our User Agreement. We may retain personal information, for a limited period of time, if requested by law enforcement. LinkedIn Customer Service may retain information for as long as is necessary to provide support-related reporting and trend analysis only, but we generally delete closed account data consistent with Section 3.A., except in the case of our plugin impression data, which we de-personalize after 12 months unless you opt out.

This policy operates on the basis of consents users give to LinkedIn through the privacy policy itself. As this warning, below, points out, you agree to the user agreement and privacy policy (and subsequent changes) when you use the service. It is your responsibility to read the user agreement and privacy policy carefully and make sure you both understand the documents and are comfortable that your intended use of the service falls within the scope of that governing contractual framework and your comfort levels.

Published by Paul Jacobson

Enthusiast, writer, Happiness Engineer at @automattic. I take photos too. Passionate about my wife, Gina and #proudDad.

%d bloggers like this: