You Should Read LinkedIn's New Privacy Policy Carefully

He who pays plays. That seems to be the underlying thought behind LinkedIn’s new privacy policy and user agreement, both of which were updated last month.

And it’s an important thought to remember before you use your employer-paid-for LinkedIn account to investigate and/or apply for jobs with your company’s competitors. (Note: The changes aren’t slated to go into effect until June 7.)

“You own your LinkedIn personal account, but we clarified that when others (such as your employer) purchase premium features for you to use, in addition to having the right to stop your access to those premium features, your employer also gets access to reports on your usage of those premium features,” LinkedIn said.

“If the services were purchased by another party for you to use (e.g. Recruiter seat bought by your employer), the party paying for such service has the right to control access to and get reports on your use of such paid service.”
Later on, the privacy policy appears to exclude job hunting from the data shared with an employer. “We understand that certain activities such as job hunting and personal messages are sensitive and so we do not share those with your employer unless you choose to share it with them through our Services (for example, by applying for a new position in the same company or mention your job hunting in a message to a co-worker through our Services).”

That means that users need to be extra careful before clicking on the standard agreements, to make sure that they’re not reflexively agreeing to share job-hunting details with their current paycheck-generator.

Another thing to consider, which wasn’t addressed in LinkedIn’s new documents, is whether you are sharing information that might violate your employer’s default confidentiality agreement.

When you sign a confidentiality agreement, there is rarely an exception for LinkedIn bragging. For that matter, there’s also not an exception for such detailed bragging in a job interview, but at least most job interviews aren’t transcribed and then posted for search engine spiders. Just a thought.

Back to the LinkedIn changes. Most of the changes were standard fare, but a few were worth noting. This passage from the user agreement summary, for example, might be awarded Best Hypocritical Oath: “We added that our restriction against creating a false identity on our Services is not waived just because LinkedIn may rarely allow a clearly fictional profiles in connection with a promotional campaign that it has approved.”

This next policy is understandable, but the phrasing still has that “take your ball and go home” quality: “If you object to any changes, you may close your account.” How nice of LinkedIn to give its customers permission to leave.

But if you do choose to leave, do you think your data will be wiped? Think again. “We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our User Agreement, or fulfill your request to unsubscribe from further messages from us.”

Given the catch-all “enforce our user agreement,” it’s probably not safe to assume that anything will ever be deleted. Just adhere to the primary social media law and you’re fine: If it’s embarrassing in any way, assume it’s permanent.

Then there is the reminder of all of the ways LinkedIn will track you forever more.

“If you opt to import your address book, we receive your contacts (including contact information your service provider(s) or app automatically added to your address book when you communicated with addresses or numbers not already in your list). If you sync your email or calendars with our Services, we will collect your email header and calendar meeting information (e.g. times, places, attendees and contacts). We receive personal data about you when you use the services of our customers and partners, such as prospective employers and applicant tracking systems providing us job application data,” the new privacy policy said.

“We log usage data when you visit or otherwise use our Services, including our sites, app and platform technology (e.g., our off-site plugins), such as when you view or click on content (e.g., learning video) or ads (on or off our sites and apps), perform a search, install one of our mobile apps, share articles or apply for jobs. We use log-ins, cookies, device information and internet protocol (“IP”) addresses to identify you and log your use. We use cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to recognize you and/or your device(s) is on, off and across different Services and devices.

“When you visit or leave our Services (including our plugins or cookies or similar technology on the sites of others), we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Services from a mobile device, that device will send us data about your location.”

To be fair, this is not even close to the worst privacy policy. But given how much data many IT people pour into LinkedIn, and, yes, LinkedIn messaging absolutely counts, it’s definitely worth a sober read.

Computerworld

You Might Alos Read: 

Russia To Block LinkedIn:

Social Media & The New Advertising Model (£):

EU / US Privacy Shield Affects Your Organisation:

 

 

« How A Cyber Attack Transformed Estonia
Police Take To The Air With Connectivity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CERT Polska

CERT Polska

CERT Polska is the first Polish computer emergency response team and operates within the structures of NASK (Research and Academic Computer Network) research institute.

IoTium

IoTium

Secure Cloud Managed Software Defined IoT Networks. IoTium simplifies establishing and managing secure network infrastructure for Industrial IoT.

I-Tracing

I-Tracing

I-TRACING are experts in IT security, specialized in legal compliance of information systems, security of information systems, and the collection of digital evidence and traces.

CyberVista

CyberVista

CyberVista is a cybersecurity training education and workforce development company. Our mission is to eliminate the skills gap by creating job ready professionals.

BlueFiles

BlueFiles

BlueFiles enables users to send encrypted files securely while maintaining full control over recipients, access periods, downloads, and printing.

National Forensic Sciences University (NFSU)

National Forensic Sciences University (NFSU)

National Forensic Sciences University is the world’s first and only University dedicated to Digital Forensic and allied Sciences.

CTM360

CTM360

CTM360® is a Cyber Security subscription service offering 24 x 7 x 365 Cyber Threat Management for detecting and responding to cyber threats.

CloudOak

CloudOak

CloudOak is a cloud channel provider for hybrid cloud Backup as a Service (BaaS), Disaster Recovery as a Service (DRaaS) and Archiving to Small to Medium Business (SMB).

IAR Systems

IAR Systems

IAR Systems are a frontrunner in a changing industry, and a future-proof software supplier enabling the IoT.

Blockchain Reactor

Blockchain Reactor

Blockchain Reactor is a blockchain consultancy and implementation company providing cutting-edge blockchain solutions for start-ups and enterprises.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Canopius Group

Canopius Group

Canopius is a global specialty lines insurance and reinsurance company and one of the top 10 insurers in the Lloyd’s insurance market.

Secure Forensics

Secure Forensics

Secure Forensics can assist in any situation that requires digital forensics or an investigation ranging from complex criminal matters to fraud and file tampering to cyber crime.

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

Communicate Technology

Communicate Technology

Communicate Technology are IT, telecoms and cyber-security specialists, keeping over 500 businesses and 50,000 users connected and secure across the UK.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.