You Should Read LinkedIn's New Privacy Policy Carefully

He who pays plays. That seems to be the underlying thought behind LinkedIn’s new privacy policy and user agreement, both of which were updated last month.

And it’s an important thought to remember before you use your employer-paid-for LinkedIn account to investigate and/or apply for jobs with your company’s competitors. (Note: The changes aren’t slated to go into effect until June 7.)

“You own your LinkedIn personal account, but we clarified that when others (such as your employer) purchase premium features for you to use, in addition to having the right to stop your access to those premium features, your employer also gets access to reports on your usage of those premium features,” LinkedIn said.

“If the services were purchased by another party for you to use (e.g. Recruiter seat bought by your employer), the party paying for such service has the right to control access to and get reports on your use of such paid service.”
Later on, the privacy policy appears to exclude job hunting from the data shared with an employer. “We understand that certain activities such as job hunting and personal messages are sensitive and so we do not share those with your employer unless you choose to share it with them through our Services (for example, by applying for a new position in the same company or mention your job hunting in a message to a co-worker through our Services).”

That means that users need to be extra careful before clicking on the standard agreements, to make sure that they’re not reflexively agreeing to share job-hunting details with their current paycheck-generator.

Another thing to consider, which wasn’t addressed in LinkedIn’s new documents, is whether you are sharing information that might violate your employer’s default confidentiality agreement.

When you sign a confidentiality agreement, there is rarely an exception for LinkedIn bragging. For that matter, there’s also not an exception for such detailed bragging in a job interview, but at least most job interviews aren’t transcribed and then posted for search engine spiders. Just a thought.

Back to the LinkedIn changes. Most of the changes were standard fare, but a few were worth noting. This passage from the user agreement summary, for example, might be awarded Best Hypocritical Oath: “We added that our restriction against creating a false identity on our Services is not waived just because LinkedIn may rarely allow a clearly fictional profiles in connection with a promotional campaign that it has approved.”

This next policy is understandable, but the phrasing still has that “take your ball and go home” quality: “If you object to any changes, you may close your account.” How nice of LinkedIn to give its customers permission to leave.

But if you do choose to leave, do you think your data will be wiped? Think again. “We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our User Agreement, or fulfill your request to unsubscribe from further messages from us.”

Given the catch-all “enforce our user agreement,” it’s probably not safe to assume that anything will ever be deleted. Just adhere to the primary social media law and you’re fine: If it’s embarrassing in any way, assume it’s permanent.

Then there is the reminder of all of the ways LinkedIn will track you forever more.

“If you opt to import your address book, we receive your contacts (including contact information your service provider(s) or app automatically added to your address book when you communicated with addresses or numbers not already in your list). If you sync your email or calendars with our Services, we will collect your email header and calendar meeting information (e.g. times, places, attendees and contacts). We receive personal data about you when you use the services of our customers and partners, such as prospective employers and applicant tracking systems providing us job application data,” the new privacy policy said.

“We log usage data when you visit or otherwise use our Services, including our sites, app and platform technology (e.g., our off-site plugins), such as when you view or click on content (e.g., learning video) or ads (on or off our sites and apps), perform a search, install one of our mobile apps, share articles or apply for jobs. We use log-ins, cookies, device information and internet protocol (“IP”) addresses to identify you and log your use. We use cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to recognize you and/or your device(s) is on, off and across different Services and devices.

“When you visit or leave our Services (including our plugins or cookies or similar technology on the sites of others), we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Services from a mobile device, that device will send us data about your location.”

To be fair, this is not even close to the worst privacy policy. But given how much data many IT people pour into LinkedIn, and, yes, LinkedIn messaging absolutely counts, it’s definitely worth a sober read.

Computerworld

You Might Alos Read: 

Russia To Block LinkedIn:

Social Media & The New Advertising Model (£):

EU / US Privacy Shield Affects Your Organisation:

 

 

« How A Cyber Attack Transformed Estonia
Police Take To The Air With Connectivity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ICS2

ICS2

ICS² is the first cyber security company focusing on protecting the control system of power, oil, gas, and petrochemicals plants.

Cyber Execs

Cyber Execs

Cyber Execs is a Cyber Security Consultancy & Executive Recruitment firm.

Secret Double Octopus

Secret Double Octopus

Secret Double Octopus offers the world’s only keyless multi-shield authentication technology for users and things.

Future of Cyber Security Europe

Future of Cyber Security Europe

Future of Cyber Security Europe is a European wide event examining the latest cyber security strategies and technologies.

Defence Intelligence

Defence Intelligence

Defence Intelligence is an information security firm specializing in advanced malware protection.

Variti

Variti

Variti Intelligent Active Bot Protection technology — traffic analysis, detection and stopping of malicious bots in real-time and effective response to DDoS attacks.

Cyber Polygon

Cyber Polygon

Cyber Polygon is an annual online exercise which connects various global organisations to train their competencies and exchange best practices.

Comcast Business

Comcast Business

Comcast Business keeps businesses ready for what’s next with powerful connectivity, advanced cybersecurity solutions, and the right people at your side.

Appsec Phoenix

Appsec Phoenix

Appsec Phoenix is an end to end vulnerability management platform that focuses on workflows, threat feed, and real time data.

SolCyber

SolCyber

SolCyber, a Forgepoint company, is the first modern MSSP to deliver a curated stack of enterprise strength security tools and services that are accessible and affordable for any organization.

Privacy Compliance Hub

Privacy Compliance Hub

Privacy Compliance Hub provide an easy to use platform with a comprehensive data protection compliance programme including training, information, templates and reporting.

Orpheus Cyber

Orpheus Cyber

Orpheus Cyber provides predictive and actionable intelligence to our clients - enabling them to anticipate, prepare for and respond to the cyber threats they face.

Apex Systems

Apex Systems

Apex Systems is a world-class technology services business that incorporates industry insights and experience to deliver solutions that fulfill our clients’ digital visions.

Vault Cloud

Vault Cloud

Vault Cloud, Australia's National Cloud, is an Australian owned and operated company specialising in secure, sovereign, hyperscale cloud infrastructure.

SixMap

SixMap

SixMap is a continuous threat exposure management platform that automatically provides comprehensive enterprise visibility, contextual threat intelligence, and a suite of remediation actions.

SignalRed

SignalRed

SignalRed provides the cutting edge next-generation penetration testing and secure development solutions to startups and large enterprises.