You Should Read LinkedIn's New Privacy Policy Carefully

Uploaded on 2017-05-05 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

He who pays plays. That seems to be the underlying thought behind LinkedIn’s new privacy policy and user agreement, both of which were updated last month.

And it’s an important thought to remember before you use your employer-paid-for LinkedIn account to investigate and/or apply for jobs with your company’s competitors. (Note: The changes aren’t slated to go into effect until June 7.)

“You own your LinkedIn personal account, but we clarified that when others (such as your employer) purchase premium features for you to use, in addition to having the right to stop your access to those premium features, your employer also gets access to reports on your usage of those premium features,” LinkedIn said.

“If the services were purchased by another party for you to use (e.g. Recruiter seat bought by your employer), the party paying for such service has the right to control access to and get reports on your use of such paid service.”
Later on, the privacy policy appears to exclude job hunting from the data shared with an employer. “We understand that certain activities such as job hunting and personal messages are sensitive and so we do not share those with your employer unless you choose to share it with them through our Services (for example, by applying for a new position in the same company or mention your job hunting in a message to a co-worker through our Services).”

That means that users need to be extra careful before clicking on the standard agreements, to make sure that they’re not reflexively agreeing to share job-hunting details with their current paycheck-generator.

Another thing to consider, which wasn’t addressed in LinkedIn’s new documents, is whether you are sharing information that might violate your employer’s default confidentiality agreement.

When you sign a confidentiality agreement, there is rarely an exception for LinkedIn bragging. For that matter, there’s also not an exception for such detailed bragging in a job interview, but at least most job interviews aren’t transcribed and then posted for search engine spiders. Just a thought.

Back to the LinkedIn changes. Most of the changes were standard fare, but a few were worth noting. This passage from the user agreement summary, for example, might be awarded Best Hypocritical Oath: “We added that our restriction against creating a false identity on our Services is not waived just because LinkedIn may rarely allow a clearly fictional profiles in connection with a promotional campaign that it has approved.”

This next policy is understandable, but the phrasing still has that “take your ball and go home” quality: “If you object to any changes, you may close your account.” How nice of LinkedIn to give its customers permission to leave.

But if you do choose to leave, do you think your data will be wiped? Think again. “We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our User Agreement, or fulfill your request to unsubscribe from further messages from us.”

Given the catch-all “enforce our user agreement,” it’s probably not safe to assume that anything will ever be deleted. Just adhere to the primary social media law and you’re fine: If it’s embarrassing in any way, assume it’s permanent.

Then there is the reminder of all of the ways LinkedIn will track you forever more.

“If you opt to import your address book, we receive your contacts (including contact information your service provider(s) or app automatically added to your address book when you communicated with addresses or numbers not already in your list). If you sync your email or calendars with our Services, we will collect your email header and calendar meeting information (e.g. times, places, attendees and contacts). We receive personal data about you when you use the services of our customers and partners, such as prospective employers and applicant tracking systems providing us job application data,” the new privacy policy said.

“We log usage data when you visit or otherwise use our Services, including our sites, app and platform technology (e.g., our off-site plugins), such as when you view or click on content (e.g., learning video) or ads (on or off our sites and apps), perform a search, install one of our mobile apps, share articles or apply for jobs. We use log-ins, cookies, device information and internet protocol (“IP”) addresses to identify you and log your use. We use cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to recognize you and/or your device(s) is on, off and across different Services and devices.

“When you visit or leave our Services (including our plugins or cookies or similar technology on the sites of others), we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Services from a mobile device, that device will send us data about your location.”

To be fair, this is not even close to the worst privacy policy. But given how much data many IT people pour into LinkedIn, and, yes, LinkedIn messaging absolutely counts, it’s definitely worth a sober read.

Computerworld

You Might Alos Read: 

Russia To Block LinkedIn:

Social Media & The New Advertising Model (£):

EU / US Privacy Shield Affects Your Organisation:

 

 

« How A Cyber Attack Transformed Estonia
Police Take To The Air With Connectivity »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

North American Electric Reliability Corporation (NERC)

North American Electric Reliability Corporation (NERC)

NERC is a not-for-profit international regulatory authority whose mission is to assure the reliability and security of the bulk power system in North America.

AFCON Control & Automation

AFCON Control & Automation

AFCON is a leading global provider of software solutions and services for the smart management of Control & Automation systems in the age of Digital Transformation.

Decision Group

Decision Group

Decision Group are a Total Solution Supplier offering Network Forensics and Lawful Interception tools.

Ipsidy

Ipsidy

Our identity platform enables mobile users to more easily authenticate their identity to a mobile phone or portable device of their choosing.

Cybertech

Cybertech

Cybertech Conference & Exhibition presents commercial problem solving strategies and solutions for the global cyber threat that meet the diverse challenges for a wide range of sectors.

TechArch

TechArch

TechArch helps customers to optimize their investments in cybersecurity by providing them independent and vendor-neutral consultation and guidance.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

Base Cyber Security

Base Cyber Security

Base Cyber Security is an information and cyber security talent service provider and career specialist.

Kasm Technologies

Kasm Technologies

Kasm Browser Isolation - Protect your organization from malware, ransomware and phishing by using zero-trust containerized browsers.

IP2Location

IP2Location

IP2Location provide services to identify geolocation by IP address, and to detect IP addresses associated with anonymous proxy servers, which are often used for fraud and spamming purposes.

Check Point Software Technologies

Check Point Software Technologies

Check Point Software Technologies is a leading provider of cyber security solutions to governments and corporate enterprises globally.

DuckDuckGoose

DuckDuckGoose

DuckDuckGoose offer advanced solutions to protect against manipulated videos, images, voices and texts.

Secolve

Secolve

Secolve is Australia’s next generation OT specialist cyber security firm, working with key industries to protect the nation’s critical infrastructure.

Ebryx

Ebryx

At Ebryx, we are at the forefront of cybersecurity innovation, leveraging over a decade of expertise to protect and empower organizations worldwide.

Hakai Security

Hakai Security

Hakai is a consulting firm specializing in information security that offers customized services and products to meet the needs and goals of each business.

ArmorX AI

ArmorX AI

ArmorX AI (formerly Kapalya) operates an encryption management platform designed to encrypt all data in transit and at rest on mobile end-points, corporate servers, and cloud servers.