GDPR, Linkedin and ex employer...

frag420 · 16-06-2021 10:54am #1

Hi,

I was let go from a job last Feb. Prior to being let go the sales director signed the sales team up for a Linkedin marketing scheme for one month (30 days). In short they hired a company that sends out bulk connection requests (100 per day) on behalf of the company/myself as a lead generator. Its set up in a way that once connected with someone an auto reply is sent with more info on the company and products, so essentially its a marketing tool.

Now I have just found out that the invites are still being sent out from my Linkedin account on behalf of this company, I have counted in excess of 120 invites sent out without my knowledge since I was let go.

Now I understand this goes against the Linkedin user terms however we were told by the other company (the one that provides this marketing service) that it was all above board and within the Linkedin user terms and at the time I/we felt somewhat pressured into giving over password and login details as the team were under pressure to hit targets.

So is the use of my Linkedin profile and the personal data within on behalf of the company after they let me go a breach of GDPR, I had given permission for a month only however that was before I was let go.

While an employee there I had created a twitter account on behalf of myself and the company to build my network(I had permission for this from the CTO to use a product name for this, the twitter name was Myfirstname-Product) however they were quick to close that down after letting me go but did not do anything Re Linkedin.

Il be honest, considering the way I was treated there while an employee and the nature as to how I was let go I want to get what I can from them as they left me in the **** last Feb but thats a whole other story for another day!

What are my options here?

Thanks,

(edit - Based in UK if that helps)

ELM327 · 16-06-2021 10:56am

Change your password?

frag420 · 16-06-2021 11:01am

I have as of this morn. Just to add, I changed it the day after I was let go too so I am unsure how they are still accessing my account.

However the issue is about them using my Linkedin profile and the personal data within for marketing purposes after letting me go without my permission.

ClosedAccountFuzzy · 16-06-2021 11:10am

They’ve no relationship with you. Change the password and lock them out of the account immediately.

I’m not sure what laws it breeches, but it’s certainly very deliberate misrepresentation.

Be very aware of contact lists btw. They are personal data. If I for example followed you on linked in, I don’t expect my data to be passed onto a company who might spam me.

You could also find you are in breech of GDPR as your contacts have never given permission for their data to be given to that company.

All of that linked in information would be in the realms of personal data. So they shouldn’t have access to it and also you shouldn’t grant access to it.

I appreciate you were basically coerced into it by a manager, but that is abysmal data control policy by your former employers and could be deemed to be spamming and all sorts of stuff.

I would absolutely ensure that account is locked down immediately.

frag420 · 16-06-2021 11:21am

FuzzyThinking wrote: »

They’ve no relationship with you. Change the password and lock them out of the account immediately.

I’m not sure what laws it breeches, but it’s certainly very deliberate misrepresentation.

Be very aware of contact lists btw. They are personal data. If I for example followed you on linked in, I don’t expect my data to be passed onto a company who might spam me.

You could also find you are in breech of GDPR as your contacts have never given permission for their data to be given to that company.

All of that linked in information would be in the realms of personal data. So they shouldn’t have access to it and also you shouldn’t grant access to it.

I appreciate you were basically coerced into it by a manager, but that is abysmal data control policy by your former employers and could be deemed to be spamming and all sorts of stuff.

I would absolutely ensure that account is locked down immediately.

Thank you Fuzzy. Data control is just a small part of the sh!t show that was my ex employer! I have changed the password again so hoping that works, it didn't after changing it the day after I was let go however.

Regarding me breaking GDPR, any contacts I made myself directly would not be included in any lists so to speak, its just those that were contacted with a request to connect as part of this "campaign" that would have been added to a list via the third party. I am unsure if my ex employer had access to my full contact list so this is a worry now for me, although its a possibility.

ClosedAccountFuzzy · 16-06-2021 11:34am

I don’t think very much is ever likely to come of it but it’s just always a good idea to ensure that you’ve a clear understanding of what is & isn’t personal data

People publishing their contacts on Linked In for example have an expectation of being in a social network, so it’s unlikely they’ll be annoyed and there are tools within the platform for blocking and removing contacts and so on.

If you’re a contractor though or working for new companies, it’s best to keep a clear demarcation between data you have gathered outside of the business and the company.

A lot of it is a total mess though in general. I’ve encountered things like someone who had a mobile with multiple Google accounts accidentally syncing their entire phone book, and personal notes etc, into a corporate account, which they had no control over.

A lot of these tools aren’t really very well designed for the post GDPR EU market tbh

Connavar · 16-06-2021 11:35am

frag420 wrote: »

Thank you Fuzzy. Data control is just a small part of the sh!t show that was my ex employer! I have changed the password again so hoping that works, it didn't after changing it the day after I was let go however.

Regarding me breaking GDPR, any contacts I made myself directly would not be included in any lists so to speak, its just those that were contacted with a request to connect as part of this "campaign" that would have been added to a list via the third party. I am unsure if my ex employer had access to my full contact list so this is a worry now for me, although its a possibility.

If the password change didn't work last time, also go to privacy and security and end any active sessions that you don't think are you. Not sure if worth looking at the devices that remember your password too

Kimbot · 16-06-2021 11:35am

If you can change the email associated with your linked in account then do so straight away

ClosedAccountFuzzy · 16-06-2021 11:36am

Connavar wrote: »

If the password change didn't work last time, also go to privacy and security and end any active sessions that you don't think are you. Not sure if worth looking at the devices that remember your password too

That’s a very important point actually!

If you’ve any social media accounts that have been used in their systems end all active sessions. They may well remain accessible on other systems otherwise, as they set a token/cookie rather than using the password.

It’s always advisable to do that if you’ve used any personal social media or cloud service accounts on machines you don’t control.

blue_blue · 16-06-2021 8:37pm

It’s mostly like an app they’ve authorized on your account (not sure why they would ASK for your password to do this, they should be sending you a link to authorize the app to use your linkedin on your behalf). Just changing your password might not fix it.

Anyway, see this article on removing it: https://www.cnet.com/how-to/how-to-remove-app-connections-on-linkedin/

[Deleted User] · 16-06-2021 8:43pm

Changing your password or email address will not disconnect them. What's listed under Partners & Services here :- https://www.linkedin.com/psettings/account-preferences

Jim2007 · 16-06-2021 8:56pm

Il be honest, considering the way I was treated there while an employee and the nature as to how I was let go I want to get what I can from them as they left me in the **** last Feb but thats a whole other story for another day!

Most likely someone forgot to inform the third company of your exit. You need to contact the company and request them to stop using your account. You can’t on the one hand claim it is important to you while at the same time doing nothing about it.

frag420 · 16-06-2021 9:08pm

Jim2007 wrote: »

Most likely someone forgot to inform the third company of your exit. You need to contact the company and request them to stop using your account. You can’t on the one hand claim it is important to you while at the same time doing nothing about it.

I got on to them earlier, its stopped now.

GDPR, Linkedin and ex employer...

Comments