The Microsoft-owned social media platform informed the DPC in March of its intention to train its own proprietary generative AI models using the personal data of LinkedIn members based in the EU/EEA, beginning in early November.

The DPC raised concerns about aspects of the plan and made recommendations to address their potential negative impact on the data protection rights of individuals.

LinkedIn has now made a number of commitments, including a reduction in the scope of the personal data it will use to train its models, both in terms of the personal data to be used and the time period from which it proposed to draw the data.

Improved transparency notices will be introduced to help users to understand the personal data LinkedIn will process to train its AI models and their ability to opt out if they so wish.

The platform will also introduce improved measures to prevent the personal data of LinkedIn users under the age of 18 from being used to train the models.

It will implement filters to avoid the collection of potentially sensitive information shared on certain LinkedIn pages and groups, including trade union-related content.

LinkedIn will provide more detailed risk assessments and other required documentation under the GDPR, such as their legitimate interest assessment, data protection impact assessment and a compatibility assessment.

The DPC is also requiring LinkedIn to compile a report within five months of the commencement of processing which, amongst other things, will include an updated evaluation of the efficacy and appropriateness of the measures and safeguards it has introduced regarding the processing taking place.

“The DPC will continue to actively monitor LinkedIn’s rollout of this processing to ensure that everyone has an opportunity to take control of their personal data,” the regulator said.

“Users should have received notifications from LinkedIn advising them on how they can assert their right to object under the GDPR by opting out of their personal data being used for the purpose of training LinkedIn’s AI models.

“This can be done either via a dedicated toggle/switch within users’ account settings, or alternatively via LinkedIn’s data processing objection form.

“We remind all individuals using internet platforms to regularly review their privacy settings and controls so that these continue to reflect their personal preferences.”

It added: “The DPC’s goal throughout this process has been to ensure that LinkedIn is delivering innovation responsibly, mitigating identified harms and risks to individuals and appropriately considering users’ data subject rights by balancing and protecting their fundamental rights against the company’s interests.

“The DPC has not approved, or found compliant, LinkedIn’s use of users’ personal data for generative AI model training. However, the additional measures implemented by LinkedIn have sufficiently addressed the DPC’s concerns such that further regulatory intervention is not considered necessary at present.

“The DPC will continue to monitor LinkedIn’s GDPR compliance and will exercise further regulatory powers if necessary.

“The DPC, as the lead supervisory authority for many large global technology companies with their main establishment in Ireland, continues to regulate fairly, consistently and coherently, striving to ensure that the development and deployment of all AI models across the EU/EEA are treated in the same manner.”