LinkedIn is facing a class-action lawsuit in the US alleging that the professional networking platform disclosed Premium customers’ private messages to third parties without consent for use in training generative artificial intelligence (AI) models. The lawsuit, filed by plaintiff Alessandro De La Torre in the U.S. District Court for the Northern District of California, accuses LinkedIn of breaching its contracts with Premium subscribers, violating the Stored Communications Act (SCA), and engaging in unlawful business practices under California’s Unfair Competition Law (UCL).
The complaint centres on allegations that LinkedIn secretly disclosed the contents of private InMail messages, available exclusively to paying Premium subscribers, to third-party entities for AI model training. “LinkedIn breached its contractual promises by disclosing its Premium customers’ private messages to third parties to train generative artificial intelligence (AI) models,” the complaint reads.
Claims of secret data sharing
The lawsuit claims LinkedIn introduced a privacy setting in August 2024, allowing users to opt out of data sharing for AI training. However, this setting was enabled by default, effectively opting users in unless they manually disabled it. LinkedIn updated its privacy policy in September 2024 to state that user data could be used to train AI models and added a FAQ stating that opting out “does not affect training that has already taken place,” suggesting prior data use.
According to the filing, LinkedIn’s actions breached Section 3.2 of the LinkedIn’s Subscription Agreement (LSA), which prohibits the disclosure of confidential information, and Sections 5.1 and 5.5 of the Data Protection Agreement (DPA), which restrict data processing to specific purposes related to LinkedIn’s services. The lawsuit also alleges violations of the SCA, which prohibits service providers from knowingly divulging the contents of communications stored on their servers without user consent.
The plaintiffs also highlight LinkedIn’s failure to fulfil its commitments regarding material privacy policy changes. According to the policy, LinkedIn promised to notify users of changes and provide an opportunity to object before they took effect. However, the complaint alleges LinkedIn retroactively amended its privacy terms to justify data-sharing practices.
The lawsuit seeks $1,000 per person in statutory damages under the SCA, actual damages for diminished subscription value, and injunctive relief to delete all AI models trained using improperly disclosed data. The case comes nearly a decade after LinkedIn’s $26.1bn acquisition by Microsoft in 2016, which integrated it into Redmond’s ecosystem of professional tools.
The complaint raises broader concerns about user data exposure across Microsoft products like Microsoft 365, Teams, and Word. It warns that such integration increases risks of privacy breaches, unintended profiling, and potential misuse in contexts like employment and business negotiations. The plaintiffs allege LinkedIn “attempted to cover its tracks” by retroactively amending its privacy policies, contradicting its public commitments to ethical AI use and transparency.
“These are false claims with no merit,” LinkedIn said in a statement, as reported by Reuters. Microsoft has not commented on the case, while the plaintiffs’ legal counsel declined further remarks.
Read more: LinkedIn trains AI models on user data ahead of changes to privacy policy
