EU/EEA, UK, and Swiss data transfers

Last updated: 1 year ago

LinkedIn's services require data to flow from the European Union (EU), the European Economic Area (EEA), United Kingdom (UK) and Switzerland to the United States (U.S.) and back. To ensure that personal data is protected during such transfers, LinkedIn relies on certain lawful transfer mechanisms, as described below.  

Standard Contractual Clauses 

LinkedIn relies on European Commission-approved Standard Contractual Clauses as a legal mechanism for certain data transfers from the EU/EEA and Switzerland (the Designated Countries), and on the UK Data Transfer Addendum for certain data transfers from the UK. These clauses are contractual commitments between companies transferring personal data (for example, from LinkedIn Ireland Unlimited Company to its suppliers or to LinkedIn Corporation), binding them to protect the privacy and security of the data. LinkedIn companies adopted Standard Contractual Clauses so that the data flows necessary to provide, maintain, and develop our services take place legally.  

If you are in the Designated Countries or the UK, you can contact LinkedIn to request a copy of LinkedIn’s Standard Contractual Clauses. 

LinkedIn’s Data Privacy Framework Statement 

On July 10, 2023, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework thereby designating the United States as a country that ensures an adequate level of protection for personal data transferred from the EU/EEA. LinkedIn Corporation and its controlled U.S. subsidiaries (“LinkedIn”) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. LinkedIn has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the EU/EEA in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. LinkedIn has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between these terms and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit: https://www.dataprivacyframework.gov

LinkedIn’s participation in the Data Privacy Framework applies to personal data provided by LinkedIn’s members, customers, business partners along with human resource data where such personal data is received from the EU/EEA, United Kingdom and Switzerland. LinkedIn will comply with the Data Privacy Framework Principles in respect of such personal data. LinkedIn’s participation in the Data Privacy Framework does not apply at this time to any other personal data not described in this statement. 

LinkedIn’s accountability for personal data that it receives under the Data Privacy Framework and subsequently transfers to a third party is described in the Data Privacy Framework Principles. LinkedIn remains responsible and liable under the Data Privacy Framework Principles if LinkedIn’s third-party agents process personal data on LinkedIn’s behalf in a manner inconsistent with the Principles, unless LinkedIn demonstrates that it is not responsible for the event giving rise to the damage. LinkedIn may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, LinkedIn commits to resolve DPF Principles-related complaints about its collection and use of your personal data. EU, UK and Swiss individuals with inquiries or complaints regarding the handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact us by reaching out here. For additional ways to contact LinkedIn, please visit the "Contact Information" section of LinkedIn’s Privacy Policy

For any complaints that cannot be resolved with LinkedIn directly, LinkedIn has chosen to cooperate, for purposes of the EU-U.S. Data Privacy Framework, with EU data protection authorities (DPAs) and comply with the information and advice provided to it by an informal panel of DPAs in relation to such unresolved complaints (as further described in the Data Privacy Framework Principles). Please contact us to be directed to the relevant DPA contacts. With regard to personal data transferred under the UK Extension to the EU-US DPF and Swiss-U.S. Data Privacy Framework, LinkedIn will cooperate with the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC), respectively, for the resolution of such unresolved complaints. As further explained in the Data Privacy Framework Principles, a binding arbitration option may be used to address residual complaints not resolved by any other means. LinkedIn is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). 

We remain committed to ensuring that our members continue to use our services to advance their careers and pursue professional opportunities worldwide. LinkedIn will continue to rely on the protections provided by the Standard Contractual Clauses (SCCs), the Data Privacy Framework, or as otherwise available under applicable law for data transfers. 

Note: LinkedIn's data centers, which store our members' information, are currently located in the U.S.