LinkedIn's Paywalled Profile Views Under GDPR Fire: Key Questions Answered

LinkedIn's 'Who's Viewed Your Profile' feature, long a perk for paid subscribers, is now at the center of a legal complaint filed by the digital rights group None of Your Business (NOYB). The group argues that charging for access to this data violates the European Union's General Data Protection Regulation (GDPR), specifically the right of access under Article 15. Here are the essential questions and answers about the case.

What is the NOYB complaint against LinkedIn?

In July 2023, NOYB filed a complaint with the Austrian Data Protection Authority, alleging that LinkedIn's practice of restricting the 'Who's Viewed Your Profile' feature to paying subscribers violates GDPR. According to NOYB, LinkedIn is in effect charging users to access their own personal data, which should be freely available under Article 15. The group contends that when free users submit a formal Data Subject Access Request (DSAR) for this information, LinkedIn refuses access, citing data protection concerns—but instantly grants access if the user upgrades to a Premium plan. NOYB describes this as a "contradictory policy" that uses privacy as a pretext to protect a revenue stream.

How does the GDPR right of access apply to profile viewers?

Article 15 of the GDPR grants individuals the right to obtain confirmation about whether their personal data is being processed, and if so, access to that data. When someone visits a LinkedIn profile, the platform records that visit—including the visitor's name, headline, and other profile info. For the profile owner, this constitutes their personal data (the log of who viewed them). NOYB argues that LinkedIn must provide this data to all users upon request, regardless of subscription status. However, LinkedIn contends that releasing such information could conflict with the privacy rights of the visitors, creating a tension between two sets of rights. The company's current solution is to offer it only to those who pay, which NOYB calls illegal under the GDPR's transparency and fairness requirements.

Why does LinkedIn charge for profile view data?

LinkedIn introduced the profile viewing feature around 2007, long before the GDPR came into force in 2018. Over time, the company paywalled the full list of visitors as part of its Premium subscription packages (e.g., Career plan at €30/month or $40/month). The stated business rationale is that this data provides valuable networking insights that justify a premium service. However, NOYB argues that the move was purely commercial and contradicts GDPR principles. LinkedIn maintains that free users can still see the last five visitors (unless those visitors have enabled anonymity) and can toggle their own visibility to anonymous mode. The company claims this balances user interest with privacy, but critics say the paywall undermines the right of access.

What is LinkedIn's defense against the allegations?

LinkedIn is expected to argue that complying with an unrestricted right to see all profile visitors would infringe on the privacy of other users. Under GDPR, the rights of one data subject (the profile owner) must be balanced against the rights of others (the visitors). LinkedIn points out that all users, including free ones, can choose to browse profiles anonymously by disabling the sharing of their own visit data. The company also offers a limited preview of the last five viewers to free users. A LinkedIn spokesperson stated that the platform takes privacy seriously and is committed to providing controls. They may further argue that because users can opt out of being seen, the data is not strictly “personal data” in all cases, and that paywalling premium analytics is a standard business practice, not a GDPR violation.

What can free LinkedIn users currently see about profile views?

Free (non-Premium) LinkedIn users can see a limited set of data related to who has viewed their profile. Specifically, they can view the most recent five visitors who have not opted out of the visibility setting. Users can also see aggregated analytics such as the number of views in a given period and some company/industry demographics. However, the full list of everyone who visited the profile—and the detailed information about each visitor (name, job title, location, etc.)—is only available to Premium subscribers. Additionally, any user can choose to browse invisibly by turning off the "Visibility when viewing other profiles" toggle in Settings, which makes their visits appear as "Anonymous LinkedIn Member." This opt-out further complicates the access right, as the visitor's identity may not be recorded.

What are the potential outcomes of this case?

The Austrian Data Protection Authority will review NOYB's complaint and decide whether LinkedIn's policy breaches GDPR. If upheld, the case could result in a significant fine (up to 4% of global annual turnover) and an order to make profile view data freely accessible to all EU users. NOYB has a track record of success; for example, a previous complaint against Google led to a €325 million fine from French regulator CNIL in 2025. Alternatively, the authority could agree with LinkedIn's balancing of rights and allow the paywall to stand. The case also highlights broader GDPR issues around data access and monetization, potentially influencing how other platforms design their features. An appeal to the Court of Justice of the European Union is possible, meaning a final resolution may take years.

How can users submit a Data Subject Access Request to LinkedIn?

EU users who want to exercise their GDPR right of access can submit a formal DSAR to LinkedIn. This involves contacting LinkedIn's Data Protection Officer or using the company's privacy request portal (accessible via the Privacy Settings page). The request should specify that they want all data related to who viewed their profile. LinkedIn must respond within one month (extendable to three for complex requests). NOYB notes, however, that LinkedIn has routinely denied DSARs for profile view data, claiming that providing it would violate other users' privacy. The complaint argues this is inconsistent given that the data is provided to paying customers. Users who face denial can lodge a complaint with their local data protection authority, which is exactly the path NOYB is pursuing on behalf of affected individuals.