10 Key Facts About the LinkedIn 'Who Viewed Your Profile' GDPR Complaint

LinkedIn’s paid feature that reveals who’s looked at your profile has sparked a major privacy complaint in Europe. The digital rights group None of Your Business (NOYB) argues that locking this data behind a paywall violates the EU’s General Data Protection Regulation (GDPR). In this list, we break down the allegations, the legal arguments, and what it means for users. Whether you’re a free member or a premium subscriber, these ten points explain why this case matters—and how it could reshape data access rules for social platforms.

1. The Core Complaint: GDPR Article 15 Violation

NOYB’s legal action, filed in an Austrian court, centers on Article 15 of the GDPR, which grants individuals the right to access their own personal data. According to the group, LinkedIn’s “Who’s Viewed Your Profile” feature collects a log of visitors—including names, job titles, and time stamps. When a free user requests this list via a formal Data Subject Access Request (DSAR), LinkedIn refuses, citing data protection concerns. Yet the same data becomes instantly available if the user pays for a Premium subscription. This selective denial, NOYB claims, directly contradicts the principle that access to personal data should be free and transparent under EU law.

2. The History: From Free Feature to Paywalled Perk

LinkedIn introduced the ability to see profile visitors around 2007, long before the GDPR came into force in 2018. Initially, it was a free tool for all members. Over time, as LinkedIn evolved its monetization strategy, the feature became a premium-only benefit. Free users now see only the last five visitors—and only if those visitors haven’t enabled anonymous browsing. NOYB argues this transition turned a basic data access right into a commercial product, effectively forcing users to pay to exercise a legal entitlement. The timing of the paywall, which predates GDPR, doesn’t exempt LinkedIn from current obligations, the group insists.

3. The Contradiction: “Data Protection” as a Shield

Perhaps the most striking aspect of LinkedIn’s defense is its use of data protection as a reason to deny access. When free users submit a DSAR, the company often responds that revealing visitor identities would infringe on those visitors’ privacy rights. Yet if the same user upgrades to a Premium plan, that privacy objection vanishes. NOYB calls this “absurd,” noting that the GDPR’s right of access is unconditional—it cannot be waived by a commercial transaction. The group believes LinkedIn is exploiting a loophole: pretending the data is too sensitive to disclose freely, while happily selling it to subscribers.

4. The Anonymous Opt-Out: A Double-Edged Solution

LinkedIn offers a setting that allows any user to browse profiles anonymously. When enabled, your visit is recorded as “Anonymous LinkedIn Member” rather than your actual name. Free members can still see the last five visitors who didn’t opt out. NOYB argues this is insufficient: the GDPR requires full access to all processing of your data, including the identities of viewers who chose anonymity. In the group’s view, the anonymity setting protects visitors, but it doesn’t justify withholding the list from the profile owner. The burden should be on LinkedIn to balance conflicting rights—not to monetize the imbalance.

5. LinkedIn’s Likely Legal Defense: Competing Privacy Rights

The company will likely argue that Article 15 must be balanced against the data subject’s own privacy rights under Article 8 of the EU Charter. In other words, disclosing who viewed a profile could expose visitors’ browsing behavior, which they might consider private. LinkedIn’s anonymity option is designed to protect that interest. However, NOYB counters that the GDPR explicitly allows for a balancing test, and that LinkedIn’s paywall is not a legitimate balancing measure—it’s a commercial one. The Austrian court will need to decide whether the right of access outweighs the privacy concerns of visitors, especially when the platform already provides an opt-out.

6. The Precedent: NOYB’s Track Record Against Tech Giants

NOYB is no stranger to taking on big tech. In 2025, the group’s complaint led to a €325 million fine against Google by France’s CNIL, related to data collection and advertising practices. That success gives weight to the LinkedIn case. NOYB founder Max Schrems has argued that companies often use “data protection” as a smokescreen to avoid compliance. The LinkedIn complaint follows the same playbook: identify a feature that commercializes personal data, highlight the GDPR conflict, and push for a regulatory penalty. If history repeats, LinkedIn could face a substantial fine—and a mandate to change its policy.

7. The Cost of Premium: €30 Per Month for a Legal Right

LinkedIn Premium Career starts at around €30 per month ($40 in the US). For that fee, subscribers gain full access to the visitor log. NOYB argues this creates an unfair barrier: only those who can afford the subscription can exercise their Article 15 right. In practice, many users might not even realize they have a legal claim to this data. The group estimates that millions of free users across the EU are affected. The pricing also highlights the irony: LinkedIn is charging for something that the law says should be free, turning a compliance obligation into a revenue stream.

8. The Data Subject Access Request (DSAR) Dilemma

When free users submit a DSAR to LinkedIn, the company typically denies it by stating that providing the list would violate the privacy of other users. NOYB calls this response “bogus” because LinkedIn already processes and stores that data—and shares it with Premium subscribers. The group argues that the GDPR requires controllers to respond to DSARs within one month, free of charge, without “undue delay.” By refusing free users and selling the same data, LinkedIn may be violating the principle of data minimization and purpose limitation. The case could force the company to clarify its DSAR handling procedures.

9. What the Complaint Seeks: An Order to Change and a Fine

NOYB is asking the Austrian Data Protection Authority to declare LinkedIn’s practice illegal and order the company to provide the “Who’s Viewed Your Profile” data to all EU users without charge. Additionally, the group wants a fine that reflects the duration and severity of the violation—potentially up to 4% of LinkedIn’s global annual turnover. This would serve as a deterrent for other platforms that might consider turning GDPR access rights into paid features. The outcome could set a major precedent for how social networks balance privacy, commercialization, and regulatory compliance.

10. The Bigger Picture: GDPR’s Teeth and Tech Accountability

This case is more than a single feature dispute. It tests whether the GDPR’s right of access is truly enforceable against platforms that mix personal data with subscription models. If NOYB succeeds, it could force LinkedIn—and other companies like Meta or X—to rethink how they gate data behind paywalls. Consumers may gain greater control over their information, while regulators will have a clearer framework for what constitutes a legitimate denial of access. The complaint also highlights the ongoing tension between free services, premium upgrades, and fundamental privacy rights—a debate that will only intensify as data becomes ever more valuable.

Conclusion: The LinkedIn “Who’s Viewed Your Profile” complaint is a landmark case that challenges the commercialization of personal data. NOYB alleges that charging for access to profile visitor logs violates the GDPR’s core principle of free data access. As the Austrian court reviews the arguments, users across the EU may soon see changes in how LinkedIn handles their data—and potentially a hefty fine for the company. Whether you’re a casual browser or a power user, this case reminds us that privacy rights shouldn’t come with a price tag.