Hey LinkedIn Lunatics!
Corporate Misconduct Accountability Project
LinkedIn Corporation · Class Action Lawsuit
LinkedIn Secretly Used Premium Users’ Private Messages to Train AI
LinkedIn allegedly disclosed private InMail messages from paying Premium subscribers to third parties for AI training without consent, breaching contractual privacy promises and violating federal law.
HIGH SEVERITY
TL;DR
LinkedIn Premium subscribers paid for enhanced privacy protections but the company allegedly disclosed their private InMail messages to third parties to train generative AI models without permission. Premium customers exchanged sensitive information about job searches, business deals, and compensation in messages they believed were confidential. When the practice was exposed in September 2024, LinkedIn quickly modified its privacy policy and offered an opt-out setting but refused to delete data already embedded in AI systems.
If you paid for LinkedIn Premium and sent private messages, your confidential communications may have been used to train AI without your knowledge or consent.
$1,000
Statutory damages per person sought under the Stored Communications Act
900M+
LinkedIn users whose data could be at risk
$39.99-$169.99
Monthly Premium subscription fees users paid for privacy protections
The Allegations: A Breakdown
Core Allegations
What LinkedIn did · 8 points
| 01 | LinkedIn disclosed Premium customers’ private InMail messages to third parties to train generative AI models without obtaining user consent. These messages contained sensitive professional information including job searches, startup financing discussions, intellectual property details, compensation negotiations, and personal matters. | high |
| 02 | LinkedIn introduced a new privacy setting in August 2024 that was enabled by default, automatically opting all users into AI data sharing. The company only disclosed this practice after media outlets began questioning the changes. | high |
| 03 | LinkedIn shared user data not only with Microsoft affiliates but also with at least one unnamed external provider. The company buried this crucial disclosure in an FAQ hyperlink rather than prominently in its Privacy Policy. | high |
| 04 | LinkedIn modified its Privacy Policy on September 18, 2024, the same day media reports exposed the practice, attempting to retroactively justify actions already taken. The company failed to notify users beforehand as required by its own policy terms. | high |
| 05 | LinkedIn refused to delete user data from existing AI models or retrain them without the improperly obtained information. The company admitted in its FAQ that opting out only stops future data use but does not affect training that already occurred. | high |
| 06 | LinkedIn quietly removed language from its FAQ promising to use privacy enhancing technologies to redact or remove personal data from training datasets. The company deleted this commitment after being caught. | high |
| 07 | LinkedIn breached Section 3.2 of its Premium Subscription Agreement which explicitly prohibits disclosing confidential information to third parties except to affiliates with need to know and written confidentiality obligations at least as restrictive as the agreement itself. | high |
| 08 | LinkedIn violated its Data Protection Agreement by processing Premium customer data for purposes beyond providing, supporting and improving LinkedIn services. Training third party AI models falls outside the explicitly permitted uses. | high |
Regulatory Failures
Where were the watchdogs · 5 points
| 01 | No regulatory body discovered LinkedIn’s data sharing practices proactively. Media reports and user queries forced the disclosure, not government oversight or investigation. | medium |
| 02 | LinkedIn made dramatic changes to user data processing without triggering any regulatory review. The company operated in shadows until external pressure mounted. | medium |
| 03 | The Stored Communications Act dates from 1986, long before AI existed as a mainstream technology. Current laws cannot adequately address modern cloud storage, real time data processing, and machine learning complexities. | medium |
| 04 | Regulators typically rely on public complaints or lawsuits before opening investigations. They do not proactively monitor Terms of Service updates from large corporations, leaving users vulnerable. | medium |
| 05 | LinkedIn apparently calculated that enforcement of digital privacy laws would be minimal. The slow moving nature of legislative bodies and under resourced watchdogs created an environment where violations could flourish. | medium |
Profit Over People
The business case for violating privacy · 6 points
| 01 | LinkedIn prioritized competitive advantage in the booming generative AI field over contractual obligations to Premium subscribers. User data became raw material for corporate gain without fair compensation. | high |
| 02 | Generative AI represents a multi billion dollar industry with tech firms racing to develop superior models. LinkedIn’s vast pool of professional communications provided invaluable training data for Microsoft’s AI products. | high |
| 03 | LinkedIn likely weighed potential legal costs against enormous financial rewards from AI capabilities. The company appeared to calculate that profits would exceed any fines or settlement expenses. | high |
| 04 | Premium subscription fees ranging from $39.99 to $169.99 monthly promised enhanced privacy protections. LinkedIn collected these payments while simultaneously violating the privacy guarantees users paid for. | high |
| 05 | Once user messages are embedded in AI neural networks, the data becomes permanently baked in beyond effective reach of consumer opt outs. LinkedIn secured lasting competitive advantage from temporary access to user data. | high |
| 06 | LinkedIn refused to delete AI models trained on unauthorized data or provide meaningful compensation to affected users. The company retained all benefits from the alleged misconduct. | high |
Corporate Accountability Failures
Breaking promises to paying customers · 6 points
| 01 | LinkedIn violated its own stated AI principle to provide transparency and explain in clear simple ways how AI impacts people. The company chose secrecy and cover up over accountability. | high |
| 02 | LinkedIn’s Data Protection Agreement Section 5.1 required processing customer data only for providing, supporting and improving LinkedIn services. The company breached this by sharing data for third party AI training. | high |
| 03 | No authorized Subprocessor listed in LinkedIn’s Data Protection Agreement was permitted to process Premium customer data for generative AI training purposes. Microsoft Corporation and its affiliates were only authorized for specific limited services. | high |
| 04 | LinkedIn’s Privacy Policy promised to notify users of material changes and provide opportunity to review before they became effective. The company violated this by sharing data first and updating policies only after being caught. | high |
| 05 | LinkedIn failed to investigate or remediate what its own Data Protection Agreement defines as a Personal Data Breach, which includes unauthorized disclosure of customer personal data. Section 5.5 required the company to bear all remediation costs. | high |
| 06 | Premium customers received less valuable services than they paid for. They purchased subscriptions with explicit privacy guarantees but LinkedIn delivered a product that violated those core promises. | medium |
Privacy and Security Harms
Real consequences for real people · 6 points
| 01 | Private InMail messages contained incredibly sensitive information about employment, intellectual property, compensation, job searches, startup financing, and personal matters that could be life altering if exposed. | high |
| 02 | Microsoft’s extensive ecosystem means private data could surface across multiple AI products including Word suggestions, Teams chat completions, and Microsoft 365 features. Each AI product represents a potential point for data leakage. | high |
| 03 | User data embedded in AI models of unknown third party providers creates risks of unintended profiling, biased decisions, and misuse in sensitive employment contexts. Users have no way to track where their messages ended up. | high |
| 04 | Plaintiff Alessandro De La Torre’s InMail messages about startup financing, job seeking efforts, and reconnecting with former colleagues are now permanently in AI systems. Exposure could jeopardize his professional relationships and compromise business opportunities. | medium |
| 05 | Many LinkedIn users are quietly exploring new job opportunities while currently employed. Having such confidential career discussions surface in AI generated content could negatively impact current employment relationships. | medium |
| 06 | Small business owners and entrepreneurs shared trade secrets and proprietary business strategies in InMail believing messages were private. This confidential information now exists in commercial AI systems without consent. | medium |
Community Impact
Who bears the costs · 5 points
| 01 | Professional relationships in smaller local economies thrive on trust and reciprocity. LinkedIn built its business model on being a trustworthy hub but allegedly violated that fundamental promise. | medium |
| 02 | Job seekers from historically marginalized communities who rely on LinkedIn to expand professional reach now face additional barriers if they cannot trust the platform with sensitive career information. | medium |
| 03 | Small town recruiters who find candidates for local businesses and entrepreneurs marketing local expertise lose essential tools if LinkedIn’s privacy violations make the platform unusable for confidential communications. | medium |
| 04 | Ordinary professionals shoulder risks of having confidential communications siphoned into corporate AI while large platforms accumulate gains. This widens wealth disparity as average workers rarely see direct financial benefit from LinkedIn’s profits. | medium |
| 05 | Users face high switching costs after cultivating networks and job leads over years. LinkedIn’s quasi monopolistic power in professional networking means users remain captive even after trust erodes. | medium |
The PR Machine
Damage control over real reform · 5 points
| 01 | LinkedIn responded to public exposure with swift Privacy Policy modifications on the same day rather than proactive transparency. The company attempted retroactive justification instead of genuine accountability. | medium |
| 02 | LinkedIn framed AI data sharing as service enhancements and innovation rather than acknowledging violations of user trust and contractual obligations. The company rebranded unethical conduct as progress. | medium |
| 03 | LinkedIn offered users an opt out setting for future disclosures but provided no remedy for data already collected. The company kept all benefits from past misconduct while appearing to address concerns. | medium |
| 04 | LinkedIn removed promises about using privacy enhancing technologies to redact personal data from training datasets after being caught. The company quietly deleted commitments it could not fulfill. | medium |
| 05 | LinkedIn deflected responsibility by referring vaguely to affiliates and another provider. The company obscured which entities received user data and for what specific purposes. | medium |
The Bottom Line
What this means · 6 points
| 01 | LinkedIn Premium subscribers paid monthly fees specifically for enhanced privacy protections. The lawsuit alleges they did not receive the services they purchased and are entitled to refunds and damages. | high |
| 02 | The lawsuit seeks $1,000 statutory damages per person under the Stored Communications Act plus actual damages for breach of contract. Millions of Premium subscribers could be affected. | high |
| 03 | Plaintiff demands algorithmic disgorgement requiring LinkedIn to delete or destroy all AI models trained using private InMail messages. This remedy aims to prevent ongoing harm from improperly obtained data. | high |
| 04 | LinkedIn violated the Stored Communications Act both as an Electronic Communications Service by disclosing unopened messages and as a Remote Computing Service by disclosing previously opened messages held in storage. | high |
| 05 | The case demonstrates how large corporations exploit regulatory gaps and rewrite terms behind the scenes when nobody is watching. Pattern repeats across industries under systems prioritizing profit over accountability. | medium |
| 06 | Without robust consequences for data misappropriation, the pattern of unauthorized use will continue. Real transformation requires structural reforms beyond individual lawsuit settlements. | medium |
Timeline of Events
July 2021
Plaintiff Alessandro De La Torre purchased LinkedIn Premium subscription and began sending private InMail messages
August 2024
LinkedIn quietly introduced new privacy setting for AI data sharing, enabled by default, automatically opting users into data disclosure program
September 18, 2024
Multiple news outlets reported on new privacy setting and questioned LinkedIn about undisclosed data sharing for AI training
September 18, 2024
LinkedIn discreetly updated Privacy Policy same day to add description of processing user data for generative AI purposes
October 1, 2024
LinkedIn removed language from FAQ promising to use privacy enhancing technologies to redact personal data from training datasets
January 21, 2025
Alessandro De La Torre filed class action complaint in U.S. District Court for Northern District of California
Direct Quotes from the Legal Record
QUOTE 1
LinkedIn’s admission that opt out does not fix past harm
allegations
“Opting out means that LinkedIn and its affiliates won’t use your personal data or content on LinkedIn to train models going forward, but does not affect training that has already taken place.”
💡 LinkedIn admits user data is permanently embedded in AI models and cannot be removed even if users opt out now.
QUOTE 2
LinkedIn disclosed data to unknown external providers
allegations
“The artificial intelligence models that LinkedIn uses to power generative AI features may be trained by LinkedIn or another provider.”
💡 LinkedIn admits sharing user data beyond Microsoft affiliates to unidentified third party providers for AI training.
QUOTE 3
LinkedIn’s contractual promise not to disclose confidential information
accountability
“Recipient will not disclose Confidential Information to any third party except (1) to Affiliates or employees, students, consultants, and agents who (i) have a need to know it in order to carry out their obligations under the Agreement, and (ii) are under written confidentiality and non-use obligations at least as restrictive as those stated in this LSA or (2) as required by law.”
💡 LinkedIn’s Premium Subscription Agreement explicitly prohibited the data sharing practices alleged in the complaint.
QUOTE 4
LinkedIn’s data processing limitations in Premium contracts
accountability
“Process Customer Personal Data (i) only for the purpose of providing, supporting and improving LinkedIn’s services (including to provide insights and other reporting), using appropriate technical and organizational security measures; and (ii) in compliance with the instructions received from Customer. LinkedIn will not use or Process the Customer Personal Data for any other purpose.”
💡 LinkedIn’s Data Protection Agreement limited data use to improving LinkedIn services, not training third party AI models.
QUOTE 5
LinkedIn’s promise to notify users of material policy changes
accountability
“LinkedIn can modify this Privacy Policy, and if we make material changes to it, we will provide notice through our Services, or by other means, to provide you the opportunity to review the changes before they become effective. If you object to any changes, you may close your account.”
💡 LinkedIn violated its own policy by sharing data first and only updating terms after media exposed the practice.
QUOTE 6
LinkedIn removed privacy protection promises
pr_machine
“The previous version of the FAQ stated: Where LinkedIn trains generative AI models, we seek to minimize personal data in the data sets used to train the models, including by using privacy enhancing technologies to redact or remove personal data from the training dataset. On or around October 1, 2024, LinkedIn removed the words including by using privacy enhancing technologies to redact or remove personal data from the training dataset.”
💡 LinkedIn deleted specific privacy commitments after being caught rather than fulfilling the promises it made to users.
QUOTE 7
Federal Trade Commission warning about retroactive policy changes
regulatory
“It may be unfair or deceptive for a company to adopt more permissive data practices, for example, to start sharing consumers’ data with third parties or using that data for AI training, and to only inform consumers of this change through a surreptitious, retroactive amendment to its terms of service or privacy policy.”
💡 The FTC specifically warned against exactly what LinkedIn allegedly did, suggesting the conduct violates unfair trade practice standards.
QUOTE 8
Sensitive nature of InMail communications
health
“Given its role as a professional social media network, these communications include incredibly sensitive and potentially life-altering information about employment, intellectual property, compensation, and other personal matters.”
💡 LinkedIn users shared highly confidential professional information expecting privacy protections they paid for.
QUOTE 9
Microsoft’s extensive reach amplifies privacy risks
health
“The extensive reach of Microsoft’s ecosystem makes disclosures to entities within its corporate structure particularly problematic. Private data could surface across Microsoft’s AI product suite, such as confidential job searches appearing in Word suggestions, business strategies in Teams chat completions, or salary discussions in Microsoft 365 features.”
💡 User data shared with Microsoft could emerge in multiple products creating ongoing privacy breach risks.
QUOTE 10
Plaintiff’s specific harms from data disclosure
health
“The contents of Plaintiff’s InMail messages included discussions about potential financing for startups, job-seeking efforts, and attempts to reconnect with former colleagues. The exposure of such information could jeopardize Plaintiff’s professional relationships, compromise business opportunities, and negatively impact his career prospects.”
💡 Real people face tangible professional and financial harm when confidential communications are exposed.
QUOTE 11
LinkedIn violated both ECS and RCS provisions
allegations
“LinkedIn violated the SCA when it knowingly disclosed the contents of Plaintiff and the Class Members’ private InMail messages to third-party entities. More specifically, LinkedIn violated § 2702(a)(1) by disclosing unopened InMail messages to third-party entities in its capacity as an ECS provider. Defendant also violated § 2702(a)(2) by disclosing previously opened InMail messages that were then held on its servers for storage purposes to third-party entities in its capacity as an RCS provider.”
💡 LinkedIn violated federal law protecting electronic communications whether messages were opened or still in storage.
QUOTE 12
Premium users did not receive contracted services
conclusion
“Plaintiff and the Class members suffered actual damages, in the form of overpayment for LinkedIn Premium subscriptions that did not include the promised data privacy protections for their private InMail messages. In other words, Plaintiff and the Class did not receive the benefit of the bargain, in that they received a less valuable service than the subscriptions they paid for.”
💡 Paying subscribers are entitled to refunds for services that failed to deliver promised privacy protections.
Frequently Asked Questions
Did LinkedIn really share my private messages to train AI?
According to the lawsuit, LinkedIn disclosed private InMail messages from Premium subscribers to third parties including Microsoft affiliates and at least one unnamed external provider for the purpose of training generative AI models. LinkedIn introduced an opt out setting in August 2024 that was enabled by default, meaning user data was automatically included unless users manually disabled it. The company only disclosed this practice after media reports questioned the changes in September 2024.
What kind of information was in the messages LinkedIn shared?
Premium users shared incredibly sensitive professional information in InMail messages including job searches, startup financing discussions, intellectual property details, compensation negotiations, business strategies, career transition plans, and personal matters related to work. Because LinkedIn is a professional networking platform, these communications often contained confidential information that could jeopardize careers, business opportunities, and professional relationships if exposed.
Did LinkedIn have permission to use my messages for AI training?
No. According to the lawsuit, LinkedIn did not have permission from Premium subscribers to disclose their private messages for AI training. Premium customers paid monthly fees specifically for enhanced privacy protections outlined in the LinkedIn Subscription Agreement and Data Protection Agreement. These contracts explicitly limited how LinkedIn could process and share user data, and training third party AI models was not among the permitted uses. LinkedIn only added language about AI training to its Privacy Policy in September 2024 after being caught.
Can LinkedIn delete my messages from the AI models now?
LinkedIn has refused to delete user data from existing AI models or retrain them without the improperly obtained information. In its own FAQ, LinkedIn admitted that opting out only stops future data use but does not affect training that has already taken place. Once data is embedded in AI neural networks, it becomes permanently baked into the model’s parameters and cannot easily be removed. The lawsuit demands algorithmic disgorgement, requiring LinkedIn to delete or destroy all models trained using private messages.
Who can join this class action lawsuit?
The class includes all LinkedIn Premium customers who sent or received InMail messages and whose private communications were disclosed by LinkedIn to third party entities including Microsoft affiliates for AI training purposes prior to September 18, 2024. If you paid for any LinkedIn Premium subscription tier including Premium Career, Premium Business, Sales Navigator, or Recruiter Lite and used InMail messaging during this period, you may be a class member.
What laws did LinkedIn allegedly violate?
The lawsuit alleges LinkedIn violated the federal Stored Communications Act which prohibits electronic communication service providers from knowingly disclosing the contents of private communications. LinkedIn allegedly violated this law both by disclosing unopened InMail messages and previously opened messages held in storage. The lawsuit also alleges breach of contract for violating the Premium Subscription Agreement and Data Protection Agreement, and violation of California’s Unfair Competition Law.
How much money is the lawsuit seeking?
The lawsuit seeks statutory damages of $1,000 per person under the Stored Communications Act, plus actual damages for breach of contract representing the difference between what Premium subscribers paid and the diminished value of services actually received. The lawsuit also seeks injunctive relief requiring LinkedIn to delete all AI models trained using private messages, restitution of overpaid subscription fees, attorneys’ fees, and costs.
What is algorithmic disgorgement?
Algorithmic disgorgement is the deletion or destruction of all AI models and algorithms trained using improperly obtained data. The lawsuit demands this remedy to prevent future harm from LinkedIn’s alleged misconduct. Without algorithmic disgorgement, the benefits of the unauthorized data use remain permanently embedded in AI systems even if LinkedIn stops collecting new data. This would allow LinkedIn to profit indefinitely from data it had no right to use.
Did Microsoft know about this data sharing?
Microsoft is the parent company of LinkedIn. According to the lawsuit, LinkedIn disclosed user data to Microsoft affiliates within its corporate structure and also to at least one other unidentified provider. The extensive reach of Microsoft’s ecosystem makes these disclosures particularly concerning because private data could surface across multiple Microsoft AI products including Word, Teams, and Microsoft 365 features.
What can I do if I am affected?
If you were a LinkedIn Premium subscriber who used InMail messaging prior to September 18, 2024, you may be automatically included in the class action and could receive compensation if the lawsuit is successful. You can also file a complaint with the Federal Trade Commission about LinkedIn’s practices. Additionally, you can opt out of future AI data sharing in your LinkedIn privacy settings, though this will not remove data already collected. Consider whether continuing to use LinkedIn for sensitive professional communications is appropriate given these allegations.
💡 Explore Corporate Misconduct by Category
Corporations harm people every day — from wage theft to pollution. Learn more by exploring key areas of injustice.
- 💀 Product Safety Violations — When companies risk lives for profit.
- 🌿 Environmental Violations — Pollution, ecological collapse, and unchecked greed.
- 💼 Labor Exploitation — Wage theft, worker abuse, and unsafe conditions.
- 🛡️ Data Breaches & Privacy Abuses — Misuse and mishandling of personal information.
- 💵 Financial Fraud & Corruption — Lies, scams, and executive impunity.
