7 Ways LinkedIn's 'Who's Viewed Your Profile' Paywall May Violate GDPR
A landmark legal complaint filed by the digital rights group None of Your Business (NOYB) in an Austrian court alleges that LinkedIn's practice of charging users to see who viewed their profile violates the European Union's General Data Protection Regulation (GDPR). The complaint centers on Article 15, which guarantees individuals the right to access their personal data. NOYB argues that LinkedIn illegally restricts this access behind a paywall, effectively monetizing data that should be freely available. Below, we break down seven critical aspects of this case, from the contradictory policies at play to the potential penalties the company may face.
1. The Paywall on Profile View Data
LinkedIn introduced the 'Who's Viewed Your Profile' feature around 2007, giving users a list of visitors to their profile. Over time, the company turned this into a paid perk for Premium subscribers, with plans starting at €30 per month. Free users can only see the last five visitors (if those visitors haven't opted for anonymity). NOYB claims this creates an illegal barrier: the data is personal to the user, but access is gated by a subscription fee. Under GDPR, personal data must be accessible without charge, making the paywall a potential violation.
2. The Right of Access Under GDPR Article 15
GDPR Article 15 gives individuals the right to obtain confirmation from a data controller (like LinkedIn) about whether their personal data is being processed, and if so, to access that data. This includes a list of who has viewed their profile, since it reveals personal interactions tied to the user's identity. NOYB argues that LinkedIn's refusal to provide this data to free users on request violates this fundamental right. The company cannot claim data protection exemptions when it willingly shows the same data to paying subscribers.
3. The Contradictory DSAR Response
When free users submit a formal Data Subject Access Request (DSAR) to obtain their visitor data, LinkedIn denies it, citing data protection concerns for the visitors. Yet if the user upgrades to Premium, those same concerns vanish. NOYB calls this contradiction absurd: LinkedIn uses a supposed privacy argument to block free access while happily granting it for a fee. This not only undermines GDPR's spirit but also suggests the company is prioritizing revenue over compliance.
4. The 'Anonymous' Opt-Out Option as a Red Herring
LinkedIn allows all users to toggle a setting that makes their profile visits anonymous, showing only 'An Anonymous LinkedIn Member' to the profile owner. NOYB contends this doesn't resolve the GDPR issue. Even when visitors choose anonymity, the profile owner still has a right to know that someone visited—just not who. LinkedIn's paywall blocks even that basic information for free users. The opt-out only protects visitors' identities, not the owner's right to know a visit occurred.
5. Privacy vs. Transparency – LinkedIn's Defense
LinkedIn may argue that disclosing visitor data conflicts with other users' privacy rights under Article 15 itself. The company claims that revealing a visitor's identity without their consent violates their GDPR rights. However, NOYB counters that the visitor, by choosing to view a profile while not using anonymity, implicitly consents to being seen. The real conflict, says NOYB, is LinkedIn's choice to monetize this rather than enforcing a uniform policy. The company could easily default all users to anonymous visits if it truly cared about privacy.
6. NOYB's Track Record – Potential Fines
NOYB has a history of successfully taking on tech giants. In 2025, its complaint led to Google being fined €325 million by France's CNIL for data collection violations. If the Austrian Data Protection Authority rules against LinkedIn, the company could face significant penalties under GDPR, up to 4% of global annual turnover. For LinkedIn (a Microsoft subsidiary), that could amount to billions. NOYB also seeks an order requiring LinkedIn to provide the profile view data to all EU users for free.
7. Broader Implications for Social Media Monetization
This case could set a precedent for how social media platforms monetize personal data. If LinkedIn loses, other services like Facebook or Twitter might be forced to stop paywalling similar access features. GDPR's right of access was designed to empower individuals, not to be circumvented by subscription models. The outcome may force companies to rethink whether charging for data access is ever compatible with European privacy law. For consumers, it could mean more transparency without extra cost.
The NOYB complaint shines a spotlight on a critical tension in modern data privacy: the line between legitimate data monetization and fundamental rights. LinkedIn's 'Who's Viewed Your Profile' paywall may seem like a minor feature, but it encapsulates a larger problem of unequal access to personal data. As the case moves through Austrian courts, the verdict could reshape how platforms balance privacy, profit, and user rights across the EU. For now, free users remain in the dark—unless they pay up.