Introduction: A New Legal Challenge Against LinkedIn
The digital rights group None of Your Business (NOYB) has filed a formal legal complaint in an Austrian court, arguing that LinkedIn’s ‘Who’s Viewed Your Profile’ feature violates the European Union’s General Data Protection Regulation (GDPR). According to the complaint, the feature — which is only fully available to paying subscribers — should be offered to all users in the EU free of charge, because the data involved constitutes personal information that individuals have a right to access under Article 15 of the GDPR.
The Core Allegation: Paywalled Data Versus Data Access Rights
NOYB claims that LinkedIn’s current practice creates a contradictory situation. When a free user wants to know who has viewed their profile, they are either forced to pay for a Premium subscription — starting at around €30 per month — or submit a formal Data Subject Access Request (DSAR). However, even when a DSAR is filed, LinkedIn reportedly refuses to hand over the visitor data, citing the need to protect the privacy of other users.
This, NOYB argues, is absurd: the company is using privacy concerns to deny a fundamental data access right, while simultaneously making the same data available to anyone willing to pay. As the group stated in its press release, “It is particularly absurd that LinkedIn is using a supposed ‘data protection interest’ as an argument to deny the right of access to data under the GDPR.”
Article 15 and the Right of Access
GDPR Article 15 grants individuals the right to obtain confirmation of whether their personal data is being processed, and if so, to access that data. NOYB contends that the list of profile visitors is personal data belonging to the account owner, and therefore must be disclosed to them upon request — without a price tag attached.
LinkedIn’s Contradictory Policy Explained
The feature originally launched in 2007, several years before the GDPR was enacted in 2018. At that time, LinkedIn began offering a basic version of profile visit information, but later moved the full visitor list behind a paywall as part of its Premium subscription plans. According to NOYB, this monetization of what should be a freely accessible right is illegal under current EU law.
“Either the data must not be accessible to anyone, or – if it is clear to the visitor that the data is visible – it must also be disclosed in accordance with Article 15 GDPR,” NOYB argued. In other words, if LinkedIn collects and stores the information about who viewed a profile, and even selectively reveals it to Premium users, then it cannot deny the same information to free users on privacy grounds.
How LinkedIn Might Defend Itself
LinkedIn is expected to present several counterarguments. Among them:
- User opt-out option: Both free and paid users can choose to remain anonymous when viewing profiles by turning off the visibility setting (under Settings > Visibility > Visibility when viewing other profiles). This means that many visits are already anonymous, and the data is not absolute.
- Privacy of other users: LinkedIn may argue that disclosing the full list of visitors would violate the privacy rights of those other users, especially if they had not opted into being visible. This creates a conflict between Article 15 access rights and other GDPR principles, such as data minimization and the rights of data subjects.
- Limited free access already exists: Free users can still see the last five visitors to their profile, provided those visitors have not chosen anonymity. This, LinkedIn could claim, is a reasonable compromise.
NOYB’s History of Taking on Tech Giants
NOYB is no stranger to high-profile privacy battles. In 2025, the group’s complaints led to French regulators fining Google €325 million ($381 million) over data collection and advertising practices. If the Austrian Data Protection Authority rules in NOYB’s favor, LinkedIn could face a significant financial penalty and be forced to restructure its profile-view feature for all EU users.
What This Means for LinkedIn Users
For now, free users in the EU continue to have limited visibility into who has viewed their profile. If the complaint succeeds, LinkedIn would need to either make the full visitor log available to all users free of charge, or remove the feature entirely — but it cannot keep it paywalled.
This case highlights a growing tension between business models that rely on monetizing personal data and the fundamental rights granted under the GDPR. As digital rights advocates push for stronger enforcement, companies like LinkedIn will need to carefully balance their revenue streams with compliance obligations.
Ultimately, the Austrian court’s decision could set a precedent for how social networks handle profile viewing data across the European Union. LinkedIn has not yet issued a detailed public response, but a spokesperson confirmed the company is reviewing the complaint.
Conclusion: Privacy vs. Profit — A Legal Test
The NOYB complaint underscores a key GDPR principle: access to one’s own personal data should not come with a price tag. Whether the court agrees that LinkedIn’s ‘Who’s Viewed Your Profile’ feature violates this right will be closely watched by privacy experts and tech companies alike. For now, the case adds another chapter to the ongoing debate over data ownership, corporate monetization, and the limits of privacy law.