Microsoft faces ‘uninsurable’ GDPR penalty

LinkedIn parent declares it will defend itself vigorously

Microsoft faces ‘uninsurable’ GDPR penalty

Insurance News

By Terry Gangcuangco

LinkedIn parent Microsoft is facing a massive European Union General Data Protection Regulation (GDPR) fine in Ireland, which is among the countries where the said penalty is described as not insurable.

In a recent statement, Microsoft revealed: “In 2018, the Irish Data Protection Commission (IDPC) began investigating a complaint against LinkedIn (and other companies) as to whether LinkedIn’s targeted advertising practices violated the recently implemented European Union General Data Protection Regulation. Microsoft cooperated throughout the period of inquiry.

“In April 2023, the IDPC provided LinkedIn with a non-public preliminary draft decision that proposed a fine. After review and analysis, [Microsoft] will increase its existing reserve for the matter and, based on current exchange rates take a charge of approximately $425 million in the fourth quarter of fiscal year 2023.”

Microsoft, which has all intentions to respond to the draft decision, is planning to dispute the legal basis for the proposed fine, as well as the amount. The tech giant added that it will continue to defend its compliance with GDPR.

Meanwhile, it was noted that there is no set timeline as to when a final decision will be issued by the IDPC.

“However, after receiving a final decision, Microsoft will consider all legal options and intends to defend itself vigorously in this matter,” asserted the global corporation.

Not insurable

As previously reported by Insurance Business, there are very few places where companies can insure themselves against GDPR fines. Ireland, where LinkedIn’s case is at, isn’t one of those locations.

According to the third edition of DLA Piper and Aon’s “The price of data security” report, GDPR fines are not insurable in Austria, Belgium, Bulgaria, Cyprus, Denmark, Finland, France, Ireland, Italy, Latvia, Luxembourg, Malta, Portugal, Romania, Slovenia, Spain, Switzerland, and the UK.

Other places are tagged as “unclear” in terms of insurability of GDPR fines, while Norway and Slovakia are the only ones classified as countries where such penalties are insurable.    

“Breaches of GDPR and Data Protection Act 2018, respectively, will be subject to administrative fines and criminal fines,” reads part of the report pertaining to Ireland. “Such fines are not likely to be insurable in Ireland as a matter of public policy.”

What do you think about this GDPR story? Share your thoughts in the comments below.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!