Several U.S. states have enacted privacy laws to grant new privacy rights to their residents. These laws include the California Consumer Privacy Act, as modified by the California Privacy Rights Act (CCPA) (effective Jan. 2023), the Virginia Consumer Data Protection Act (effective Jan. 2023), the Colorado Privacy Act (effective July 2023), the Connecticut Data Protection Act (effective July 2023), and the Utah Consumer Privacy Act (effective Dec. 2023), among others.

Depending on the state, these laws provide individuals with rights to: 

  • Access their information  
  • Correct their inaccurate information 
  • Opt out if a business “sells” their information, uses or shares it for certain advertising purposes, or profiles them to make decisions with legal or similarly significant effects 
  • Be notified about a business’s data practices
  • Nondiscrimination for exercising their privacy rights  
  • Delete their personal information  
  • Appeal if a business refuses to delete, correct, or provide their information

The goals and key requirements of these laws are consistent with LinkedIn's longstanding commitment to data protection and transparency. This commitment is reflected in our focus on building privacy into our products, providing our members with control over their data and being transparent about how we use member data. Our Privacy Policy contains more information about the types of information we collect, how we use it, the circumstances under which we share it with others, how you can exercise your rights, and how to contact us. You can learn more about how we comply with the CCPA in our California Consumer Privacy Act Notice, which supplements our Privacy Policy. For purposes of the Colorado Privacy Act, we do not sell your data, engage in targeted advertising, or profile you to make decisions with legal or similarly significant effects. You may also find additional useful information on managing your LinkedIn profile in our Privacy FAQs.

Commitment regarding deidentified data

Under some laws, “deidentified” information is not considered personal information where a company commits that it will not attempt to reidentify it. Where we process information that we regard as deidentified, we will maintain and use it in deidentified form and will not attempt to reidentify it.