There is a natural assumption that the contents of an inbox are being kept relatively private and secure, particularly when one is paying for a subscription to a service. So it was quite a shock to LinkedIn’s Premium service subscribers that there were allegations of the Microsoft-owned company using private messages for training AI models, even though paying users are covered by an additional and more expansive privacy policy.
However, new evidence appears to have cleared LinkedIn of the charge. A lawsuit filed in California alleging that US users of the platform’s Premium services had their InMail private messages fed into AI training has been dismissed. The suit had not presented direct evidence that InMail training had happened; rather, the assertion was based on LinkedIn’s rapid series of privacy policy changes and a prior refusal to publicly state that messages were not used for training AI models.
Endless appetite for data in training AI models leading to suspicions, legal issues
LinkedIn says that Premium subscriptions have been selling like hotcakes as of late, but that could have gone in the other direction if InMail private messages (as well as pretty much all other platform activity) were not found to be safe from being fed into Microsoft’s AI models. It has proven difficult to dissuade companies from training AI models with any and all data they can get to, with a common view in the industry that it’s cheaper to take eventual legal penalties than to fall behind in the great development race.
Other AI models have already demonstrated issues with personal and private information that they’ve taken in being regurgitated elsewhere, sometimes totally at random. And the nature of development usually precludes developers from getting into the guts and manually finding or removing personal info that these models may have swept up during their massive scraping missions. That threw an understandable scare into LinkedIn Premium users when the suit was announced, at least those in the US and other impacted countries, who may have assumed their private messages about internal company information and employment possibilities were now exposed. But it would appear that LinkedIn has sufficiently demonstrated that InMail was indeed kept private.
Do paid subscriptions ensure private messages aren’t wandering off-platform?
LinkedIn’s seeming refusal to just publicly disavow the possibility allowed for the suit to be filed. In September of 2024 users were told that the site privacy policy was being updated and that public information could be used for training, but the paid Premium members are supposed to be covered by an enhanced “LinkedIn Subscription Agreement” (LSA) that promises that third parties will not be able to access non-public information.
There are some nations that do not have to worry about the possibility of private messages disappearing into the AI meat grinder, for the most part those with very strong national-level data privacy laws: EU and EEU members, the United Kingdom, China and Switzerland for a few examples. LinkedIn opted to avoid training AI models with their data to sidestep regulatory challenges. But when these changes were made in September, US users were presented with a toggle switch setting that was on by default and had to be manually turned off to opt out of data sharing. That setting also seems to have appeared at least several weeks before the privacy policy updates and blog posts bringing awareness to the new terms.
Should the suit have gone forward against LinkedIn it could have been found in violation of the US Stored Communications Act, breach of contract, and unfair competition under California state law. The plaintiffs had been asking $1,000 in compensation for each impacted member.
