This post is authored by Nidhi Kamath, a 4th-year student at Institute of Law, Nirma University

SETTING THE CONTEXT: LINKEDIN, MARKET POWER, AND DATA GOVERNANCE

LinkedIn, a subsidiary of Microsoft, has solidified its position as the foremost professional networking platform globally, boasting over one billion users by late 2024. It holds a uniquely powerful role in online recruitment, professional identity management, and career-focused data services. The platform's extensive reach, combined with established network effects and significant switching costs, has given LinkedIn substantial sway over the professional social networking digital landscape. LinkedIn has revised its Terms and Conditions and Privacy Policy, incorporating clauses that allow for the use of user-generated content, the usage excludes the private messages, for the purposes of artificial intelligence (AI) training purposes, effective from November 3 2025. This update also limited users' capacity to retract previously gathered data, raising critical issues regarding user consent and autonomy.

The research issue emerges from the convergence of competition law and data privacy regulations. On one side, LinkedIn's dominant market position enables it to enforce exploitative contractual terms that could be seen as an abuse of dominance, potentially hindering competing AI developers or professional networking services from accessing similar datasets. Conversely, the employment of personal and sensitive data without adequate consent poses a risk of violating privacy laws such as the EU's General Data Protection Regulation (GDPR) and India's Digital Personal Data Protection Act (DPDP) 2023, while also potentially leading to legal disputes in the United States, where issues of contractual fairness and consumer rights are concerned.

This article poses the question: Does LinkedIn's revised terms represent both an abuse of dominance and a violation of data privacy? To address this inquiry, it employs a doctrinal and comparative approach, referencing jurisprudence, regulatory enforcement, and scholarly analysis across the EU, U.S., and India.

ANALYTICAL FRAMEWORK: COMPETITION LAW AND DATA PROTECTION PRINCIPLES

Dominance in competition law means not just a high market share, but a state of economic power that allows a company to act independently of competitive forces. Cases involving digital platforms demonstrate the malleability of these principles. In Microsoft (2004), the Commission ruled against the tying practices involving Windows Media Player, whereas U.S. courts previously examined Microsoft's bundling of Internet Explorer. The most recent example is the FTC v. Meta Platforms case in the United States, which brings the controversy surrounding data-driven dominance and acquisitions to stifle emerging competition into focus. These cases indicate that control over data and network effects are key for evaluating dominance in digital markets.

Information protection regimes establish an isomorphic but separate range of principles intended to protect informational autonomy. The EU GDPR institutionalizes fundamental notions such as: consent Article 4(11), informed consent (Article 7), where user consent must be freely given, specific, and express; purpose limitation (Article 5(1)(b)), limiting data use to stated purposes; and data minimization (Article 5(1)(c)), where only necessary data may be processed. Similar provisions are found under the amended California Consumer Privacy Act (CCPA), which ensures the right to disclosure, opt-out of data sale, and non-discrimination against consumers availing such rights. India's DPDP 2023 also focuses on legitimate processing, notice requirements, and data principal rights of access, correction, and erasure.

REGULATORY AND PRACTICAL DIMENSIONS OF LINKEDIN’S REVISED TERMS

LinkedIn issued updates to its User Agreement and related privacy notices (November 3, 2025) to include new provisions regarding training in artificial intelligence (AI). The new terms now clearly define that LinkedIn can make use of the personal information and content submitted by users in the form of profiles, posts, comments, and similar contributions to build, train, and refine AI models. LinkedIn also implemented an opt-out feature that allows users to refuse future use of their data for content-generating AI tasks. The opt-out, though, is prospective only. LinkedIn makes it clear that opting out has no impact on already utilized data or already trained models. That is, the policy considers retrospective application as unavoidable and irreversible.

According to the updated terms, LinkedIn may process the personal information and user-generated content of users, like profiles, posts, and comments, to create, train, and improve AI models. By agreeing to the new User Agreement, users automatically consent to such processing via LinkedIn's Privacy Policy, which forms the contractual basis for such permissions. However, LinkedIn has provided only a forward-looking opt-out where users can object to any subsequent use of their data in generating AI-powered content. This opt-out does not apply retrospectively; data that have already been used to train models cannot be retracted or deleted. Although transparency is thereby provided, this creates unresolved questions of legality under Article 17 GDPR (right to erasure) and Section 12 DPDP (right to correction and erasure), since it means that users cannot actually take back previously contributed data. LinkedIn is also moving from an implicit opt-in model of user consent to an opt-out regime, which is a fundamental shift in the nature of user control and informed consent. Finally, the alignment of LinkedIn with Microsoft's ecosystem, in particular with regard to API access and interoperability, should be scrutinized more closely for whether such alignment might perpetuate data lock-in or create a risk of competitive foreclosure because third parties are denied access to comparable data sources.

The revised terms are directly connected to LinkedIn's integration within the Microsoft ecosystem. This reflects  LinkedIn's ability to share or merge information with Microsoft and its associated systems for enhancing AI development, ad targeting, and cross-platform functionality. LinkedIn’s API Terms of Use continue to govern developer access; however, these terms expressly disclaim any responsibility for providing support or training to third-party users. Therefore, the new terms allow extensive use and cross-utilization of user information in LinkedIn's AI and Microsoft-connected machinery, only subject to opt-out from future training by users.

One of the main effects is lock-in of data: users' past information, once added to training sets, becomes incorporated  in LinkedIn's AI models, binding users' data effectively to the platform. Since the opt-out does not delete previous data from models, individuals are not really disentangling from earlier inclusion. Entrants or competing platforms without similar access to LinkedIn's rich, long-tail profile and interaction data might find it difficult to respond to the complexity of LinkedIn's AI features, increasing competitive barriers. From the user's viewpoint, autonomy and transparency are compromised.

The default "opt-in" stance implies that numerous users unwittingly agree to data usage; opt-out methods are not necessarily clearly visible or broadly comprehended. Additionally, the retroactive application and lack of requirements for erasure of previously utilized data question meaningful consent. The lack of transparency not only presents concerns about fairness but also violates the transparency requirements under the GDPR (Articles 13-14) and notice obligations under DPDP (Section 5),Combined, these practices anchor LinkedIn's AI feature, distort competitive forces, and limit users' effective control over their data.

COMPETITIVE ASSESSMENT OF DOMINANCE AND STRATEGIC ABUSE

Definition of the Relevant Market

The initial step in examining whether LinkedIn's contractual behaviour constitutes abuse of dominance is the definition of the relevant market. LinkedIn mainly competes in the “Market for Professional Networking Sites”, which overlaps largely with the online recruitment and career services market. Whereas other sites like Indeed, Glassdoor, or other forums provide job matching or sector-specific communities, none match the distinctive combination of professional identity management, networking, hiring instruments, and built-in content creation provided by LinkedIn. Hence, the relevant market is delineated to be that of “Market for Professional Networking Sites”.

Forms of Abuse Potentially Available

Tying and Bundling: Through conditioning the access to the platform on terms of acceptance that permit the use of personal data (including private communications) for training AI, LinkedIn is potentially engaging in exploitative tying. The user cannot disconnect the fundamental networking service from ancillary usage of data in the development of AI, reminiscent of Microsoft bundling Internet Explorer with Windows.

Exclusionary Conduct: LinkedIn's past practice of restrictive API agreements, recently the subject of antitrust litigation illustrates how conditionality of access can be used as a weapon. By limiting third-party developers' use or interoperability with LinkedIn data, the platform may stifle innovation and reinforce its privileged status.

COMPARATIVE & INTERDISCIPLINARY INSIGHTS

The European Union is an example of a strong enforcement environment. Data protection regulations under the GDPR are strict, and breaches attract severe fines, as evidenced by LinkedIn's €310 million sanction from the Irish Data Protection Commission. At the same time, the EU applies abuse of dominance under Article 102 TFEU, allowing intervention where dominant platforms use data to shut out competition, such as in the Google Search (Shopping) case. The combined EU emphasis on data protection and competition allows regulators to deal with privacy threats as well as market power, and it is a model for integrated regulation.

In India, both competition and data protection intersect at an early stage. The Competition Act 2002, section 4 thereof, serves to outline a framework for dealing with abuse of dominance, but case law as applicable in the digital environment is underdeveloped.

POLICY IMPLICATIONS & WAY FORWARD

The examination of LinkedIn's new terms and related privacy and competition issues underscores the necessity for strong regulatory action in online markets. Firstly, examination of contractual conditions imposed by  platforms to prevent them from using market power in manners that undermine  the users' personal information. This involves determining whether consent mechanisms are actually meaningful and whether contractual obligations impose disproportionate burdens upon users or third-party service providers.

This consideration of the new terms on LinkedIn, along with their privacy and competition consequences, emphasizes that only under robust regulatory oversight can online platform governance be adequately addressed. Dominant digital intermediaries do commonly utilize contractual modalities that lock in control over data flows and limit market contestability. As such, regulators have to examine the contractual terms and conditions of hegemonic platforms to ensure that they do not use market power to solidify dominance or capture disproportionate amounts of personal information. This would also include an examination of whether consent mechanisms are genuinely informed and freely given or act only as formalities within asymmetrical bargaining situations. User obligations, therefore, need a careful examination into their proportionality and the impact of agreements placed upon third-party service providers. A series of foreclosure strategies entailing excessive integration, non-transparency of opt-out systems, and API frameworks may contribute to impeding fair competition, reducing data portability, and denting user autonomy. Transparency, accountability, and interoperability standards must become part of the regulatory response if there is to be a balance between user rights, the protection of data, and fair participation in markets in the emerging AI-driven digital economy.

Together, these proposals promote a comprehensive regulatory approach where consumer protection, competition on equitable terms, and innovation coexist. This can establish a digital space where platform dominance is challenged , markets are contestable, and user sovereignty is protected in the AI economy.