Paying LinkedIn subscribers may have been spooked by a recently-filed lawsuit that indicated the “Premium” subscription was not necessarily guaranteeing that their private messages stayed private. In certain countries, generally those without strong data privacy laws at the national level, the company was accused of training AI models with private InMail messages that may have also been provided to third parties. However, that suit has now been dismissed as LinkedIn has presented evidence that it did not use these messages for AI training.
The suit was filed in California and noted that while customers in a number of countries were automatically exempted from having their data put toward training AI models, US users had their content and messaging (including private messages) included by default. A setting then had to be manually toggled off to prevent data sharing, but the description of the setting did not indicate that InMail private messages would be included.
LinkedIn clears itself of charges of unauthorized sharing of private messages
The suit was complex as there was no direct evidence presented that LinkedIn used the private messages in training AI models. It instead pointed to a number of rapidly-made changes to company policies, none of which explicitly stated that InMail messages were being used for training. The suit alleged that LinkedIn’s continued refusal to publicly deny that InMail had been used in this way was evidence in and of itself, something that the company has now finally cleared up.
The allegations stemmed from a September 2024 privacy policy update that was accompanied by the announcement of the creation of a “trust and safety” division at the company. That announcement did not necessarily inspire those feelings in users, however, as it noted that policy going forward would be to use all posts and other data on the site for training AI models belonging to owner Microsoft. That announcement post was accompanied by a FAQ that indicated that user data had already been put to use in this way prior to the policy update, without users having any previous notification of this, and that this data may be provided to third parties.
The policy change did not apply evenly across the globe, however. If a country has national privacy laws regulating these practices, it was likely excepted from the new terms; LinkedIn users in the EU and EEA, UK, Switzerland and China are not having their data put toward training AI models. But users in the US were presented with a new setting called “Data for Generative AI Improvement” that is on by default, and must be hunted down in the menus and turned off to opt out of data sharing. This setting also reportedly appeared about a month before the September privacy policy update was announced.
The lawsuit noted that subscribers to one of LinkedIn’s handful of “Premium” services are protected by a separate contract called the “LinkedIn Subscription Agreement” (LSA) that offers some additional specific privacy protections, most notably a promise to not disclose private messages or other confidential communications to third parties.
The suit alleged violation of the US Stored Communications Act, breach of contract, and unfair competition under California state law. LinkedIn initially responded to media stories of the suit with statements that it was composed of “false claims” and had “no merit,” but took some time in issuing a public denial of private messages being used in training AI models. If the suit had gone forward as proposed each LinkedIn Premium user that was impacted could have received $1,000 in compensation.
LinkedIn used some customer data in training AI Models, but not InMail messages
LinkedIn claims that subscriptions to its Premium services have been exploding as of late, specifically due to the AI features the platform has been gradually adding. LinkedIn Recruiter is one that specifically makes use of InMail, automatically crafting targeted recruitment pitches for prospects.
Users generally assume that their business communications are being kept confidential and may have discussed company secrets, private aspects of intellectual property or employment terms, or job search elements that they would rather not be made public. Because AI models are so opaque to the outside world, it is impossible for the end user to know if this private data will accidentally surface somewhere else in the future. Compounding the public concern about the LinkedIn suit is the fact that owner Microsoft has a broad range of AI projects, from the Copilot chat assistant now present on all Windows systems to the Azure AI tools used by data scientists.
For this reason, some legal observers expect a boom in AI-related lawsuits in the coming years. A recent analysis from leading research firm Forrester projects that similar suits will increase by 20% over the remainder of 2025. Dr Ilia Kolochenko, Partner & Cybersecurity Practice Lead at Platt Law LLP and Vice-Chair at the ABA’s Information Security Committee, notes that this may also trigger a new wave of regulatory action: “Normally, it should not be a technically complex task to collect sufficient external evidence that may, at least, indicate that data of Premium LinkedIn customers has been used for AI model training – if it was the case. If so, LinkedIn may face many other lawsuits including class actions, whilst the FTC may also intervene for unfair and deceptive practices. This may lead not only to significant financial losses but even to a judicial order to destroy AI models trained on unwarrantedly collected data, possibly including those ones owned by third parties. Having said this, with the President Trump administration, there is still a lot of uncertainty about the regulatory landscape and priorities in the US, things will hopefully get clear by the end of this year. In any case, all US customers who care about their privacy should opt out from using their data for AI training purposes.”

