Running a LinkedIn Outreach Agent in a GDPR-Compliant Way

A LinkedIn outreach agent is an AI system that supports B2B prospecting on LinkedIn: it researches target contacts, enriches them, personalises messages and drafts outreach. Running it in a GDPR-compliant way means that the data processing relies on Art. 6(1)(f) GDPR (legitimate interest) with a documented balancing of interests, grants an effective right to object and meets transparency obligations - without browser automation or scraping breaching LinkedIn's terms of use.

The most common misconception: because an agent can technically automate everything, this is also permissible. In reality, there are two separate risk levels - the contractual law of the platform (LinkedIn's terms of service) and data protection law (GDPR, supplemented in AT/CH by the TKG and the revFADP respectively). Both must be satisfied independently of one another.

Three quick answers up front:

• What agents may do safely: research, enrichment, personalisation and message drafts - in each case with human approval before sending.
• What is risky: fully automated connecting and messaging via browser automation, scraping beyond the official API, mass contacting without rate limiting.
• What is legally mandatory: documenting the Art. 6(1)(f) balancing test, meeting the duty to inform (Art. 14) and the easy right to object (Art. 21), and from 2 August 2026 additionally AI Act transparency (Art. 50) where there is direct AI interaction.

The platform risk: browser automation and account suspensions

LinkedIn actively takes action against automation tools. The research is unambiguous here: browser automation and scraping that imitate human usage behaviour breach the terms of use and risk the suspension of the account. A concrete signal from 2025: several accounts belonging to vendors of autonomous outbound agents - including founder accounts of Artisan - were restricted towards the end of 2025. Anyone steering an agent directly via a LinkedIn login therefore risks not just a GDPR debate, but the loss of the sales channel itself.

The strategic consequence: the agent should not appear as a bot that logs into a LinkedIn session and acts autonomously there. Operation is safe when the agent works off-platform (research, drafting in its own systems) and the human triggers the actual actions - connection request, message - themselves in the regular LinkedIn interface. LinkedIn remains the dominant channel in DACH B2B; Xing is practically no longer relevant for B2B purposes. This is precisely why the account is too valuable to jeopardise through automation.

The GDPR legal basis for B2B cold outreach

For cold B2B outreach, Art. 6(1)(f) GDPR (legitimate interest) is the typical legal basis. Under EDPB Guidelines 1/2024 (adopted on 8 October 2024) and EDPB Opinion 28/2024 (17 December 2024), the controller must document a three-stage assessment:

1. Purpose test: the interest must be lawful, real, present and specifically identified. "Improve AI-assisted acquisition" is not enough; "qualified initial outreach to suitable decision-makers for product X" is.
2. Necessity test: could the purpose be achieved with less or more anonymous data? This argues for data minimisation - only the fields needed for the outreach, not a complete copy of the profile.
3. Balancing of interests: weighting against the reasonable expectations of the data subjects, the nature of the data and the context. The EDPB criteria (was the information public? the relationship between data subject and controller? the nature of the service? the awareness of being online?) must be applied.

Public does not mean free. A persistent error is that publicly accessible profile data is exempt from the GDPR. The CJEU standard from Meta/Bundeskartellamt (C-252/21, 4 July 2023) and the Clearview AI fines in Italy, France, Greece, the United Kingdom and the Netherlands confirm the opposite: public availability establishes neither consent nor any other legal basis - the balancing test under Art. 6(1)(f) remains necessary.

Data origin and the duty to inform. Since the contact data is not collected from the data subject themselves (but instead originates from profiles, B2B data brokers or enrichment services), the duty to inform under Art. 14 GDPR applies. The "disproportionate effort" exception (Art. 14(5)(b)) is narrower than is often assumed - the EDPB report of the ChatGPT taskforce makes this explicit. In practical terms this means: at the latest with the first outreach, inform transparently about the data source, the purpose, the legitimate interest and the means of objecting. The CNIL recommends a layered privacy notice - a short, clearly understandable layer (AI nature, retention period, opt-out) with a linked detailed layer.

Objection (Art. 21). Where processing is based on Art. 6(1)(f), the right to object must be designed to be easy, prominent and effective. The CJEU interpreted Art. 21 in the SCHUFA-related proceedings as a general right in such constellations - not limited to "particular situations". An incoming objection (or a clear refusal in the conversation) must reliably lead to a stop of further outreach and to deletion in one's own systems.

Action, risk, recommendation - the decision table

The following table separates what agents may do safely from what jeopardises the account or compliance. It is a professional assessment, not legal advice.

Rate limiting and human-like behaviour

Even where the human triggers the actions, the principle holds: frequency and patterns count. Mass contact requests fired off at intervals of seconds are both a technical detection signal for platform protection systems and an indication of processing that exceeds the reasonable expectations of the data subjects. Realistic daily volumes, temporal spread and contextual - not template-based - messages are both account protection and a balancing-test argument. In DACH B2B, over-templated AI outreach is recognised by decision-makers within weeks anyway; deliverability and brand perception suffer.

A concrete example with figures

A DACH software SME wants to reach 600 decision-makers in manufacturing companies. The GDPR- and terms-of-service-compliant setup looks like this:

• Research agent (off LinkedIn): builds a list with minimised fields - name, role, company, a relevance hook - from a GDPR-native sales intelligence source such as Dealfront (Karlsruhe, ~6 million companies, ~24 million contact records, as of 2026).
• Drafting agent: drafts a personalised initial message per contact, including a reference to the data origin and an opt-out.
• Human (rep-in-the-loop): checks each draft, corrects hallucinations and triggers the connection as well as the sending themselves in LinkedIn - e.g. spread across around 20 contacts per working day rather than 600 at once.
• Objection logic: every refusal or objection is flagged in the CRM with a subject_id; a scheduled job removes the data from the enrichment and memory layers.

Documented are: the LIA (Legitimate Interest Assessment) across the three stages, the list of data sources, retention periods and the opt-out register. This makes the processing auditable - and the LinkedIn account remains untouched, because no bot operates it.

Why full autonomy fails in DACH B2B

The temptation to take the human out entirely is great - the evidence argues against it. Pure autonomous SDR stacks have not yet proven themselves at scale in the DACH B2B SME sector. The cause is a combination: the hard LinkedIn enforcement against automation, UWG Section 7 (DE) as well as its counterparts the TKG (AT) and the revFADP (CH), and the multi-stage procurement process in the DACH SME sector (engineering, purchasing, finance, management; typically 6-18 months). "Presumed consent" as a justification for cold outreach is narrow and contested. The CEO of Artisan, for instance, conceded that the first generation of autonomous SDR products had "extremely bad hallucinations" and "relatively high churn". What works in the DACH region is not "replacing the SDR" but rep-in-the-loop augmentation.

In Switzerland the threshold is higher still: the revFADP does not provide for corporate fines, but it does provide for criminal sanctions against natural persons of up to CHF 250,000 for intentional breaches of certain duties (transparency, information in the case of automated decisions, professional secrecy), and the grounds for justification under Art. 31 revFADP are worded more narrowly than Art. 6(1)(f) GDPR.

Note: This article is a professional assessment and does not replace legal advice. The cited articles, deadlines and proceedings stem from the underlying research; for an assessment of a specific individual case, please seek expert legal advice.

For agencies and B2B teams

For agencies, the GDPR-compliant LinkedIn outreach agent is a clearly delimitable value proposition: you deliver research, personalisation and drafting automation including a documented balancing test and opt-out process - while deliberately keeping the account-operating automation out. This is sellable because it reduces risk rather than creating it. For B2B teams, the sequence is: first meeting summaries and CRM upkeep (the highest ROI certainty, the lowest risk), then prospecting and personalisation, and only after compliance sign-off on UWG Section 7 (DE), the TKG (AT), the revFADP (CH) as well as an explicit review of LinkedIn's terms of use a cautious look at more far-reaching automation. Those who keep the human in the decision step gain speed without forfeiting the account or compliance.