GDPR Violation: ScribD acquires PII on 500M users in a deal with LinkedIn


TL;DR: If you have a LinkedIn account, you were signed up to SlideShare automatically without your knowledge or consent. Your account including all your personal information will be sold to ScribD unless you opt-out now. See “How to Opt Out” at the end of this article.


In early August, ScribD announced the acquisition of SlideShare for an undisclosed amount. I personally never registered to either services, no clue what ScribD except I think I heard the name before.

Received this email on my personal inbox index a few days after the annoncements.

It’s puzzling:

  • Why was it send to me? I’ve never used SlideShare
  • Where did they get my personal email? How did they get my full name too? (cut it out at the bottom)
  • Why does it says I have an account? I sure as hell don’t.
  • Why does it keep mentioning LinkedIn?
  • Last but not least, why does it offer to me to opt-out of reselling my personal information? I 100% oppose to that. Not only PII transfer should be opt-in under GDPR but they shouldn’t possess my personal information in the first place.

By the way, I’m accurately worried of anything trying to register as myself right now because I was hit by identify fraud by Revolut a couple months ago that was a whole nightmare to deal with.

Root Cause

After further reading and investigation. Here’s some explanations:

SlideShare was acquired by LinkedIn (Microsoft) in 2012 for $119M dollars.

  1. SlideShare is owned by Linked, that’s why the email refers to and links to LinkedIn multiple times.
  2. All the personal information originates from LinkedIn (names, email, phone numbers, etc…). I do have a profile with some info.
  3. LinkedIn ostensibly merged all the LinkedIn accounts into SlideShare at some point during the past 8 years.
  4. As part of the acquisition deal. All that personal data on LinkedIn/SlideShare will be transferred to ScribD.

A classic business deal to bundle and resell PII through a subsidiary. A quick google search says there are 500M users on LinkedIn (250M active in the past three months). There were other people who noticed the same thing on the internet and friends who got the same hints, evidence beyond reasonable doubt that ALL THE 500M LinkedIn userbase is being sold out.

No wonder that ScribD is interested in buying SlideShare… with 500M unwilling users served on a plate.

How to Opt Out

Follow this guide. https://www.linkedin.com/help/slideshare/answer/53671

  1. Sign in to SlideShare
  2. Go to Menu “Account Settings”
  3. Delete Account
  4. Delete Account
  5. Yes, Delete my Account

“””Your account is deleted.

Please note that it takes about 24 hours for your content to stop showing up on the SlideShare search pages and it will take 2-3 days for it to be completely removed from Google Search (we have no control over that).

We are sad to see you go. Hope to see you again.”””

Check your LinkedIn resell-your-info settings

Since you’re there, might as well check your linkedin settings.

Go to LinkedIn => Me => Settings and Privacy.

  1. Manage who can discover your profile from your email address
  2. Manage who can discover your profile from your phone number
  3. Salary data on LinkedIn
  4. Who can see your email address => Only visible to me
  5. Who can see your Last Name
  6. Profile Visibility of LinkedIn (to non linkedin users)
  7. Microsoft Word (your profile is shown in some word features)

Most of it is enabled by default. You may want to keep a LinkedIn profile (it’s useful for jobs) but not display all your personal information wide open to the internet.

5 thoughts on “GDPR Violation: ScribD acquires PII on 500M users in a deal with LinkedIn

  1. People might think “I didn’t sign up to SlideShare so I’m not affected by this”, so probably you should mention something like this comment in HN, which explains it very clearly and concisely:

    If you have a LinkedIn account, you were signed up to SlideShare automatically without your knowledge or consent.

    You should be able to login right away, no need to sign up (again). “Login” button in corner then “Login with LinkedIn” button.

    (source: https://news.ycombinator.com/item?id=24407068)

    Like

  2. I mean, in the Opt Out instructions themselves, where you point to sign in to SlideShare. Even though the text conveys that PII from LinkedIn was merged, it might not be immediately obvious that an unsolicited sign up was also done for all LinkedIn users.

    Like

  3. I had to click Explore to see the icon for account to go into settings after logging in via LinkedIn. The confusion almost led me to deleting my LinkedIn account, so be careful.

    Like

  4. This is not accurate. Just because you have an account one one platform doesn’t mean you have an account on the other. My husband has LinkedIn but not SlideShare. I have both. He didn’t receive a notice, but I did.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s