GDPR Violation: ScribD acquires PII on 500M users in a deal with LinkedIn

TL;DR: If you have a LinkedIn account, you were signed up to SlideShare automatically without your knowledge or consent. Your account including all your personal information will be sold to ScribD unless you opt-out now. See “How to Opt Out” at the end of this article.

In early August, ScribD announced the acquisition of SlideShare for an undisclosed amount. I personally never registered to either services, no clue what ScribD except I think I heard the name before.

Received this email on my personal inbox index a few days after the annoncements.

It’s puzzling:

  • Why was it send to me? I’ve never used SlideShare
  • Where did they get my personal email? How did they get my full name too? (cut it out at the bottom)
  • Why does it says I have an account? I sure as hell don’t.
  • Why does it keep mentioning LinkedIn?
  • Last but not least, why does it offer to me to opt-out of reselling my personal information? I 100% oppose to that. Not only PII transfer should be opt-in under GDPR but they shouldn’t possess my personal information in the first place.

By the way, I’m accurately worried of anything trying to register as myself right now because I was hit by identify fraud by Revolut a couple months ago that was a whole nightmare to deal with.

Root Cause

After further reading and investigation. Here’s some explanations:

SlideShare was acquired by LinkedIn (Microsoft) in 2012 for $119M dollars.

  1. SlideShare is owned by Linked, that’s why the email refers to and links to LinkedIn multiple times.
  2. All the personal information originates from LinkedIn (names, email, phone numbers, etc…). I do have a profile with some info.
  3. LinkedIn ostensibly merged all the LinkedIn accounts into SlideShare at some point during the past 8 years.
  4. As part of the acquisition deal. All that personal data on LinkedIn/SlideShare will be transferred to ScribD.

A classic business deal to bundle and resell PII through a subsidiary. A quick google search says there are 500M users on LinkedIn (250M active in the past three months). There were other people who noticed the same thing on the internet and friends who got the same hints, evidence beyond reasonable doubt that ALL THE 500M LinkedIn userbase is being sold out.

No wonder that ScribD is interested in buying SlideShare… with 500M unwilling users served on a plate.

How to Opt Out

Follow this guide.

  1. Sign in to SlideShare
  2. Go to Menu “Account Settings”
  3. Delete Account
  4. Delete Account
  5. Yes, Delete my Account

“””Your account is deleted.

Please note that it takes about 24 hours for your content to stop showing up on the SlideShare search pages and it will take 2-3 days for it to be completely removed from Google Search (we have no control over that).

We are sad to see you go. Hope to see you again.”””

Check your LinkedIn resell-your-info settings

Since you’re there, might as well check your linkedin settings.

Go to LinkedIn => Me => Settings and Privacy.

  1. Manage who can discover your profile from your email address
  2. Manage who can discover your profile from your phone number
  3. Salary data on LinkedIn
  4. Who can see your email address => Only visible to me
  5. Who can see your Last Name
  6. Profile Visibility of LinkedIn (to non linkedin users)
  7. Microsoft Word (your profile is shown in some word features)

Most of it is enabled by default. You may want to keep a LinkedIn profile (it’s useful for jobs) but not display all your personal information wide open to the internet.