[emn13]

I can't quite parse your sentence (typo?) but I think you mean to ask whether it's possible that LinkedIn shared the PII when the user used their LinkedIn account to login to Scribd?

Doing so would in any case (I assume) violate the GDPR if LinkedIn doesn't doesn't have your informed consent for that. Perhaps their trying to weasel this under the "technically necessary" exception, but that strikes me as unlikely to hold water - at best they'd need to share some minimal token (e.g. if you sign in via google or some other auth provider, you get told what data google will share in advance, and it's possible to share fairly little).

[dathinab]

Yes that is what I meant, to late to edit.

The problem is that you might have "force opt. in" into a TOS agreement which states you allow the data transfer. So depending on the sign up with linkedln dialog it might have been legal...

[emn13]

Consent must specifically be freely given; it's not a valid basis if it's "forced opt in" in a TOS. I'm not sure if there's any jurisprudence here (on exactly what freely given means). Even if consent with a TOS were to be considered freely given (I don't think so, but IANAL), it would still need to be clear, and most TOS fail to clear that hurdle. At best it would be a push, and in principle if the legal basis in invalid, punishments can be just as severe as if you hadn't bothered trying at all (although clearly the enforcement at the moment still appears to give violators a lot of chances to repair any issues; so in practice a seemingly reasonable if invalid attempt might at least buy some temporary reprieve if every enforcement comes knocking).