Yup. Entirely possible. Blocking third party cookies might somewhat reduce sites’ ability to tell that you’re the same you on the same browser between VPN and direct connection, but even that isn’t any guarantee that Linkedin (and/or the ad providers Linkedin uses) and Spotify (and/or their ad providers) don’t know you’re the same user between VPN and direct. And if there’s some amount of collusion and/or purchase of user tracking info going on between those entities, even only first-party cookies are sufficient for them to be able to prove the link between your direct and VPN IP addresses. Even without any cookies, though, there are still browser fingerprinting techniques that are worth looking into if you want to know more about defeating that sort of tracking.