Data Privacy

In the beginning I started getting lots of unrecognised calls on my personal mobile.  Normally I ignore them, but as I started getting periodic repeat calls from the same number, I decided to answer as it might be important. It wasn't. Someone was offering to "save me up to 90% of my cloud costs". At this point, I was intrigued. How did they get my number? I keep my personal number private, and always ensure I check (or uncheck) the correct boxes on Websites to ensure my data isn't shared. I asked the salesman and he said that they use Lusha , who use your LinkedIn profile and combine it with data from other sources. This bothered me. I haven't transacted with Lusha so they have no legitimate use of handling my data. Worse still, they are speculatively combining data without verification, not knowing if it's personal or private. Then they are using that data and selling it on (or making it available via a service to others) without my consent. Finally, the use...

Lusha has registered headquarters in Boston, USA. They have a good sized legal team based in Tel Aviv, Israel, some of whom profess their privacy credentials.

Under UK GDPR legislation you have the right to be forgotten . Lusha provide a form you can submit to request your removal from their systems.  However, this may require you to provide more information than you wish (e.g. your phone number or email address) and also requires you to sign up to their terms and conditions - which includes a 7-year retention of your data. This is unnecessary. Under GDPR it is sufficient to contact the Data Protection Officer. Email the UK GDPR Representative and demand that they exercise your right to be forgotten. Provide your LinkedIn profile as this is the primary index they use to profile you.

Lusha outsource their GDPR responsibilities to a small UK company, with a virtual office in London. The company is called DP Data Protection Services UK . They're small as their net assets are approximately £37k per year, with annual creditors of £10-15k. With those numbers I would guess that they have one customer: Lusha. The same director also is CEO of the European GDPR representative for Lusha: DP Dock Data Protection . In the UK you should intially contact DP Data Protection Services ( email here ) if you wish to issue a Subject Access Request , or demand Your Right To Be Forgotten .

In this case study , an individual took the Commission to court because the website he visited redirected him to US-based Web servers. His complaint was that his private information - namely IP addresses - were trasnmitted to the US. At the time of the transfer, there was no Commission decision finding that the US ensured an adequate level of protection for the personal data of EU citizens. He was awarded €400.  

This page will tell you how to gather evidence, what to record, and the steps you need to take in order to take your case to court.

Have you had cold calls as a result from Lusha, or another company? Please let me know about it, so I can build up evidence and case history. You can contact me at privacy@data-privacy.com. Thank you.