Italian Data protection Authority Investigates Lusha Systems Inc.
The Italian Guarantor for the protection of personal data
has launched an investigation into Lusha Systems Inc., a U.S. company. The probe centers around Lusha’s online platform, which offers enriched contact details,
including email addresses and phone numbers, possibly used for marketing, sales, and profiling activities.
The Spark: Citizen Complaints
The investigation was triggered by numerous reports received by Italian citizens
complaining about having received unwanted promotional or commercial calls
linked to data obtained through Lusha’s services.
Italian Reach: Data of Italian Users in Question
The Lusha platform is also accessible from the Italian territory
and targets users who connect from Italy.
Multiple sources confirm the presence of data referable to people residing in italy, including representatives of the institutions
within Lusha’s database.
Consequently, the data protection authority has formally requested facts from Lusha, demanding clarifications within 20 days.
Key Questions for Lusha
The Italian authority seeks detailed answers on the following points:
- Data Quantity and Type: What is the
quantity and type of data processed relating to people residing in Italy?
- data Collection Methods: What are the
collection methods
of personal data, and what is theorigin of sources
that feed their database? - Data of Inactive Users: How is data processed for
users not registered or not active
on the platform? - Purpose and Consent: What is the
purpose of the treatment
and how isconsent for commercial purposes
acquired? - Use of Contact Information: How are
use of e-mail addresses and telephone numbers
specified, including any use formarket research or advertising?
Focus: Unauthorized Promotional Activities
This investigation aligns with the Guarantor’s ongoing monitoring of unauthorized promotional activities since early 2025. The authority has recently sanctioned several real estate agencies
for using telephone numbers from a third party company with a similar service
without proper consent.
the Guarantor emphasizes that compliance with personal data protection rules
is mandatory for any subject, even non-EU
entities, that handle data of Italian citizens or offer services within Italy.
FAQ: Lusha and Data Privacy in Italy
- Why is Lusha being investigated?
- Due to complaints about unwanted promotional calls and concerns over data handling practices.
- What data is Lusha collecting?
- Email addresses, landline and mobile phone numbers, and other contact details.
- Is lusha accessible in Italy?
- Yes, and its services target users connecting from Italy.
- What happens next?
- Lusha must provide detailed answers to the Italian data protection authority within 20 days.
More Information
the full text of the investigation will be available at: www.gpdp.it
