Get a mobile number or email in the blink of an eye. For several years, the American company Lusha has offered a Chrome browser extension that allows you to obtain theoretically undisclosed information by visiting a LinkedIn profile. Sensitive data provided by it (and not by the professional social network), thanks to the massive collection of online information.
This service, which is no longer alone in this niche, actually uses data collected discreetly in applications published by Lusha subsidiaries (the applications “Simler”, “Mailbook” and “Cleaner Pro” (which are no longer available in France since August 2022) and scanning the Web, so it uses this data discreetly for its paid number and email supply service.
In 2018, the site NextINpact managed to obtain authentic telephone numbers of the then Secretary of State for Digital, Mounir Mahjoubi, as well as a telephone number that references an answering machine of Prime Minister Edouard Philippe (however, authenticating the contact with certainty) . ). Then complaints multiplied in France to the CNIL.
Nothing to complain about according to the CNIL
However, on its site, Lusha assures that it respects the GDPR and only collects “the strict minimum of data” revealing information “that is usually found in an electronic signature or on a business card.” Better yet, Lusha makes sure to inform contacts of their data collection. However, the company has never wanted to reveal the origin of the data collected.
However, the CNIL recognizes, in a deliberation in December 2022, its impotence: the GDPR, which regulates the processing of personal data in the territory of the European Union, does not apply to Lusha.
For this to happen, the American company would need to have an establishment in the EU (which is not the case). For non-European companies, the GDPR only applies in specific cases, particularly when behavioral tracking is involved. For the CNIL, this is not the case in this case, although this decision was controversial.
A hole in the scandal, for the Renaissance deputy Éric Bothorel, very committed to digital issues. As revealed the informedAn amendment was presented to fill the gap within the bill “Security and regulation of the digital space” that will arrive next week at the National Assembly.
It thus proposes two cumulative conditions for an application of the GDPR: that the data collection has been carried out among French residents and that it has been done with the intention of making it available to third parties. Pending review, Lusha remains widely used.
Source: BFM TV
