Part I of III in a Special WBN Series

Gianni Dell’Aiuto | WBN News Nashville | May 9, 2025

In a major privacy showdown, Italy’s Data Protection Authority (Garante) has launched legal proceedings against U.S.-based Lusha Systems Inc. for allegedly breaching the EU’s General Data Protection Regulation (GDPR). The charges stem from Lusha's unauthorized harvesting and trading of personal contact data belonging to Italian professionals and everyday citizens — all without consent, sufficient transparency, or local EU representation.

While no sanctions have yet been imposed, the Garante’s formal findings are serious. Lusha is accused of violating core GDPR principles, including the requirement to appoint a European representative under Article 27. The regulator is now awaiting the company’s official response. If Lusha’s defense falls short, it could face severe consequences: fines up to €20 million or 4% of global turnover, mandatory deletion of collected data, a complete halt of data processing, and even a possible EU-wide ban.

This case underscores a simple truth — in Europe, data protection is a civil right, not a corporate option. Every foreign company touching EU data is bound by these rules, and enforcement is no longer theoretical.

Tags: #GDPR Compliance, #Italy Data Privacy, #Lusha Systems Case, #EU Digital Rights, #Global Tech Regulation

Gianni Dell’Aiuto is an Italian attorney and expert in legal risk management, data protection, and digital ethics. Proudly Tuscan, based in Rome, and able to work worldwide. With over 35 years of experience, he advises companies on how to navigate complex regulatory frameworks such as the GDPR, AI Act, and NIS2. He is the author of multiple books, including Homo Googlis, and a regular contributor on legal innovation and digital rights. Gianni is committed to helping businesses turn compliance into a strategic advantage in the global marketplace and to supporting communities and individuals in building digital awareness and responsibility. Click here for more information on his website

Sources: Italian Data Protection Authority, GDPR Article 27, Meta Facebook fine decision, Contributor Gianni Dell’Aiuto

Share this article
The link has been copied!