Italy: Data Protection Authority opened investigation into Lusha Systems over alleged unauthorised processing of contact data

On 8 April 2025, the Italian Data Protection Authority announced an investigation into Lusha Systems over the unauthorised processing of contact data. The investigation focuses on concerns that it collects and sells personal contact details, including email addresses and phone numbers, of individuals residing in Italy, including institutional figures, without appropriate consent. The Authority has requested Lusha to clarify, within twenty days, the volume and source of data processed, the methods of data collection, whether non-user data is included, and whether consent is obtained for marketing, advertising, or research purposes.