Whitebridge AI, based in Lithuania, faces a privacy complaint for allegedly selling "reputation reports" based on unlawfully collected data and AI misinformation.
Noyb, a privacy advocacy group based in Austria, has asked the Lithuanian State Data Protection Inspectorate to ban Whitebridge AI's "processing of scraped personal data and AI generated false information."
The complaint [PDF] contends that Whitebridge AI has violated several provisions of Europe's General Data Protection Regulation (GDPR), including Articles 5, 6, 9, 12, 14, 15, and 16.
The AI company on its website claims, "We fully comply with the GDPR, ensuring your personal data is protected and handled transparently. We only collect publicly available information and you have rights to access, rectify, erase, and restrict processing of your data."
Noyb counters that most of the information in company reports appears to come from social media sites or searches of those sites – data that European case law has already established is not "manifestly public," the threshold under Article 9 GDPR.
Lisa Steinfeld, data protection lawyer at Noyb, argues that Whitebridge AI's business model is based on generating alarming data about people and monetizing the resulting anxiety.
"Whitebridge AI just has a very shady business model aimed at scaring people into paying for their own, unlawfully collected data," said Steinfeld in a statement. "Under EU law, people have the right to access their own data for free."
Whitebridge AI offers two AI-based services: reports describing a person's online presence – images, social media posts, news articles – and real-time monitoring of that online presence to report any changes.
Noyb is representing two unidentified complainants who sought their reports under Article 15 – which provides people with the right to access their data – but received no response. When Noyb purchased their reports, the profiles "contained false warnings for 'sexual nudity' and 'dangerous political content.'"
When the complainants sought to correct their reports, Whitebridge AI is alleged to have required a "qualified electronic signature" to carry out the request – a requirement that Noyb says does not exist under EU law.
Whitebridge AI did not immediately respond to a request for comment.
A year ago, Stacey Edmonds, co-founder and CEO of Australia-based cybersafety group Dodgy or Not?, published a LinkedIn post that expressed concern about Whitebridge AI's data gathering service.
Edmonds wrote that she contacted Whitebridge AI and the Lithuanian State Data Protection Inspectorate to communicate her concerns. Her inquiry appears not to have had any impact on the company's practices.
Maybe Noyb's formal complaint will get more attention. ®
Source: The register