NOYB files GDPR complaint against Whitebridge AI for selling web search data

Austrian privacy and digital rights advocacy group NOYB has filed a complaint with the Lithuanian data protection authority (DPA) against Whitebridge AI, accusing the company of operating a "shady business model" that violates several provisions of the EU General Data Protection Regulation (GDPR).

Whitebridge AI, which advertises an AI tool to "find everything about you online," generates reports that include social media data, news mentions, photos, and background check summaries for content related to crime, politics, or religion. The company appears to primarily target affected individuals with anxiety-inducing slogans like "this is kinda scary," then charges them money for access to their own data.

NOYB argues that the practice fundamentally violates Article 15 of the GDPR, which guarantees individuals the right to a free copy of their personal data. While the company claims its processing is legal under its "freedom to conduct a business," NOYB dismissed this argument, stating instead that Whitebridge AI lacks a valid legal basis for processing the information, much of which is unlawfully scraped from social media pages that are not indexed or found on search engines.

The complaint was triggered after affected individuals found they could purchase reports on themselves without being informed. After filing free subject access requests (SARs), which Whitebridge AI ignored, NOYB purchased the reports and found them to contain false and sensitive data, including unverified warnings for "sexual nudity" and "dangerous political content."

When complainants requested rectification of the false data, Whitebridge AI refused, demanding a "qualified electronic signature" not required under EU law. NOYB is requesting that the Lithuanian DPA compel Whitebridge AI to comply with SARs, rectify false data, cease all illegal processing, and issue a fine to deter future violations.

Training Announcement: Freevacy offers a range of independently recognised professional AI governance qualifications and AI Literacy short courses that enable specialist teams to implement robust oversight, benchmark AI governance maturity, and establish a responsible-by-design approach across the entire AI lifecycle. Find out more.