Complaint filed against Privacybee.com by Naavi

The undersigned had reported the activity of Privacybee.com discussed in the following two articles:

India does not allow PrivacyBee.com type of extortion companies to flourish
“Privacy Bee” stings…

As anticipated, it appears that several other companies in India have received the spam e-mail  containing a Cyber Threat and potential attempt at Cyber Extortion.

Naavi.org has therefore raised a complaint with the Attorney General California and the FTC, USA to stop this illegal activity.

We have also endorsed the copy of the complaint to the Secretary DIT and CERT-IN besides some of the prominent MPs as well as the NASSCOM. Hope it would be followed up by them in the interest of the Indian industry.
Copy of the letter is given below:

Vijayashankar Nagaraja Rao
Netizen Activist and Privacy Consultant
No 37, Ujvala, 20^th Main, BSK First Stage
Bangalore 560050
www.naavi.org: naavi@naavi.org

16^th March 2021

To

Respected Mr Xavier Becerra

The Attorney General, State of California
Office of the Attorney General
455 Golden Gate Avenue, Suite 11000
San Francisco, CA 94102-7004

Through: email: AGelectronicservice@doj.ca.gov.

Subject: Complaint of Fraud and attempted extortion on Privacybee.com

Dear Sir

I am a Netizen Activist rom India and founder of www.naavi.org. I have recently come across a company operating from the website www.privacybee.com which is spamming and threatening many Indian companies in the name of certain individuals who claim to have rights under the CCPA demanding deletion of personal data without legal right to do so.

This company is liable under the Indian law for committing an attempt at cyber extortion.

However, since the Company is quoting both CCPA and is a resident of USA, I have brought to your notice that your office should conduct an enquiry on the business model of the company and their modus operandi.

Our general observation indicates that the company is like many fraudulent companies which try to sell anti malware software by falsely claiming that the user’s computer is infected.

If your office does not take action against this company, it would appear as if it has the support of your office for committing this Cyber Crime.

Kindly investigate and also file a complaint from your side with the FTC to prevent the company to continue indulging in its extortion racket.

I am enclosing a typical spam mail being sent by this company to the Indian companies.

I am looking forward to an early response from your end and I am also endorsing the copy of this letter to the regulatory authorities in India.

Since your website does not contain proper e-mail contact and the form provided is meant only for US residents, I am sending this communication through the email. If US resident companies are using CCPA as an excuse to send extortion and spam emails to residents of other countries, it is necessary that your office take the responsibility to atleast receive complaints from outside USA and try to redress the grievances.

Regards

Thanking you

Digitally Signed

Yours faithfully

 Attachment:

A Typical Extortion E Mail from Privacybee.com

From: Privacy Bee
Sent: .. M.. 2021 ..:..
To: DPO <>
Subject: Urgent Followup: Legal Request for Data Deletion and Opt-Out of Resale [Request ID: …..]

Concerns: ….

Request ID: ….
Signed Power of Attorney: Yes
Request Date: ….
Respond At: https://app.privacybee.com/request/

To Data Protection Officer or Legal Counsel:

I am hereby submitting a follow-up to a personal data request pursuant to Section 1798.105 of CCPA (SB-1121), Article 17 of GDPR, Nevada SB-220, New Hampshire HB 1680-FN, Washington Privacy SB-5376, Illinois DTPA SB2330, New York S5462, Hawaii SB 418, North Dakota HB 1485, Massachusetts S-120, Maryland SB 613, Texas Privacy Protection Act HB 4390, or other applicable right-to-be-forgotten legislation. If you feel my data is exempt from privacy legislation for any reason, I’m still asking you to respect my wishes regardless, as I believe privacy is a universal human right and I’m hopeful the integrity of your organization will honor my request with or without legal requisite.

The initial request was sent …. …….. and I still have not received a response that my request has been fulfilled.  This is a reminder that you only have 5 days left to respond!

Specifically for …..:
– Data Deletion: I hereby request the immediate and complete purging of any and all information your company has on me including but not limited to: user accounts, marketing data, transaction data, behavioral data, social data, CRM records, or absolutely anything that that contains my personal information.
– No Dissemination: if any information is being or has been disclosed, resold, licensed, rented, or otherwise disseminated by your company to third parties, I hereby request to opt-out of that data sharing, and request you communicate this request for opt-out and deletion to those entities as well.

If I have given consent to the processing of my personal data (e.g. according to Article 6(1) or Article 9(2) GDPR, or other applicable legislation), I am hereby withdrawing said consent. In addition, I am objecting to the processing of personal data concerning me (which includes profiling).

As I’m legally permitted, please confirm your compliance of my request without undue delay and in any event within one month of receipt of this request.

I am including the following information necessary to identify me:

Name: ….
Primary Email: ..
If you require additional information to resolve my identity, to view my signed Power of Attorney authorizing this request, or to respond to this request, please visit: https://app.privacybee.com/request/

You can also find my full privacy preferences in relation to .. by visiting the previous link.

If you do not answer my request within the stated period, I and my legal privacy advocate, Privacy Bee, are reserving the right to take legal action against ..and to lodge a complaint with the responsible supervisory authority.

Thank you.