Complaint filed against Privacybee.com by Naavi

The undersigned had reported the activity of Privacybee.com discussed in the following two articles:

India does not allow PrivacyBee.com type of extortion companies to flourish
“Privacy Bee” stings…

As anticipated, it appears that several other companies in India have received the spam e-mail  containing a Cyber Threat and potential attempt at Cyber Extortion.

Naavi.org has therefore raised a complaint with the Attorney General California and the FTC, USA to stop this illegal activity.

We have also endorsed the copy of the complaint to the Secretary DIT and CERT-IN besides some of the prominent MPs as well as the NASSCOM. Hope it would be followed up by them in the interest of the Indian industry.
Copy of the letter is given below:

Vijayashankar Nagaraja Rao
Netizen Activist and Privacy Consultant
No 37, Ujvala, 20th Main, BSK First Stage
Bangalore 560050
www.naavi.org: naavi@naavi.org

16th March 2021

To

Respected Mr Xavier Becerra

The Attorney General, State of California
Office of the Attorney General
455 Golden Gate Avenue, Suite 11000
San Francisco, CA 94102-7004

Through: email: AGelectronicservice@doj.ca.gov.

Subject: Complaint of Fraud and attempted extortion on Privacybee.com

Dear Sir

I am a Netizen Activist rom India and founder of www.naavi.org. I have recently come across a company operating from the website www.privacybee.com which is spamming and threatening many Indian companies in the name of certain individuals who claim to have rights under the CCPA demanding deletion of personal data without legal right to do so.

This company is liable under the Indian law for committing an attempt at cyber extortion.

However, since the Company is quoting both CCPA and is a resident of USA, I have brought to your notice that your office should conduct an enquiry on the business model of the company and their modus operandi.

Our general observation indicates that the company is like many fraudulent companies which try to sell anti malware software by falsely claiming that the user’s computer is infected.

If your office does not take action against this company, it would appear as if it has the support of your office for committing this Cyber Crime.

Kindly investigate and also file a complaint from your side with the FTC to prevent the company to continue indulging in its extortion racket.

I am enclosing a typical spam mail being sent by this company to the Indian companies.

I am looking forward to an early response from your end and I am also endorsing the copy of this letter to the regulatory authorities in India.

Since your website does not contain proper e-mail contact and the form provided is meant only for US residents, I am sending this communication through the email. If US resident companies are using CCPA as an excuse to send extortion and spam emails to residents of other countries, it is necessary that your office take the responsibility to atleast receive complaints from outside USA and try to redress the grievances.

Regards

Thanking you

Digitally Signed

Yours faithfully

 

 

 Attachment:

A Typical Extortion E Mail from Privacybee.com

From: Privacy Bee
Sent: .. M.. 2021 ..:..
To: DPO <>
Subject: Urgent Followup: Legal Request for Data Deletion and Opt-Out of Resale [Request ID: …..]

Concerns: ….

Request ID: ….
Signed Power of Attorney: Yes
Request Date: ….
Respond At: https://app.privacybee.com/request/

To Data Protection Officer or Legal Counsel:

I am hereby submitting a follow-up to a personal data request pursuant to Section 1798.105 of CCPA (SB-1121), Article 17 of GDPR, Nevada SB-220, New Hampshire HB 1680-FN, Washington Privacy SB-5376, Illinois DTPA SB2330, New York S5462, Hawaii SB 418, North Dakota HB 1485, Massachusetts S-120, Maryland SB 613, Texas Privacy Protection Act HB 4390, or other applicable right-to-be-forgotten legislation. If you feel my data is exempt from privacy legislation for any reason, I’m still asking you to respect my wishes regardless, as I believe privacy is a universal human right and I’m hopeful the integrity of your organization will honor my request with or without legal requisite.

The initial request was sent …. …….. and I still have not received a response that my request has been fulfilled.  This is a reminder that you only have 5 days left to respond!

Specifically for …..:
– Data Deletion: I hereby request the immediate and complete purging of any and all information your company has on me including but not limited to: user accounts, marketing data, transaction data, behavioral data, social data, CRM records, or absolutely anything that that contains my personal information.
– No Dissemination: if any information is being or has been disclosed, resold, licensed, rented, or otherwise disseminated by your company to third parties, I hereby request to opt-out of that data sharing, and request you communicate this request for opt-out and deletion to those entities as well.

If I have given consent to the processing of my personal data (e.g. according to Article 6(1) or Article 9(2) GDPR, or other applicable legislation), I am hereby withdrawing said consent. In addition, I am objecting to the processing of personal data concerning me (which includes profiling).

As I’m legally permitted, please confirm your compliance of my request without undue delay and in any event within one month of receipt of this request.

I am including the following information necessary to identify me:

Name: ….
Primary Email: ..
If you require additional information to resolve my identity, to view my signed Power of Attorney authorizing this request, or to respond to this request, please visit: https://app.privacybee.com/request/

You can also find my full privacy preferences in relation to .. by visiting the previous link.

If you do not answer my request within the stated period, I and my legal privacy advocate, Privacy Bee, are reserving the right to take legal action against ..and to lodge a complaint with the responsible supervisory authority.

Thank you.

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

3 Responses to Complaint filed against Privacybee.com by Naavi

  1. Jim says:

    Privacy Bee can ask any website to remove data of their clients.
    Not extortion literally just the law.
    It’s not spam. Just business.
    This is dumb.

    • I have come across PrivacyBee regarding personal data access and deletion request. It is not related content removal unless they have introduced some new service. But it is not necessary to follow. Mostly the notice for removal is related to Copyright infringement. The Indian situation is different.

  2. Nofair says:

    I would love to use privacy Bee but I can’t no way afford it. I live on SSI meaning after paying my rent I have barely anything left over for anything else. I still need to buy my personal stuff so no possibility of paying the 200 dollar for this. Why pray tell is this so insane expensive. Why can’t anything ever be found that is like this for common folk? I guess poor people just get identification stolen.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.