The complaint, from noyb, run by lawyer Max Schrems (pictured), alleges that TeleSign is in violation of the GDPR's provisions that ban use of automated profiling tools, as well as rules that require affirmative consent be given to process EU citizen's data.
It claims that TeleSign, through its former Belgian parent company BICS, secretly collected data on mobile phone users and fed it into an automated system that generates "reputation scores" that TeleSign flogged to its customers. The companies customers included Tik Tok, Salesforce, Microsoft, and AWS. This enabled them to verify the identity of a person behind a phone number and preventing fraud.
BICS, which acquired TeleSign in 2017, describes itself as "a global provider of international wholesale connectivity and interoperability services," in essence operating as an interchange for various national cellular networks.
When BICS acquired TeleSign in 2017, it began to fall under the partial control of BICS' parent company, Belgian telecom giant Proximus. Proximus held a partial stake in BICS, which Proximus spun off from its own operations in 1997.
In 2021, Proximus bought out BICS' other shareholders, making it the sole owner of both the telecom interchange and TeleSign. With that in mind, noyb is also leveling charges against Proximus and BICS.
In its complaint, noyb said Proximus was asked by EU citizens from various countries to provide records of the data TeleSign processed, as is their right under Article 15 of the GDPR.
Noyb is seeking cessation of all data transfers from BICS to TeleSign, processing of said data, and is requesting deletion of all unlawfully transmitted data. It's also asking for Belgian data protection authorities to fine Proximus, which noyb said could reach as high as $257 million -- a mere four percent of Proximus's global turnover.