lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 29 May 2020 13:50:32 +0200
From: Thierry Zoller <>
Subject: [FD] [CDPWE-0001] - RocketReach

Adapting the Mechanics of Vulnerability Disclosure to an area where 
Privacy Rights need to be scrutinized and where transparency becomes 


How to effectively evade the GDPR and the reach of the DPA (CDPWE-0001)

Company : Rocketreach
Status  : DPA does not pursue any further
CDPWE   : CDPWE-0001 - Does not designate a Representative in the 
European Union
URL     :
Vulnerability Disclosure Policy:

I. Background
RocketReach is selling access to millions of European Data Subjects 
without recognising it is a Data Controller, without a representative
in the EU (ART.27) and with a questionable legal basis for processing.

II. Impact
Companies around the World can Process and sell Information about 
European data subjects without that the DPA sanctions them for doing
so by simply not designating a EU Representative accourding to Art.27 of 
the GDPR.

Note: That representative would be held accountable, without it the CNPD 
(LUX DPA) argues that their is no way for them to proceed.

III. Advisory
If your data is also included in Rocketreach (just search on their 
website), then file a complain with your local DPA (it's usually very 
easy and fast) .

V. Timeline

5th of April  2019 - Issued a DSAR to RocketReach
5th of April  2019 - Rocketreach responds by deleteing my data
5th of April  2019 - File a complain via my national DPA (CNPD)
6th of March  2020 - The CNPD agrees with my position but claims to not 
be able to pursue further.

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists