The legal notice looks, at first glance, like boilerplate. Kis v. Cognism. A class action. A claim form. A small payout for a small violation. The kind of thing most people delete without ever scrolling down.
But hidden in the fine print is something far more consequential: a fracture forming at the core of the B2B data industry.
Cognism—an international sales intelligence vendor—has agreed to settle allegations that it improperly displayed individuals’ contact information to free trial users, in violation of state privacy laws. The damages are modest—$22.50 for a Californian, $150 for someone in Alabama—but the implications are anything but.
The Pattern: ZoomInfo, Apollo, Seamless … and Now Cognism
We’ve seen versions of this before. ZoomInfo has faced lawsuits over displaying personal data without consent. Apollo and Seamless had their LinkedIn pages abruptly pulled down in 2024 after scraping practices crossed the wrong lines.
The connective tissue is clear: this business model was built on legal arbitrage. Aggregate enormous volumes of personal and professional data—emails, phone numbers, job histories—without explicit consent. Hold it in static databases. Resell it as “coverage.”
For years, the gray zone held. Companies needed fuel for sales pipelines, regulators were slow to react, and no one wanted to look too closely at where the numbers came from. But that era is ending.
Why Cognism’s Case Is Different: Geography
Cognism has prided itself on being international—Europe, Asia, emerging markets. But global coverage inevitably brings global scrutiny. The regulatory environment outside the United States is not just stricter; it is designed to be unforgiving.
In Europe, the General Data Protection Regulation (GDPR) is not a suggestion, it is a framework of rights and penalties with teeth. In Brazil, the Lei Geral de Proteção de Dados (LGPD) carries fines tied directly to revenue, making violations existential rather than symbolic. France’s CNIL and Germany’s BfDI have become increasingly aggressive in enforcement, issuing some of the largest fines on record, particularly around digital marketing and employee data misuse. Even farther east, South Korea’s Personal Information Protection Act (PIPA) and Japan’s Act on the Protection of Personal Information (APPI) have been tightened to align with GDPR principles, raising the bar for what “compliance” means in Asia.
These aren’t just acronyms—they’re signals of a global shift. Regulators are no longer content to issue wrist slaps; they are actively seeking to set precedent, to establish norms that elevate privacy from a procedural box-check to a human right. And the fines follow suit. A $22 payout in Illinois might feel like a nuisance. A multimillion-euro GDPR fine in Brussels, calculated as a percentage of global turnover, can rewrite a company’s balance sheet overnight.
That’s why Cognism’s situation is so precarious. Today, they are settling a U.S. class action with modest damages. Tomorrow, they could face exposure in Europe, Brazil, or South Korea, where the penalties are stiffer, the public pressure greater, and the margin for error vanishingly small.
The problem isn’t just the lawsuit; it’s the model itself. The practice of stockpiling scraped data and redistributing it en masse was always structurally misaligned with how regulators envisioned the future. Consent-based collection, localized safeguards, real-time opt-outs—these are the new pillars of compliance. Databases built for scale, not transparency, are relics of a different era.
In short: Cognism’s legal exposure today is a symptom. The real disease is a business model colliding with a regulatory landscape that no longer tolerates shortcuts.
The Legitimacy Crisis in Data
For CROs, CMOs, and RevOps leaders, the question is no longer just, “Do we have enough coverage?” It’s, “Do we trust this data at all?”
If your pipeline is built on a database that can vanish overnight—whether from lawsuits, takedowns, or regulatory crackdowns—your entire revenue motion is at risk. This isn’t hypothetical; it’s already happening.
The Cognism case is a warning shot: the market is shifting away from static, prebuilt databases and toward something more sustainable. Real-time sourcing. Consent-based processing. Bespoke, country-specific compliance baked in from the start.
LeadGenius’ Different Playbook
This is where the divergence really matters. LeadGenius has never been a data controller in the traditional sense. We don’t warehouse millions of static profiles, scraped from the web, sitting on servers waiting to be sold and resold until regulators catch up. That model—the one Cognism, Apollo, and ZoomInfo have banked on—creates an unavoidable liability: every record is a potential lawsuit waiting to happen.
LeadGenius took a different path from the start. We act as a processor of information. That means we don’t “own” or hoard data. We source what our clients need, when they need it, in real time, and in accordance with the laws of the country we’re sourcing from. It’s not semantics—it’s structural. And it changes everything.
Here’s what that distinction looks like in practice:
- Country-Specific Compliance
Our workflows aren’t one-size-fits-all. They’re engineered jurisdiction by jurisdiction. GDPR in Germany. LGPD in Brazil. CNIL guidance in France. PIPA in South Korea. APPI in Japan. Instead of forcing a static database to bend awkwardly around global rules, we build compliance into the sourcing process itself. Every project starts with the question: What does the law in this country require, and how do we exceed it? - Consent & Permission Passing
Consent isn’t an afterthought bolted on for appearances. It’s the foundation. We employ explicit opt-ins, permission-passing mechanisms, and transparent audit trails that show exactly how information was acquired. That not only shields clients from compliance risk, it strengthens trust with prospects—because no one wants to find themselves in a sales conversation triggered by data they never agreed to share. - Suppression & Opt-Out at the Core
In the static database world, compliance is treated as hygiene—clean the file quarterly, remove a few bad rows, keep moving. At LeadGenius, suppression and opt-outs aren’t “clean-up.” They’re systemic. DNC lists are integrated, opt-outs are processed in real time, and revocations are tracked continuously. Data doesn’t just flow into the system; it flows through it, with compliance guardrails active at every step. - Dynamic Sourcing, Not Static Storage
The biggest shift is philosophical. We don’t believe in prebuilt lakes of data. Those lakes may look impressive on a sales deck—tens of millions of contacts, endless coverage—but in practice they’re reservoirs of legal risk. Our model is dynamic sourcing: every dataset we deliver is purpose-built, client-specific, and immediately compliant. Nothing sits around gathering dust or waiting to be discovered in a lawsuit.
The metaphor is simple: think of static databases as cafeteria trays—food cooked in bulk, left under heat lamps, scooped out for whoever walks through the door. LeadGenius is the personal chef. We prepare each meal to your exact dietary needs, freshly sourced, tailored to your taste, compliant with every restriction.
One model scales volume. The other scales trust. And in a world where regulators are rewriting the rules, trust isn’t just nice to have—it’s the only ingredient that lasts.
The Bigger Picture
The Cognism settlement isn’t just about one vendor. It’s about the future of a $30 billion industry. For years, scale and coverage were the only metrics that mattered. But the combination of regulatory tightening, customer scrutiny, and legal risk is forcing a new question to the forefront:
What’s the cost of data you can’t trust?
The shift we’re seeing is profound: away from stockpiled contact lists, toward transparent, bespoke, compliant pipelines. From arbitrage to accountability. From databases that crumble under scrutiny, to processes designed to withstand it.
That’s the bet LeadGenius has made from the start—that the future of data isn’t about owning the biggest warehouse, but about building the most trusted, flexible, and compliant supply chain.
Closing Thoughts
The Cognism case might fade from headlines quickly. The payouts are small. The story is buried in legal filings.
But the precedent is big. And it points to a deeper truth: the foundation of the static database model is cracking.
The winners in the next chapter of B2B data won’t be those who moved fastest to scrape. They’ll be the ones who moved slow enough to get consent, smart enough to adapt country by country, and transparent enough to build real trust.
That’s not just a compliance posture. That’s the only sustainable path forward.