theForum is run by the charity Unlock. We do not actively moderate, monitor or edit contributions but we may intervene and take any action as we think necessary. Further details can be found in our terms of use. If you have any concerns over the contents on our site, please either register those concerns using the report-a-post button or email us at forum@unlock.org.uk.


Sites that repoupose criminal conviction information and GDPR


Sites that repoupose criminal conviction information and GDPR

Author
Message
khafka
khafka
Supreme Being
Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)

Group: Forum Members
Posts: 331, Visits: 18K
jcdmcr - 10 Jul 20 4:10 PM
khafka - 21 Mar 20 10:26 AM
I was actually thinking about this the other day.

In my last job I had to do quite a bit of GDPR stuff as we held databases of customer's information etc.

The angle I was thinking about was when your order comes to an end. I will be off the register in 3 years (my PPU said if all goes well and given how low level risk I am it could be next year but I'm not holding my breath on that). You'd have to manually get in touch with them to get them to remove your details as it is not longer pertinent.

The problem that lies here is there is no way for them to fact-check this unless the person(s) that run it are privy to police documents in which case they could look it up however that'd be a huge breach of data protection and open them up to a whole world of issues.

So, my point being - If you get in touch and say "hey, I'm off the register. Remove me from your site within xx days" they'd have to abide by that under the "Right to Erasure". They have no way to fact-check it so I'm tempted to just email them and ask them to remove me now saying I'm no longer subject to the notification requirements.

The parts of the GDPR that are relevant:

Individuals have the right to have their personal data erased if:

  • the personal data is no longer necessary for the purpose which you originally collected or processed it for;
  • you are relying on consent as your lawful basis for holding the data, and the individual withdraws their consent;
  • you are relying on legitimate interests as your basis for processing, the individual objects to the processing of their data, and there is no overriding legitimate interest to continue this processing;
  • you are processing the personal data for direct marketing purposes and the individual objects to that processing;
  • you have processed the personal data unlawfully (ie in breach of the lawfulness requirement of the 1st principle);
  • you have to do it to comply with a legal obligation; or
  • you have processed the personal data to offer information society services to a child.
The two I've highlighted are the main ones, although the 3rd one could be used to make sure it stays up.

It is an interesting one and given they're essentially a link aggregate site I'm not sure where they'd fall in the GDPR ruling for the requirements of needing a GDPR officer within their "organisation" who deals with these requests.

One of the issues of asking them to be removed though, given the general nature of the "clientele" that frequent these sort of sites is I can't help but feel they'd end up badmouthing you publicly for daring to ask to be removed; posting on Facebook and/or their website/social media etc.

"ATTENTION - CONVICTED OFFENDER JOHN DOE IS TRYING TO HIDE THEIR CONVICTION. PLEASE SPREAD THIS AROUND TO MAKE SURE THIS DOESN'T HAPPEN! THINK OF YOUR CHILDREN!"

I have zero doubt in my mind the UK Database and their affiliates would be all over it like that.

Then all the dust that may have settled gets swirled up again and you're back to where you started.




What about feeding them false reports etc? Use false names, false sightings, false images. This might reduce the quality / reliability of the information...

Sorry, I don't quite follow.

Can you give me an example? I'd be adverse to using a random image off the internet though as that would then essentially label that person as an offender in their eyes.

J J
J J
Supreme Being
Supreme Being (26K reputation)Supreme Being (26K reputation)Supreme Being (26K reputation)Supreme Being (26K reputation)Supreme Being (26K reputation)Supreme Being (26K reputation)Supreme Being (26K reputation)Supreme Being (26K reputation)Supreme Being (26K reputation)

Group: Forum Members
Posts: 141, Visits: 541
khafka - 21 Mar 20 10:26 AM
I was actually thinking about this the other day.

In my last job I had to do quite a bit of GDPR stuff as we held databases of customer's information etc.

The angle I was thinking about was when your order comes to an end. I will be off the register in 3 years (my PPU said if all goes well and given how low level risk I am it could be next year but I'm not holding my breath on that). You'd have to manually get in touch with them to get them to remove your details as it is not longer pertinent.

The problem that lies here is there is no way for them to fact-check this unless the person(s) that run it are privy to police documents in which case they could look it up however that'd be a huge breach of data protection and open them up to a whole world of issues.

So, my point being - If you get in touch and say "hey, I'm off the register. Remove me from your site within xx days" they'd have to abide by that under the "Right to Erasure". They have no way to fact-check it so I'm tempted to just email them and ask them to remove me now saying I'm no longer subject to the notification requirements.

The parts of the GDPR that are relevant:

Individuals have the right to have their personal data erased if:

  • the personal data is no longer necessary for the purpose which you originally collected or processed it for;
  • you are relying on consent as your lawful basis for holding the data, and the individual withdraws their consent;
  • you are relying on legitimate interests as your basis for processing, the individual objects to the processing of their data, and there is no overriding legitimate interest to continue this processing;
  • you are processing the personal data for direct marketing purposes and the individual objects to that processing;
  • you have processed the personal data unlawfully (ie in breach of the lawfulness requirement of the 1st principle);
  • you have to do it to comply with a legal obligation; or
  • you have processed the personal data to offer information society services to a child.
The two I've highlighted are the main ones, although the 3rd one could be used to make sure it stays up.

It is an interesting one and given they're essentially a link aggregate site I'm not sure where they'd fall in the GDPR ruling for the requirements of needing a GDPR officer within their "organisation" who deals with these requests.

One of the issues of asking them to be removed though, given the general nature of the "clientele" that frequent these sort of sites is I can't help but feel they'd end up badmouthing you publicly for daring to ask to be removed; posting on Facebook and/or their website/social media etc.

"ATTENTION - CONVICTED OFFENDER JOHN DOE IS TRYING TO HIDE THEIR CONVICTION. PLEASE SPREAD THIS AROUND TO MAKE SURE THIS DOESN'T HAPPEN! THINK OF YOUR CHILDREN!"

I have zero doubt in my mind the UK Database and their affiliates would be all over it like that.

Then all the dust that may have settled gets swirled up again and you're back to where you started.




What about feeding them false reports etc? Use false names, false sightings, false images. This might reduce the quality / reliability of the information...
Simon1983
Simon1983
Supreme Being
Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)

Group: Forum Members
Posts: 202, Visits: 6.4K
Be good to see what they come back with maybe we all need to send then same email just like you wrote ?
khafka
khafka
Supreme Being
Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)

Group: Forum Members
Posts: 331, Visits: 18K
Simon1983 - 19 May 20 9:59 PM
I don’t know i remember he gave some clap trap explication on his face book page, that was like over 12 mths ago when the GDPR stuff was all in it’s infancy, 

I never saw it but I suspect he'd use the "I'm just a link aggregate site - I'm just linking people to news reports that are already public" which isn't a defence either.

khafka
khafka
Supreme Being
Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)

Group: Forum Members
Posts: 331, Visits: 18K
lotsofquer - 20 May 20 12:01 AM
Given it seems to be hosted by Automattic/Wordpress.com I would imagine he has auto domain renewal on (terms state on by default unless you turn it off).

However the domain registration terms also state (found at https://wordpress.com/automattic-domain-name-registration-agreement/)

18. Right to Suspend or Disable. We shall have the right, at our sole discretion and without liability to you, to suspend or cancel your domain name, or to restrict or suspend your account and/or ability to register domain names, in but not limited to, the following circumstances:
...
If you use a domain name for unlawful purposes or in furtherance of illegal activities.
...

When required by law, government rules, court orders, or legal process.


The hosting terms also have similar clauses as below (found at https://wordpress.com/tos/)

6. General Representation and Warranty

You represent and warrant that your use of our Services:
...

Will comply with all applicable laws and regulations (including, without limitation, all applicable laws regarding online conduct and acceptable content, privacy, data protection,.....
...

Will not use the Services for any unlawful purposes, to publish illegal content, or in furtherance of illegal activities;
....

Will not disclose sensitive personal information of others;


There is also the user guidelines which state (found at https://wordpress.com/support/user-guidelines/)

To be transparent about what is and isn’t allowed on your site, we’ve put together this set of guidelines. The following activity/material isn’t allowed on WordPress.com.

Illegal content and conduct.
Self-explanatory.
...
Posting private information.
Don’t share someone’s personal information without their consent. This includes collecting sensitive information in Contact Forms such as account passwords and credit card numbers, to name a couple.


In all of the above the underlying theme is that the site does not comply with GDPR laws (irrespective of where it is hosted - GDPR applies worldwide if you cater to European citizens (although I’m waiting to see how they regulators enforce based on this) and it also applies if a site is hosted elsewhere but controlled from a European country). Throughout all the terms and guidelines of Automattic/Wordpress.com It is clear you must comply with the law.

Perhaps if someone wanted to contact Automattic and report the site pointing this out it may get suspended. Automattics reporting page is found at https://wordpress.com/support/report-blogs/






Done.

I've played up the personal info angle. As well as not complying with GDPR with cooking notifications and storing of details.

lotsofquer
lotsofquer
Supreme Being
Supreme Being (15K reputation)Supreme Being (15K reputation)Supreme Being (15K reputation)Supreme Being (15K reputation)Supreme Being (15K reputation)Supreme Being (15K reputation)Supreme Being (15K reputation)Supreme Being (15K reputation)Supreme Being (15K reputation)

Group: Forum Members
Posts: 119, Visits: 3.4K
Given it seems to be hosted by Automattic/Wordpress.com I would imagine he has auto domain renewal on (terms state on by default unless you turn it off).

However the domain registration terms also state (found at https://wordpress.com/automattic-domain-name-registration-agreement/)

18. Right to Suspend or Disable. We shall have the right, at our sole discretion and without liability to you, to suspend or cancel your domain name, or to restrict or suspend your account and/or ability to register domain names, in but not limited to, the following circumstances:
...
If you use a domain name for unlawful purposes or in furtherance of illegal activities.
...

When required by law, government rules, court orders, or legal process.


The hosting terms also have similar clauses as below (found at https://wordpress.com/tos/)

6. General Representation and Warranty

You represent and warrant that your use of our Services:
...

Will comply with all applicable laws and regulations (including, without limitation, all applicable laws regarding online conduct and acceptable content, privacy, data protection,.....
...

Will not use the Services for any unlawful purposes, to publish illegal content, or in furtherance of illegal activities;
....

Will not disclose sensitive personal information of others;


There is also the user guidelines which state (found at https://wordpress.com/support/user-guidelines/)

To be transparent about what is and isn’t allowed on your site, we’ve put together this set of guidelines. The following activity/material isn’t allowed on WordPress.com.

Illegal content and conduct.
Self-explanatory.
...
Posting private information.
Don’t share someone’s personal information without their consent. This includes collecting sensitive information in Contact Forms such as account passwords and credit card numbers, to name a couple.


In all of the above the underlying theme is that the site does not comply with GDPR laws (irrespective of where it is hosted - GDPR applies worldwide if you cater to European citizens (although I’m waiting to see how they regulators enforce based on this) and it also applies if a site is hosted elsewhere but controlled from a European country). Throughout all the terms and guidelines of Automattic/Wordpress.com It is clear you must comply with the law.

Perhaps if someone wanted to contact Automattic and report the site pointing this out it may get suspended. Automattics reporting page is found at https://wordpress.com/support/report-blogs/






Simon1983
Simon1983
Supreme Being
Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)

Group: Forum Members
Posts: 202, Visits: 6.4K
I don’t know i remember he gave some clap trap explication on his face book page, that was like over 12 mths ago when the GDPR stuff was all in it’s infancy, 
khafka
khafka
Supreme Being
Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)

Group: Forum Members
Posts: 331, Visits: 18K
Simon1983 - 19 May 20 7:47 PM
Sadly knowing how much that man ( We know who we are talking about) seems to be always one step ahead he already has his next payment sorted.

It would make my day month and year and not to mention life if that web site disappeared into the ether and never to be seen again.


Guess only in my dreams 

To be honest I had no idea who ran it until I did a bit of "under the hood" investigating as he blocks WHOIS searches on the domain.

So is this the same bloke who was sent to prison not too long ago for football hooliganism and also thinks just because he sets up hosting in the USA that he is immune from UK law? That isn't really how it works...

Since his initial site got shut down why is this one still going? Is it just because nobody has really bothered reporting it?

Simon1983
Simon1983
Supreme Being
Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)Supreme Being (46K reputation)

Group: Forum Members
Posts: 202, Visits: 6.4K
Sadly knowing how much that man ( We know who we are talking about) seems to be always one step ahead he already has his next payment sorted.

It would make my day month and year and not to mention life if that web site disappeared into the ether and never to be seen again.


Guess only in my dreams 

khafka
khafka
Supreme Being
Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)Supreme Being (60K reputation)

Group: Forum Members
Posts: 331, Visits: 18K
Simon1983 - 19 May 20 5:21 PM
Where would you even go to purchase the domain

With someone thing like this you're much better off going through a website to do the leg work for you although you will be paying a little bit more for the domain.

Basically once the domain expires it'll sit in limbo for a bit until the previous owner re-registers it. You'd need to keep submitting orders basically on an hourly basis until it finally became available.

Not that I agree with it, but a company I used to work for would buy expiring names and then sell them on/sell them back to the previous owner for a premium. Ethical? No. Financially sound? God yes.

There are lots of hosts and domain sellers such as GoDaddy that offer the service. It is known as "Back orderdering". We used snapnames.com.

You put in the domain you're looking to snipe, if it's coming up close to its expiration it'll let you order it. You order it and their bots take care of the rest.

Edited
5 Years Ago by khafka
 
GO


Similar Topics


As a small but national charity, we rely on charitable grants and individual donations to continue running theForum. We do not deliver government services. By being independent, we are able to respond to the needs of the people with convictions. Help us keep theForum going.

Donate Online

Login
Existing Account
Email Address:


Password:


Login
Select a Forum....
























































































































































































theForum


Search