theForum is run by the charity Unlock. We do not actively moderate, monitor or edit contributions but we may intervene and take any action as we think necessary. Further details can be found in our terms of use. If you have any concerns over the contents on our site, please either register those concerns using the report-a-post button or email us at forum@unlock.org.uk.


Google De listing


Google De listing

Author
Message
khafka
khafka
Supreme Being
Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)

Group: Forum Members
Posts: 328, Visits: 18K
lotsofquer - 15 Jul 20 8:02 AM
khafka - 11 Jul 20 11:31 PM
lotsofquer - 11 Jul 20 11:12 PM
At a guess I’d say that the owner of that site will still not care at that point in time unfortunately. I think it’s a matter of either the ICO shutting them down or someone bringing a legal case that the site can’t afford to bankroll (although not sure what legal basis this would have - it would seem perhaps under the GDPR criminal register but maybe not given the way they try to present as news articles). The first option doesn’t seem likely either given that many have complained in general terms and the site remains. It would also seem that the ICO as shown in your case have the contact details for those behind the site so they know about them (unless they’re simply submitting via the contact form). You would think that the ICO would be a bit careful with such a sensitive subject and given they’re the enforcers of data protection regulations and must know what this site is likely to react with given their past interactions with them.There is a third and fourth possibility - the owner shuts the site down or someone hacks it. Unfortunately both extremely unlikely to in my opinion happen of course.

Well if they are found in breach of GDPR any company can be fined up to 4% or €20 million, whichever is highest. He'd also be forced to take the site down regardless and if he were to set another one would likely be in breach and would get a one way ticket for a wee holiday courtesy of HMP.

He wouldn't have a leg to stand on, legally speaking. Any solicitor moderately interested that doesn't care about how they would be portrayed in the media and with a modicum of sense could rip his arse apart in a court.

His website has been shut down before and with the much, much stricter GDPR rules in place now compared to previously I'd say it is just a matter of time. How long? Who knows. I reckon his own hubris will ultimately be his downfall though.

As for the hacking side. I wouldn't be so sure. It's a Wordpress site, hardly Fort Knox. I dare say you could get into it the admin using Rainbow, Cain and Abel, or John the Ripper... If someone was that way inclined...

How did you get on with the ICO? Have they acknowledged that they stuffed up?

Nope.

Still waiting on a response.

I tried calling them on Monday but was on hold for nearly an hour waiting to speak to someone so gave up. I did email them initially when this all kicked off on Saturday. If their time frame is anything like the initial complaint I made then I'll update this thread around Christmas when they finally respond...

lotsofquer
lotsofquer
Supreme Being
Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)

Group: Forum Members
Posts: 119, Visits: 3.4K
khafka - 15 Jul 20 5:28 PM
lotsofquer - 15 Jul 20 8:02 AM
khafka - 11 Jul 20 11:31 PM
lotsofquer - 11 Jul 20 11:12 PM
At a guess I’d say that the owner of that site will still not care at that point in time unfortunately. I think it’s a matter of either the ICO shutting them down or someone bringing a legal case that the site can’t afford to bankroll (although not sure what legal basis this would have - it would seem perhaps under the GDPR criminal register but maybe not given the way they try to present as news articles). The first option doesn’t seem likely either given that many have complained in general terms and the site remains. It would also seem that the ICO as shown in your case have the contact details for those behind the site so they know about them (unless they’re simply submitting via the contact form). You would think that the ICO would be a bit careful with such a sensitive subject and given they’re the enforcers of data protection regulations and must know what this site is likely to react with given their past interactions with them.There is a third and fourth possibility - the owner shuts the site down or someone hacks it. Unfortunately both extremely unlikely to in my opinion happen of course.

Well if they are found in breach of GDPR any company can be fined up to 4% or €20 million, whichever is highest. He'd also be forced to take the site down regardless and if he were to set another one would likely be in breach and would get a one way ticket for a wee holiday courtesy of HMP.

He wouldn't have a leg to stand on, legally speaking. Any solicitor moderately interested that doesn't care about how they would be portrayed in the media and with a modicum of sense could rip his arse apart in a court.

His website has been shut down before and with the much, much stricter GDPR rules in place now compared to previously I'd say it is just a matter of time. How long? Who knows. I reckon his own hubris will ultimately be his downfall though.

As for the hacking side. I wouldn't be so sure. It's a Wordpress site, hardly Fort Knox. I dare say you could get into it the admin using Rainbow, Cain and Abel, or John the Ripper... If someone was that way inclined...

How did you get on with the ICO? Have they acknowledged that they stuffed up?

Nope.

Still waiting on a response.

I tried calling them on Monday but was on hold for nearly an hour waiting to speak to someone so gave up. I did email them initially when this all kicked off on Saturday. If their time frame is anything like the initial complaint I made then I'll update this thread around Christmas when they finally respond...

Wondered if that might be the case. If it was me I'd be chasing them daily as quite frankly it's not acceptable - not that doing so will change the situation but it will certainly raise the seriousness of the issue with them (and potentially in the future any compensation you receive from them - should it go down that route).

khafka
khafka
Supreme Being
Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)

Group: Forum Members
Posts: 328, Visits: 18K
lotsofquer - 15 Jul 20 5:36 PM
khafka - 15 Jul 20 5:28 PM
lotsofquer - 15 Jul 20 8:02 AM
khafka - 11 Jul 20 11:31 PM
lotsofquer - 11 Jul 20 11:12 PM
At a guess I’d say that the owner of that site will still not care at that point in time unfortunately. I think it’s a matter of either the ICO shutting them down or someone bringing a legal case that the site can’t afford to bankroll (although not sure what legal basis this would have - it would seem perhaps under the GDPR criminal register but maybe not given the way they try to present as news articles). The first option doesn’t seem likely either given that many have complained in general terms and the site remains. It would also seem that the ICO as shown in your case have the contact details for those behind the site so they know about them (unless they’re simply submitting via the contact form). You would think that the ICO would be a bit careful with such a sensitive subject and given they’re the enforcers of data protection regulations and must know what this site is likely to react with given their past interactions with them.There is a third and fourth possibility - the owner shuts the site down or someone hacks it. Unfortunately both extremely unlikely to in my opinion happen of course.

Well if they are found in breach of GDPR any company can be fined up to 4% or €20 million, whichever is highest. He'd also be forced to take the site down regardless and if he were to set another one would likely be in breach and would get a one way ticket for a wee holiday courtesy of HMP.

He wouldn't have a leg to stand on, legally speaking. Any solicitor moderately interested that doesn't care about how they would be portrayed in the media and with a modicum of sense could rip his arse apart in a court.

His website has been shut down before and with the much, much stricter GDPR rules in place now compared to previously I'd say it is just a matter of time. How long? Who knows. I reckon his own hubris will ultimately be his downfall though.

As for the hacking side. I wouldn't be so sure. It's a Wordpress site, hardly Fort Knox. I dare say you could get into it the admin using Rainbow, Cain and Abel, or John the Ripper... If someone was that way inclined...

How did you get on with the ICO? Have they acknowledged that they stuffed up?

Nope.

Still waiting on a response.

I tried calling them on Monday but was on hold for nearly an hour waiting to speak to someone so gave up. I did email them initially when this all kicked off on Saturday. If their time frame is anything like the initial complaint I made then I'll update this thread around Christmas when they finally respond...

Wondered if that might be the case. If it was me I'd be chasing them daily as quite frankly it's not acceptable - not that doing so will change the situation but it will certainly raise the seriousness of the issue with them (and potentially in the future any compensation you receive from them - should it go down that route).

Perhaps interestingly - I did get a call from the officer that looks after me and apparently that post with my picture and name stating "make him famous" doesn't count as a (targeted) threat, harassment, or abuse. Seemingly they'd have to explicitly say "I want you all to kick him in the face when you see him" or if they stated they'd do it themselves.

It has to show a statement of intent like "I will hunt down lotsofquer and set fire to his house" which would be the offence, however, if I were to say "Imagine if someone found lotsofquer and burned down his house. Here is what he looks like and his street" that isn't an offence.
lotsofquer - 15 Jul 20 5:36 PM
khafka - 15 Jul 20 5:28 PM
lotsofquer - 15 Jul 20 8:02 AM
khafka - 11 Jul 20 11:31 PM
lotsofquer - 11 Jul 20 11:12 PM
At a guess I’d say that the owner of that site will still not care at that point in time unfortunately. I think it’s a matter of either the ICO shutting them down or someone bringing a legal case that the site can’t afford to bankroll (although not sure what legal basis this would have - it would seem perhaps under the GDPR criminal register but maybe not given the way they try to present as news articles). The first option doesn’t seem likely either given that many have complained in general terms and the site remains. It would also seem that the ICO as shown in your case have the contact details for those behind the site so they know about them (unless they’re simply submitting via the contact form). You would think that the ICO would be a bit careful with such a sensitive subject and given they’re the enforcers of data protection regulations and must know what this site is likely to react with given their past interactions with them.There is a third and fourth possibility - the owner shuts the site down or someone hacks it. Unfortunately both extremely unlikely to in my opinion happen of course.

Well if they are found in breach of GDPR any company can be fined up to 4% or €20 million, whichever is highest. He'd also be forced to take the site down regardless and if he were to set another one would likely be in breach and would get a one way ticket for a wee holiday courtesy of HMP.

He wouldn't have a leg to stand on, legally speaking. Any solicitor moderately interested that doesn't care about how they would be portrayed in the media and with a modicum of sense could rip his arse apart in a court.

His website has been shut down before and with the much, much stricter GDPR rules in place now compared to previously I'd say it is just a matter of time. How long? Who knows. I reckon his own hubris will ultimately be his downfall though.

As for the hacking side. I wouldn't be so sure. It's a Wordpress site, hardly Fort Knox. I dare say you could get into it the admin using Rainbow, Cain and Abel, or John the Ripper... If someone was that way inclined...

How did you get on with the ICO? Have they acknowledged that they stuffed up?

Nope.

Still waiting on a response.

I tried calling them on Monday but was on hold for nearly an hour waiting to speak to someone so gave up. I did email them initially when this all kicked off on Saturday. If their time frame is anything like the initial complaint I made then I'll update this thread around Christmas when they finally respond...

Wondered if that might be the case. If it was me I'd be chasing them daily as quite frankly it's not acceptable - not that doing so will change the situation but it will certainly raise the seriousness of the issue with them (and potentially in the future any compensation you receive from them - should it go down that route).

Perhaps interestingly. I did have a call with the officer than oversees me and I did bring up that post on the our local Guy Fawkes Enthusiast Group and apparently it isn't deemed a concern legally and isn't deemed as (targeted) harassment, bully, incitement, or abuse due to them not specifically stating what should be done.

They posted my name, my picture, my street and stated to "make me famous". This is fine and acceptable. They need to be more definite in what they are stating.

For example:

"I'm going to track down lotsofquer and kick his head in" - This is an offence and I could be spoken to about it.

"Someone should track down lotsofquer and kick his head in. Here's what he looks like, here's a rough approximation of a small street he lives on" - This is not an offence.

I mentioned the UK Database website as essentially the crux of this. He agrees and if you look around the vast majority of police throughout the UK agree this website and "vigilante" groups are a nuisance and cause more harm than good. Then why don't they shut them down? You can point to numerous laws they all break. Most of them are well known by their local police force. They have the power to knock on their door and go "Shut this down now or else you're getting arrested".

My tinfoil hat theory why they don't though is due to the public outcry that would happen: "oH ThEy ArE pAeDo SyMpAtHiSErS!!111OnE!", "HoW WiLl My chIlDrEn bE SaFe noW?!".

I feel that would be more than hassle than it is worth for the police to deal with so when something does happen as a result of one of these groups then they just deal with that on a case-by-case basis. But to me that is a poor attitude as the damage is already done by that point.

You smother a pan fire in your kitchen as soon as you notice it to stop it spreading. You don't chuck a bottle of water on a burning building.

Bit rambly now but I've always felt strongly about this sort of lynch mob justice stuff and could talk for days about it.

Edited
4 Years Ago by khafka
lotsofquer
lotsofquer
Supreme Being
Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)

Group: Forum Members
Posts: 119, Visits: 3.4K
khafka - 15 Jul 20 6:49 PM
lotsofquer - 15 Jul 20 5:36 PM
khafka - 15 Jul 20 5:28 PM
lotsofquer - 15 Jul 20 8:02 AM
khafka - 11 Jul 20 11:31 PM
lotsofquer - 11 Jul 20 11:12 PM
At a guess I’d say that the owner of that site will still not care at that point in time unfortunately. I think it’s a matter of either the ICO shutting them down or someone bringing a legal case that the site can’t afford to bankroll (although not sure what legal basis this would have - it would seem perhaps under the GDPR criminal register but maybe not given the way they try to present as news articles). The first option doesn’t seem likely either given that many have complained in general terms and the site remains. It would also seem that the ICO as shown in your case have the contact details for those behind the site so they know about them (unless they’re simply submitting via the contact form). You would think that the ICO would be a bit careful with such a sensitive subject and given they’re the enforcers of data protection regulations and must know what this site is likely to react with given their past interactions with them.There is a third and fourth possibility - the owner shuts the site down or someone hacks it. Unfortunately both extremely unlikely to in my opinion happen of course.

Well if they are found in breach of GDPR any company can be fined up to 4% or €20 million, whichever is highest. He'd also be forced to take the site down regardless and if he were to set another one would likely be in breach and would get a one way ticket for a wee holiday courtesy of HMP.

He wouldn't have a leg to stand on, legally speaking. Any solicitor moderately interested that doesn't care about how they would be portrayed in the media and with a modicum of sense could rip his arse apart in a court.

His website has been shut down before and with the much, much stricter GDPR rules in place now compared to previously I'd say it is just a matter of time. How long? Who knows. I reckon his own hubris will ultimately be his downfall though.

As for the hacking side. I wouldn't be so sure. It's a Wordpress site, hardly Fort Knox. I dare say you could get into it the admin using Rainbow, Cain and Abel, or John the Ripper... If someone was that way inclined...

How did you get on with the ICO? Have they acknowledged that they stuffed up?

Nope.

Still waiting on a response.

I tried calling them on Monday but was on hold for nearly an hour waiting to speak to someone so gave up. I did email them initially when this all kicked off on Saturday. If their time frame is anything like the initial complaint I made then I'll update this thread around Christmas when they finally respond...

Wondered if that might be the case. If it was me I'd be chasing them daily as quite frankly it's not acceptable - not that doing so will change the situation but it will certainly raise the seriousness of the issue with them (and potentially in the future any compensation you receive from them - should it go down that route).

Perhaps interestingly - I did get a call from the officer that looks after me and apparently that post with my picture and name stating "make him famous" doesn't count as a (targeted) threat, harassment, or abuse. Seemingly they'd have to explicitly say "I want you all to kick him in the face when you see him" or if they stated they'd do it themselves.

It has to show a statement of intent like "I will hunt down lotsofquer and set fire to his house" which would be the offence, however, if I were to say "Imagine if someone found lotsofquer and burned down his house. Here is what he looks like and his street" that isn't an offence.
lotsofquer - 15 Jul 20 5:36 PM
khafka - 15 Jul 20 5:28 PM
lotsofquer - 15 Jul 20 8:02 AM
khafka - 11 Jul 20 11:31 PM
lotsofquer - 11 Jul 20 11:12 PM
At a guess I’d say that the owner of that site will still not care at that point in time unfortunately. I think it’s a matter of either the ICO shutting them down or someone bringing a legal case that the site can’t afford to bankroll (although not sure what legal basis this would have - it would seem perhaps under the GDPR criminal register but maybe not given the way they try to present as news articles). The first option doesn’t seem likely either given that many have complained in general terms and the site remains. It would also seem that the ICO as shown in your case have the contact details for those behind the site so they know about them (unless they’re simply submitting via the contact form). You would think that the ICO would be a bit careful with such a sensitive subject and given they’re the enforcers of data protection regulations and must know what this site is likely to react with given their past interactions with them.There is a third and fourth possibility - the owner shuts the site down or someone hacks it. Unfortunately both extremely unlikely to in my opinion happen of course.

Well if they are found in breach of GDPR any company can be fined up to 4% or €20 million, whichever is highest. He'd also be forced to take the site down regardless and if he were to set another one would likely be in breach and would get a one way ticket for a wee holiday courtesy of HMP.

He wouldn't have a leg to stand on, legally speaking. Any solicitor moderately interested that doesn't care about how they would be portrayed in the media and with a modicum of sense could rip his arse apart in a court.

His website has been shut down before and with the much, much stricter GDPR rules in place now compared to previously I'd say it is just a matter of time. How long? Who knows. I reckon his own hubris will ultimately be his downfall though.

As for the hacking side. I wouldn't be so sure. It's a Wordpress site, hardly Fort Knox. I dare say you could get into it the admin using Rainbow, Cain and Abel, or John the Ripper... If someone was that way inclined...

How did you get on with the ICO? Have they acknowledged that they stuffed up?

Nope.

Still waiting on a response.

I tried calling them on Monday but was on hold for nearly an hour waiting to speak to someone so gave up. I did email them initially when this all kicked off on Saturday. If their time frame is anything like the initial complaint I made then I'll update this thread around Christmas when they finally respond...

Wondered if that might be the case. If it was me I'd be chasing them daily as quite frankly it's not acceptable - not that doing so will change the situation but it will certainly raise the seriousness of the issue with them (and potentially in the future any compensation you receive from them - should it go down that route).

Perhaps interestingly. I did have a call with the officer than oversees me and I did bring up that post on the our local Guy Fawkes Enthusiast Group and apparently it isn't deemed a concern legally and isn't deemed as (targeted) harassment, bully, incitement, or abuse due to them not specifically stating what should be done.

They posted my name, my picture, my street and stated to "make me famous". This is fine and acceptable. They need to be more definite in what they are stating.

For example:

"I'm going to track down lotsofquer and kick his head in" - This is an offence and I could be spoken to about it.

"Someone should track down lotsofquer and kick his head in. Here's what he looks like, here's a rough approximation of a small street he lives on" - This is not an offence.

I mentioned the UK Database website as essentially the crux of this. He agrees and if you look around the vast majority of police throughout the UK agree this website and "vigilante" groups are a nuisance and cause more harm than good. Then why don't they shut them down? You can point to numerous laws they all break. Most of them are well known by their local police force. They have the power to knock on their door and go "Shut this down now or else you're getting arrested".

My tinfoil hat theory why they don't though is due to the public outcry that would happen: "oH ThEy ArE pAeDo SyMpAtHiSErS!!111OnE!", "HoW WiLl My chIlDrEn bE SaFe noW?!".

I feel that would be more than hassle than it is worth for the police to deal with so when something does happen as a result of one of these groups then they just deal with that on a case-by-case basis. But to me that is a poor attitude as the damage is already done by that point.

You smother a pan fire in your kitchen as soon as you notice it to stop it spreading. You don't chuck a bottle of water on a burning building.

Bit rambly now but I've always felt strongly about this sort of lynch mob justice stuff and could talk for days about it.

Hmm interesting. Did they say anything else - like sorry we gave your details to a group we know do this sort of thing even though you asked us not to and our privacy policy explicatly states we won't do this without asking you first?!

He may be right on the legal bit (from the brief bit I read on the CPS website - although I'm no lawyer).  There could be another avenue however and that is facebooks community standards which I've pulled some bits out of below - that you might be able to use to get the facebook posts removed.

https://en-gb.facebook.com/communitystandards/bullying
Bullying and harassment happen in many places and come in many different forms, from making threats to releasing personally identifiable information, to sending threatening messages and making unwanted malicious contact. We do not tolerate this kind of behaviour because it prevents people from feeling safe and respected on Facebook.

Context and intent matter, and we allow people to share and reshare posts if it is clear that something was shared in order to condemn or draw attention to bullying and harassment. In certain instances, we require self-reporting because it helps us understand that the person targeted feels bullied or harassed.

Do not:
Target anyone maliciously by:
  • Threaten to release an individual's private phone number, residential address or email address

Sending messages that contain the following attacks when aimed at an individual or group of individuals in the thread
  • Calls for death, serious disease or disability, or physical harm

https://en-gb.facebook.com/communitystandards/violence_criminal_behavior
1. Violence and incitement
We aim to prevent potential offline harm that may be related to content on Facebook. While we understand that people commonly express disdain or disagreement by threatening or calling for violence in non-serious ways, we remove language that incites or facilitates serious violence. We remove content, disable accounts and work with law enforcement when we believe that there is a genuine risk of physical harm or direct threats to public safety. We also try to consider the language and context in order to distinguish casual statements from content that constitutes a credible threat to public or personal safety. In determining whether a threat is credible, we may also consider additional information such as a person's public visibility and the risks to their physical safety.


Given that it's your personal data they've posted (both photo and address are considered PII - personally identifiable information - especially when posted together in this situation) you could also go down the GDPR route of right of erasure.
https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1528874672298&uri=CELEX:02016R0679-20160504

Article 17

Right to erasure (‘right to be forgotten’)

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
(d) the personal data have been unlawfully processed;  (e.g. you haven't given them your permission to process your personal data)

Article 21
Right to object

1.  The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.



Article 6 
Lawfulness of processing 
1.  Processing shall be lawful only if and to the extent that at least one of the following applies:   
(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; 
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

It looks like the above would come down to legitimate interest however for which the ICO says to apply a test (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/). I personally can't see that facebook could justify legitmate interests but they may be able to with the large legal team I imagine they have.
The bits to point out in the above link if they claim this would be the third test and in particular the below.
Third, do a balancing test. Consider the impact of your processing and whether this overrides the interest you have identified. You might find it helpful to think about the following:
  • Is any of the data particularly sensitive or private?
  • Would people expect you to use their data in this way?
  • What is the possible impact on the individual?
  • How big an impact might it have on them?

  • The ICO page also mentions Recital 47 of GDPR which can be found at https://www.privacy-regulation.eu/en/r47.htm
    (47) The legitimate interests of a controller, including those of a controller to which the personal data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller.
    The interests and fundamental rights of the data subject could in particular override the interest of the data controller where personal data are processed in circumstances where data subjects do not reasonably expect further processing.


    khafka
    khafka
    Supreme Being
    Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)

    Group: Forum Members
    Posts: 328, Visits: 18K
    lotsofquer - 15 Jul 20 8:10 PM
    khafka - 15 Jul 20 6:49 PM
    lotsofquer - 15 Jul 20 5:36 PM
    khafka - 15 Jul 20 5:28 PM
    lotsofquer - 15 Jul 20 8:02 AM
    khafka - 11 Jul 20 11:31 PM
    lotsofquer - 11 Jul 20 11:12 PM
    At a guess I’d say that the owner of that site will still not care at that point in time unfortunately. I think it’s a matter of either the ICO shutting them down or someone bringing a legal case that the site can’t afford to bankroll (although not sure what legal basis this would have - it would seem perhaps under the GDPR criminal register but maybe not given the way they try to present as news articles). The first option doesn’t seem likely either given that many have complained in general terms and the site remains. It would also seem that the ICO as shown in your case have the contact details for those behind the site so they know about them (unless they’re simply submitting via the contact form). You would think that the ICO would be a bit careful with such a sensitive subject and given they’re the enforcers of data protection regulations and must know what this site is likely to react with given their past interactions with them.There is a third and fourth possibility - the owner shuts the site down or someone hacks it. Unfortunately both extremely unlikely to in my opinion happen of course.

    Well if they are found in breach of GDPR any company can be fined up to 4% or €20 million, whichever is highest. He'd also be forced to take the site down regardless and if he were to set another one would likely be in breach and would get a one way ticket for a wee holiday courtesy of HMP.

    He wouldn't have a leg to stand on, legally speaking. Any solicitor moderately interested that doesn't care about how they would be portrayed in the media and with a modicum of sense could rip his arse apart in a court.

    His website has been shut down before and with the much, much stricter GDPR rules in place now compared to previously I'd say it is just a matter of time. How long? Who knows. I reckon his own hubris will ultimately be his downfall though.

    As for the hacking side. I wouldn't be so sure. It's a Wordpress site, hardly Fort Knox. I dare say you could get into it the admin using Rainbow, Cain and Abel, or John the Ripper... If someone was that way inclined...

    How did you get on with the ICO? Have they acknowledged that they stuffed up?

    Nope.

    Still waiting on a response.

    I tried calling them on Monday but was on hold for nearly an hour waiting to speak to someone so gave up. I did email them initially when this all kicked off on Saturday. If their time frame is anything like the initial complaint I made then I'll update this thread around Christmas when they finally respond...

    Wondered if that might be the case. If it was me I'd be chasing them daily as quite frankly it's not acceptable - not that doing so will change the situation but it will certainly raise the seriousness of the issue with them (and potentially in the future any compensation you receive from them - should it go down that route).

    Perhaps interestingly - I did get a call from the officer that looks after me and apparently that post with my picture and name stating "make him famous" doesn't count as a (targeted) threat, harassment, or abuse. Seemingly they'd have to explicitly say "I want you all to kick him in the face when you see him" or if they stated they'd do it themselves.

    It has to show a statement of intent like "I will hunt down lotsofquer and set fire to his house" which would be the offence, however, if I were to say "Imagine if someone found lotsofquer and burned down his house. Here is what he looks like and his street" that isn't an offence.
    lotsofquer - 15 Jul 20 5:36 PM
    khafka - 15 Jul 20 5:28 PM
    lotsofquer - 15 Jul 20 8:02 AM
    khafka - 11 Jul 20 11:31 PM
    lotsofquer - 11 Jul 20 11:12 PM
    At a guess I’d say that the owner of that site will still not care at that point in time unfortunately. I think it’s a matter of either the ICO shutting them down or someone bringing a legal case that the site can’t afford to bankroll (although not sure what legal basis this would have - it would seem perhaps under the GDPR criminal register but maybe not given the way they try to present as news articles). The first option doesn’t seem likely either given that many have complained in general terms and the site remains. It would also seem that the ICO as shown in your case have the contact details for those behind the site so they know about them (unless they’re simply submitting via the contact form). You would think that the ICO would be a bit careful with such a sensitive subject and given they’re the enforcers of data protection regulations and must know what this site is likely to react with given their past interactions with them.There is a third and fourth possibility - the owner shuts the site down or someone hacks it. Unfortunately both extremely unlikely to in my opinion happen of course.

    Well if they are found in breach of GDPR any company can be fined up to 4% or €20 million, whichever is highest. He'd also be forced to take the site down regardless and if he were to set another one would likely be in breach and would get a one way ticket for a wee holiday courtesy of HMP.

    He wouldn't have a leg to stand on, legally speaking. Any solicitor moderately interested that doesn't care about how they would be portrayed in the media and with a modicum of sense could rip his arse apart in a court.

    His website has been shut down before and with the much, much stricter GDPR rules in place now compared to previously I'd say it is just a matter of time. How long? Who knows. I reckon his own hubris will ultimately be his downfall though.

    As for the hacking side. I wouldn't be so sure. It's a Wordpress site, hardly Fort Knox. I dare say you could get into it the admin using Rainbow, Cain and Abel, or John the Ripper... If someone was that way inclined...

    How did you get on with the ICO? Have they acknowledged that they stuffed up?

    Nope.

    Still waiting on a response.

    I tried calling them on Monday but was on hold for nearly an hour waiting to speak to someone so gave up. I did email them initially when this all kicked off on Saturday. If their time frame is anything like the initial complaint I made then I'll update this thread around Christmas when they finally respond...

    Wondered if that might be the case. If it was me I'd be chasing them daily as quite frankly it's not acceptable - not that doing so will change the situation but it will certainly raise the seriousness of the issue with them (and potentially in the future any compensation you receive from them - should it go down that route).

    Perhaps interestingly. I did have a call with the officer than oversees me and I did bring up that post on the our local Guy Fawkes Enthusiast Group and apparently it isn't deemed a concern legally and isn't deemed as (targeted) harassment, bully, incitement, or abuse due to them not specifically stating what should be done.

    They posted my name, my picture, my street and stated to "make me famous". This is fine and acceptable. They need to be more definite in what they are stating.

    For example:

    "I'm going to track down lotsofquer and kick his head in" - This is an offence and I could be spoken to about it.

    "Someone should track down lotsofquer and kick his head in. Here's what he looks like, here's a rough approximation of a small street he lives on" - This is not an offence.

    I mentioned the UK Database website as essentially the crux of this. He agrees and if you look around the vast majority of police throughout the UK agree this website and "vigilante" groups are a nuisance and cause more harm than good. Then why don't they shut them down? You can point to numerous laws they all break. Most of them are well known by their local police force. They have the power to knock on their door and go "Shut this down now or else you're getting arrested".

    My tinfoil hat theory why they don't though is due to the public outcry that would happen: "oH ThEy ArE pAeDo SyMpAtHiSErS!!111OnE!", "HoW WiLl My chIlDrEn bE SaFe noW?!".

    I feel that would be more than hassle than it is worth for the police to deal with so when something does happen as a result of one of these groups then they just deal with that on a case-by-case basis. But to me that is a poor attitude as the damage is already done by that point.

    You smother a pan fire in your kitchen as soon as you notice it to stop it spreading. You don't chuck a bottle of water on a burning building.

    Bit rambly now but I've always felt strongly about this sort of lynch mob justice stuff and could talk for days about it.

    Hmm interesting. Did they say anything else - like sorry we gave your details to a group we know do this sort of thing even though you asked us not to and our privacy policy explicatly states we won't do this without asking you first?!

    He may be right on the legal bit (from the brief bit I read on the CPS website - although I'm no lawyer).  There could be another avenue however and that is facebooks community standards which I've pulled some bits out of below - that you might be able to use to get the facebook posts removed.

    https://en-gb.facebook.com/communitystandards/bullying
    Bullying and harassment happen in many places and come in many different forms, from making threats to releasing personally identifiable information, to sending threatening messages and making unwanted malicious contact. We do not tolerate this kind of behaviour because it prevents people from feeling safe and respected on Facebook.

    Context and intent matter, and we allow people to share and reshare posts if it is clear that something was shared in order to condemn or draw attention to bullying and harassment. In certain instances, we require self-reporting because it helps us understand that the person targeted feels bullied or harassed.

    Do not:
    Target anyone maliciously by:
    • Threaten to release an individual's private phone number, residential address or email address

    Sending messages that contain the following attacks when aimed at an individual or group of individuals in the thread
    • Calls for death, serious disease or disability, or physical harm

    https://en-gb.facebook.com/communitystandards/violence_criminal_behavior
    1. Violence and incitement
    We aim to prevent potential offline harm that may be related to content on Facebook. While we understand that people commonly express disdain or disagreement by threatening or calling for violence in non-serious ways, we remove language that incites or facilitates serious violence. We remove content, disable accounts and work with law enforcement when we believe that there is a genuine risk of physical harm or direct threats to public safety. We also try to consider the language and context in order to distinguish casual statements from content that constitutes a credible threat to public or personal safety. In determining whether a threat is credible, we may also consider additional information such as a person's public visibility and the risks to their physical safety.


    Given that it's your personal data they've posted (both photo and address are considered PII - personally identifiable information - especially when posted together in this situation) you could also go down the GDPR route of right of erasure.
    https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1528874672298&uri=CELEX:02016R0679-20160504

    Article 17

    Right to erasure (‘right to be forgotten’)

    The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
    (c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
    (d) the personal data have been unlawfully processed;  (e.g. you haven't given them your permission to process your personal data)

    Article 21
    Right to object

    1.  The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.



    Article 6 
    Lawfulness of processing 
    1.  Processing shall be lawful only if and to the extent that at least one of the following applies:   
    (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; 
    (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

    It looks like the above would come down to legitimate interest however for which the ICO says to apply a test (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/). I personally can't see that facebook could justify legitmate interests but they may be able to with the large legal team I imagine they have.
    The bits to point out in the above link if they claim this would be the third test and in particular the below.
    Third, do a balancing test. Consider the impact of your processing and whether this overrides the interest you have identified. You might find it helpful to think about the following:
  • Is any of the data particularly sensitive or private?
  • Would people expect you to use their data in this way?
  • What is the possible impact on the individual?
  • How big an impact might it have on them?

  • The ICO page also mentions Recital 47 of GDPR which can be found at https://www.privacy-regulation.eu/en/r47.htm
    (47) The legitimate interests of a controller, including those of a controller to which the personal data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller.
    The interests and fundamental rights of the data subject could in particular override the interest of the data controller where personal data are processed in circumstances where data subjects do not reasonably expect further processing.


    Don't know why my post ended up in a bit of a mess there.

    But no. So far it has been radio silence from ICO, not heard a single peep from them.

    I tried the Facebook route ages ago and they're not even remotely interested a picture, street and where I worked (at the time) wasn't/isn't enough personal information apparently. It was just Madeup Street, City. If it was "123 Madeup Street, City" then it might constitute something. Worth noting that when someone puts in a complaint to Facebook about a post it does notify the account holder which post is the offending one so all that'd do is just poke the fire a bit more and bring me right up on their RADAR. Certainly not something I want.

    I'm sure if I lodged some kind of proper legal attack with cease & desist letters etc. then something might happen but I don't have the financial means or mental energy to do it.


    Edited
    4 Years Ago by khafka
    khafka
    khafka
    Supreme Being
    Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)Supreme Being (52K reputation)

    Group: Forum Members
    Posts: 328, Visits: 18K
    So thought I'd update this as I've now received a response in regards to my complaint to ICO. They've closed my case against the UK Database as well as marked my complaint as closed/resolved too. They have mentioned they will still be passing on the website for investigation. I won't hear anything back about this as my case is closed but hey-ho.

    Here is the email response if you're interested.


    Dear Mr. [REDACTED]

    I am writing further to your service complaint about our handling of your concern held under reference [REDACTED]. This relates to the data protection concern that you reported to the Information Commissioner’s Office (ICO) about the UK Database, the Data Controller in this case.

    I have attached a leaflet which explains how we handle requests for a case review.

    Your concerns

    The concern you raise is that you asked us not to disclose your information to the Data Controller, the UK Database , and that despite your request we did so.

    I have reviewed the case and can see that unfortunately, we did disclose your name and email address to the Data Controller.

    Please accept my sincerest apologies for this oversight on our part which is as a result of human error. Unfortunately, I cannot turn back the clock and amend the error in your case but I will use this error to learn lessons and remind colleagues of the need to ensure that cases do not contain specific requests not to disclose details.

    With regard to the concerns you raised about the Data Controller in question, we will now pass these to the relevant department for consideration. This outcome means that your case under the above reference is now closed.

    As a responsible regulator, we use the concerns brought to our attention by individuals to inform our decisions as to whether it is appropriate to investigate an organisation’s information rights practices and consider further regulatory action. If we decide to take any action in a case, we do so in line with our Regulatory Action Policy and I have provided a link below.

    https://ico.org.uk/media/about-the-ico/documents/2259467/regulatory-action-policy.pdf

    Any action we do take in line with the policy is published on our website.

    Once again, may I apologise for the oversight in this case and for any distress caused.

    Taking your complaint further

    A case review is the final stage of the ICO’s case handling process. Please take this as our final response on this matter.

    Should you remain dissatisfied with our review outcome, the attached leaflet outlines the options available to you.

    Yours sincerely

    [REDACTED NAME]
    Team Manager
    Information Commissioner’s Office


    So you can all glean from that what you will.

    Unsure if I should just drop it or push a bit more. Not entirely sure what my end goal would be though.

    Interesting to see if anything happens to the website. I suspect if any notification or push from ICO to UKD will end up flagging me up again considering how close in time the two situations are.


    lotsofquer
    lotsofquer
    Supreme Being
    Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)Supreme Being (14K reputation)

    Group: Forum Members
    Posts: 119, Visits: 3.4K
    khafka - 28 Jul 20 5:32 AM
    So thought I'd update this as I've now received a response in regards to my complaint to ICO. They've closed my case against the UK Database as well as marked my complaint as closed/resolved too. They have mentioned they will still be passing on the website for investigation. I won't hear anything back about this as my case is closed but hey-ho.

    Here is the email response if you're interested.


    Dear Mr. [REDACTED]

    I am writing further to your service complaint about our handling of your concern held under reference [REDACTED]. This relates to the data protection concern that you reported to the Information Commissioner’s Office (ICO) about the UK Database, the Data Controller in this case.

    I have attached a leaflet which explains how we handle requests for a case review.

    Your concerns

    The concern you raise is that you asked us not to disclose your information to the Data Controller, the UK Database , and that despite your request we did so.

    I have reviewed the case and can see that unfortunately, we did disclose your name and email address to the Data Controller.

    Please accept my sincerest apologies for this oversight on our part which is as a result of human error. Unfortunately, I cannot turn back the clock and amend the error in your case but I will use this error to learn lessons and remind colleagues of the need to ensure that cases do not contain specific requests not to disclose details.

    With regard to the concerns you raised about the Data Controller in question, we will now pass these to the relevant department for consideration. This outcome means that your case under the above reference is now closed.

    As a responsible regulator, we use the concerns brought to our attention by individuals to inform our decisions as to whether it is appropriate to investigate an organisation’s information rights practices and consider further regulatory action. If we decide to take any action in a case, we do so in line with our Regulatory Action Policy and I have provided a link below.

    https://ico.org.uk/media/about-the-ico/documents/2259467/regulatory-action-policy.pdf

    Any action we do take in line with the policy is published on our website.

    Once again, may I apologise for the oversight in this case and for any distress caused.

    Taking your complaint further

    A case review is the final stage of the ICO’s case handling process. Please take this as our final response on this matter.

    Should you remain dissatisfied with our review outcome, the attached leaflet outlines the options available to you.

    Yours sincerely

    [REDACTED NAME]
    Team Manager
    Information Commissioner’s Office


    So you can all glean from that what you will.

    Unsure if I should just drop it or push a bit more. Not entirely sure what my end goal would be though.

    Interesting to see if anything happens to the website. I suspect if any notification or push from ICO to UKD will end up flagging me up again considering how close in time the two situations are.


    Hmm - seems a bit of a cop out/pussy footed response especially since you actively called them when they told you that they would be sending your details (after already stating you didn't want that) and tried to get them to stop and were fobbed off by being told you have to speak to the person directly. That's not human error - that's actively going against something you requested not to happen as is your right on more than one occasion.

    Like you say though I'm not sure what the end goal would be.

    I don't hold much hope of any action given that the website has been reported several times and remains active. Maybe something will happen - I doubt it will be soon if it does given they like to take their time about any action. The latest ICO action published in June this year relates to June 2017-June 2018. So you can probably not worry about it being linked to you if anything does happen.

    Outsourced
    Outsourced
    Supreme Being
    Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)

    Group: Forum Members
    Posts: 25, Visits: 2.7K
    I wonder if you should use the response letter to formally escalate the data breach they made as a tool to get the underlying issue redressed. 

    The ICO reports to someone. 

    Policy to beat the policy with. Government at its finest 
    Was
    Was
    Supreme Being
    Supreme Being (40K reputation)Supreme Being (40K reputation)Supreme Being (40K reputation)Supreme Being (40K reputation)Supreme Being (40K reputation)Supreme Being (40K reputation)Supreme Being (40K reputation)Supreme Being (40K reputation)Supreme Being (40K reputation)

    Group: Forum Members
    Posts: 298, Visits: 3.7K
    They report directly to Parliament, usually via the The Digital,Culture, Media and Sport Committee. This means that a complaint about the ICO itself (as opposed to a complaint about a decision by them) will in the first hand be made via your MP, although you could try the chair of the DCMS if you think it is that serious. Ultimately you can request a judicial review of their actions. One person who wanted to go down this path was told they required £75,000 up front and, assuming that that sort of money is not to hand, I suspect a crowdfunded attempt to secure that amount would have some attendant "publicity" issues.

    There is also this to bear in mind: https://panopticonblog.com/2015/07/21/right-to-be-forgotten-claim-rejected-by-the-administrative-court/

    I have no connection or dealings with that law firm, but they seem to specialise in information law, so you could try contacting them.



    GO


    Similar Topics


    As a small but national charity, we rely on charitable grants and individual donations to continue running theForum. We do not deliver government services. By being independent, we are able to respond to the needs of the people with convictions. Help us keep theForum going.

    Donate Online

    Login
    Existing Account
    Email Address:


    Password:


    Select a Forum....
























































































































































































    theForum


    Search