Re: The Sad Cunts with No Life Thread
Adam Smiths left nut wrote:I genuinely agree with Bill on this one.
I don't see any point in him doing anything and I dare say he doesn't need to. Small hobby forums are not the target of this legislation and they are 'opt in' after all.
I think he probably is safe.
You'd be wrong to agree with Bill's claim of compliance, although he is probably further down the queue for being chased for non-compliance and the site may well fall over before they get to him. He sells advertising and membership to people in the EU with '000s of members in his database and states TMP is his full-time job. Even if he was just a hobby site it still applies. A pre-emptive conversation has been had with the ICO regarding my own gaming websites and whilst we were pretty close, I've been updating the wording and making sure there is a link to the privacy policy alongside every contact form and we only have 550 on the database.
The ICO already fine a range of people https://ico.org.uk/action-weve-taken/enforcement/ and whilst the big companies are likely to get tackled first it's a mixed bag that is likely to grow as more people realise they can complain. The big companies are the ones who actually send people on courses so I anticipate examples being made of smaller companies and groups who only read a leaflet. Online harassment is more likely to get flagged up nowadays so if you're sharing emails by ccing people without their explicit consent can be reported. I had to speak with one of our event organisers after he did that despite being told the week before to BCC and the reason for it and the s.
As Michael has pointed out, opt-in should be informed and there is no reference to a privacy policy at the point you hand over your data. For reference, data is 'Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.' If you can be identified from your postings, then there would be grounds for asking for it to be removed. If you also claimed that it being there was causing you harm or distress it would strengthen the case. Bill's occasional habit of using people's real names when slating the departed and allowing a hostile environment would go even further. I would think (I am not a lawyer, I only spoke to one about this issue) that flat out stating that he *will not* delete data in the FAQ is in direct contravention of the GDPR.
Obviously, the 'real name, real location' brigade who are generally in the US would make Bill's life much more difficult if he listened to their demands.