FAO admin

The UK GDPR provides a non-exhaustive list of common identifiers that, when used, may allow the identification of the individual to whom the information in question may relate. These identifiers include:

name;
identification number;
location data; and
an online identifier.

The fact that name is included as an option alongside “an online identifier” which covers things like IP address suggests that it’s not talking about in conjunction with a name.

A good rule of thumb that I’ve always adhered to is if somebody invokes their right to be forgotten, I should not be able to tell if they come back to the system at a later date.

You’re right about your face on it’s own not being PII, however in a lot of situations it absolutely is covered.

It all depends on the context, but like I say I’m 99% sure that email address, username and IP Address, along with other things that I’m forgetting about, are covered on the BBS.

 

One of the worst turns of phrase ever invented in the English language, and one that has played a big part in the countless preventable male suicides over the years after those poor, suffering blokes had been afraid to ask for help out of fear of being told to "man up".

 

We’ll agree to disagree.

I genuinely believe that admin ought to lock him out of his account, and delete any personal data they hold on his account. Also that they should have closed down the thread Tuesday. So in principle we agree re ‘doing the right thing’.

But we disagree re their legal obligations.

 

As personal info is available to site admin (email address, name etc) doesn't that constitute GDPR? I.e. the personal info is still stored within the BBS (at point of sign up) and accessible by admin? Still don't understand why they haven't deleted the account.

 

They don’t have my name.

 

Pike?

 

They have people's email addresses at least. This falls under GDPR.

 

Did you read the discussion above? And the link?

I don’t believe that an email address without a name falls under GDPR. Feel free to believe differently

 

I have but haven't read the link. I know that PII is any data that can be used to identify an individual however; if like mine your email address contains your first and last name, then it does fall under GDPR.

 

Either way, admin should just delete the account as requested.

 

But until you said that; no one would know that your email address was your real name.

ergo ‘email address’ isn’t PII but if your email address is JoeBloggs@gmail then I can see why for you it might be PII.

 

Why?
I feel sorry for the poor kid, who’s obviously had a mare.

And like I said the thread should have been deleted, but to completely wreck dozens of discussions, just because some kid can’t trust himself to lock himself out of his account is sledgehammer meets nut time.

 

Point is it's fairly obvious if someone is using their name in an email address, and admin will be able to identify someone by that, hence GDPR

 

Because he's requested it and has no way of doing it himself. How often do you read back through dozens of historical discussions to seek out comments by a poster who is no longer on the platform? I know i don't.

 

You do have a myopic view of this issue:
1. It’s neither a requirement or indeed common for an email address to contain a first and last name, so you painting that onto others is frankly weird.
2. The entire point of the forum structure is that it’s an archive of discussions. Just because you see it differently does not mean that you’re right.

 

1. I find it frankly weird that we haven't had a response from admin on this very simple request.
2. The right thing to do would be to delete the account as requested.
3. I've nothing more to say on this now. If the account is deleted then we wouldn't have to have these long, winding discussions.

 

I'm sorry to keep beating a dead horse, but do you have anything that states that email addresses are not PII? Every article and guidance I look at suggests that they are PII in any and all senses of the term. Even on their own. Same with Usernames or IP Addresses

 

All I’ll say is that GDPR and it’s predecessor are the most misunderstood pieces of legislation that I can think of.

People jump straight to it to defend all manner of madness.

And the fact that admin have felt that they can legally ignore this request suggests they have sought advice and are doing the right thing. So whilst ever this discussion continues…

 

This might help (though it might not).

I spent a few years training civil servants; and for each topic I’d start by discussing ‘policy intent’, because I felt that logically, if they understood why a certain rule existed, they could fill in the gaps not covered directly in the training.

So the intent of this part of GDPR is about recognising an individual. So if the information the admins hold is enough for an human subject to be recognised, then that’s covered by GDPR, if it’s not, it’s not.

So if my name is Joe Bloggs, and my username is Joe Bloggs29, then that’s clearly an identifier. If my email address was JoeBloggs@gmail, that’s an identifier.

But if my username is DonnyRed, and my email address is SexyBeast69@gmail then I can’t be identified by that information.

This gets clouded though if I use the same username on my Twitter account, and that contains my personal info. So if you can find DonnyRed on Twitter and it has the same avatar, and that contains my name, then a reasonable person could link my profile here to my name so it’s covered by GDPR.

But we shouldn’t have to be discussing the nuances of the law when a reasonable person ought to be able to say ‘I was a bit of a dick yesterday, I apologise’.

Or even ‘dear admin, can you delete that thread please’, or lock themselves out of their account and create a new one.

Blaming admin is a bit bonkers. Though, as I’ve said a number of times, they could be better at dealing with conflict