Tweet
I've got some questions regarding the possibility of a forum member of a free web forum (in theory, one like this one!) making a subject access request, as I am involved in a web forum that has received such a request.
OK so lets say someone creates an account on a free web forum, which is run by a collection of individual volunteers. That person makes a few posts, and after a while, the people who run the forum aren't happy and impose a sanction, such as restricting the account or even banning the account.
Let's say that person has created an anonymous username (e.g. ABC) and an email address that doesn't disclose their identity; presumably you would only be able to answer a subject access request if it came from the same email address that the account was associated with. If the person did not disclose their identity, but asked for all information relating to their account, what information would have to be provided to them?
I assume username, email address, IP addresses held, and any other information they chose to enter on their forum profile. But would the people who run the forum have to disclose any conversation that took place when deciding to take action (e.g. ban) the user? and if so, would that only apply if the conversation was held in a written/data format (ie. not if it was a voice discussion that was not recorded)?
Does it make a difference if the person is identifiable and identifies themselves? Also does it make a difference if they contact you from a different email address (thus making it difficult to verify the identity matches the individual whose data is being requested)?
Let's say the user keeps rejoining the site, despite being banned, and each time, the people who run the forum realise it is the same person and ban that account, let's say that person made three accounts in total. Would that person be able to demand details of the discussions that took place to determine if that person was a previously banned member, if that data was held in written/data format (and not just non-recorded discussions) or would an exemption apply on the basis that the information could be misused by the individual to assist them in creating further duplicate accounts (e.g. let's say the people who ran the website had a record of posting style, punctuation errors commonly made, or other similarities between the accounts which they used to identify the link)?
I understand most subject access requests are made by disgruntled ex-employees against their former employer or dissatisfied customers of a company, and I am not really sure the legislation had free online web forums, run by volunteer individuals in their spare time, in mind!
Many thanks in advance for any information anyone can provide
OK so lets say someone creates an account on a free web forum, which is run by a collection of individual volunteers. That person makes a few posts, and after a while, the people who run the forum aren't happy and impose a sanction, such as restricting the account or even banning the account.
Let's say that person has created an anonymous username (e.g. ABC) and an email address that doesn't disclose their identity; presumably you would only be able to answer a subject access request if it came from the same email address that the account was associated with. If the person did not disclose their identity, but asked for all information relating to their account, what information would have to be provided to them?
I assume username, email address, IP addresses held, and any other information they chose to enter on their forum profile. But would the people who run the forum have to disclose any conversation that took place when deciding to take action (e.g. ban) the user? and if so, would that only apply if the conversation was held in a written/data format (ie. not if it was a voice discussion that was not recorded)?
Does it make a difference if the person is identifiable and identifies themselves? Also does it make a difference if they contact you from a different email address (thus making it difficult to verify the identity matches the individual whose data is being requested)?
Let's say the user keeps rejoining the site, despite being banned, and each time, the people who run the forum realise it is the same person and ban that account, let's say that person made three accounts in total. Would that person be able to demand details of the discussions that took place to determine if that person was a previously banned member, if that data was held in written/data format (and not just non-recorded discussions) or would an exemption apply on the basis that the information could be misused by the individual to assist them in creating further duplicate accounts (e.g. let's say the people who ran the website had a record of posting style, punctuation errors commonly made, or other similarities between the accounts which they used to identify the link)?
I understand most subject access requests are made by disgruntled ex-employees against their former employer or dissatisfied customers of a company, and I am not really sure the legislation had free online web forums, run by volunteer individuals in their spare time, in mind!
Many thanks in advance for any information anyone can provide
