PDA

View Full Version : Forum Legal Issues



SteveC
23rd June 2003, 06:39
Hi all,

Just after a bit of info - if you run a large internet forum, what Data Protection rules do you have to abide by?

If someone asks for all info on them, what do you have to give? If the site keeps tabs on members for T&C breaches - does that info have to be given up? What about any emails behind the scenes between moderators and admins etc?

It's a predominantly UK site, but actually hosted in the US.

Just after some legal info if possible thanks!

Gurm
23rd June 2003, 06:53
Given up... to law enforcement, I presume?

If the law enforcement people come a-knockin', give 'em what they ask for.

If the MPAA comes a-callin', tell 'em to get bent or get a warrant.

- Gurm

SteveC
23rd June 2003, 07:00
No I mean to the user. Say I demanded from Ant all info he has on me, does he have to give it to me?

Sasq
23rd June 2003, 07:13
I honestly can't answer that one Steve.

I'm not Ant, and I know he's looked into these issues.

The provider would be forced to comply with the law in their jurisdiction.

I think Gurm may have hit the nail on the head as far as the MPAA goes :D:D:D

If you really wish to demand all info on you, your probably welcome to it. there isn't really any more then the info you provided yourself. (and of course the ip logs)

Dan

VJ
23rd June 2003, 07:17
I would say (under Belgian law) yes... If one is put in a database, he/she has to right to demand all the info that is kept that concerns him/her. I also think one has the right to demand to be removed from the database.

However, to what extent this applies to messages written by the person is something else. Even moreso: when talking about messages about the person (e.g. between 2 moderators: "VJ is really annoying in his posts"(*)) :), I think this is to be considered as private between those two persons. So if I were to ask for my info, I don't think I'd have the right to see that particular message.


Jörg

(*) this is just a sample! :D

Sasq
23rd June 2003, 07:22
Don't worry VJ, we complain about you all the time :D;):D

VJ
23rd June 2003, 07:30
I knew I had a comment like that coming... :nervous:
(it was just the easiest way to explain what I meant without insulting anyone :ermm: )
:D

Jörg

mutz
23rd June 2003, 10:27
I dunno, but I would prefer the forum ask for more bona fides than user name and password before spilling the beans. And then convey the data to the user's confirmed e-mail address with return receipt. Though this may be unnecessary to satisfy the law, it is respectful of the user's privacy.

Sasq
23rd June 2003, 10:31
That would happen mutz. You have no idea how many hoops i make these guys go through for name changes or mergeing of accounts

Helevitia
23rd June 2003, 11:08
Originally posted by SteveC
No I mean to the user. Say I demanded from Ant all info he has on me, does he have to give it to me?

I'd say that all of the information is already provided to you in the form of a "Search". It is publicly accessible by anyone willing to take the time.

Dave

MultimediaMan
23rd June 2003, 11:14
Here in the U.S., they only way you, as a host must divulge information about a user is with a Subpoena.

For the site's protection, I would wait for a Subpoena, that way if someone were to try to sue you, you could (successfully) use the argument that you had no legal alternative as grounds for dismissal.

Case Law in a nutshell is this: The User has no right or expectation of protection of anonymity in a public forum, and all material written or produced by the User can be used against you in a court of law. The User's works are technically covered by copyright and are the property of the User, even if the EULA of the host site says otherwise. (You cannot pre-empt Federal Law, but they try to anyway.)

Lawsuits resulting from divulging information or volunteering personal information without due cause would likely result in a decision in the site's favor because of case law on the matter: However, just because you win in court, doesn't mean your wallet will like you, afterward.

Again, this is U.S. Law. I believe U.S. law would take precedence because the server resides here in the U.S.

Sasq
23rd June 2003, 11:37
Again though, really quite seriously the only information any forum has on you - not just here but all forum software. Is what you provide in you profile. That and your IP address for each post.

Unlike 'gator' the forum doesn't grab any extra information. The only information we have is whats given + standard apache logs etc. And I'm damed if i'm going to go searching through them to find out who your referer is to get here.

Click on a profile button, and thats about all the information that could be supplied that means anything. There are no secret memo fields for users - mostly as most admins wouldn't have time to make comments ;)

things are very much What you see is all there is.

mutz
23rd June 2003, 11:42
WYSIATI

...cool... sounds Japanese :)

SteveC
24th June 2003, 02:25
Thanks for the info folks!

What if the forum kept tabs like I said on individuals which simply consisted of have a table of users with any T&C breaches. Simply so that if there's e.g. a few within a few months then the user is banned?

Should all this info be given up too?

Ant
24th June 2003, 03:47
I'm really not clear on what rules of which country we have to abide by. I live in the UK, the site is hosted on a server in the US and we have users from every corner of the World (and from other planets and alternate realities judging by the posts some of you make!).

My own dealings with any legal issues have been to look at the reality of various legal threats against us for things said on the site. Non of which have amounted to anything more than bullying tactics with no legal basis whatsoever.

My own view is if you are going to collect info on users then you should make that available to them if they request it out of common courtesy. As for making that information available to a third party I simply wouldn't do it, I'd make sure it was all 'accidently' deleted before it could be forcibly obtained.

If you are not willing to make information you collect freely available to users then you should include that in a clear disclaimer during the registration process for said forums.