GDPR = Troll Magnet

[Carlos X]

I've always thought that GDPR was, and still is a bad thing in general. GDPR seems to "protect" U.K. users, but in reality, enables lurkers to take advantage of the law. I purchased a large PlayStation forum recently (PS4Forum), e-mailed everyone to remind them that PS4Forum is alive and well. However, one user came to me and asked to delete his account. I did not cave in, because of several reasons. I've seen a few users come back, register a new account all over again to misuse the system.

1. What stops him from coming back and re-complain?
2. What stops him going to another IP address, pretend that he's in U.K. and pretend that he's a new customer?
3. What stops him from pretending to be a new customer from U.K?

Fact 1: This user wasn't intentionally trying to delete his account for "privacy" reasons. He complained to waste my time, mindshare, and waste the resources of ICO, EFF, and any other organization that have the power to put pressure on people and organizations. He went on twitter and posted screencaps of my email exchange. First of all, I never gave you permission to use my name in your screencaps. And I didn't give you permission to use "CarlosX360" in your tweets!
Fact 2: I discovered after banning his account, that he had been trying to get others to register to my networked websites - pretending to be new users, but are actually from European-affiliated homes.
Fact 3: He and other unrelated folks had been re-registered accounts to pretend to be two different things: Pretending to be another person, and pretending to be a new customer from European-affiliated locations.

I banned their accounts, IP discourage, and banned their IP's so that they don't come back and re-troll me again. This highlights why GDPR is dangerous, is a troll magnet, and will eventually hurt legitimate requests.

One final thing: This image proves my entire situation is horrible and should not be laughed at...



GDPR makes people want to sign up and troll ICO, and similar organizations.

 

[Marc]

Just tell them you value security and ask them to send you ID to prove it's theirs.

You're not entitled to delete their account. I have rules stating you must not publish any personal information anywhere (this includes real first & last names, phone numbers, addresses, etc) and that account deletion is solely up to staff. If you disagree with the terms, DO NOT register.

I would delete new accounts who signed up because of him. No point in keeping them if they're not tied to discussions and do not contribute anything to the forum.

Alternatively, renaming the accounts, deactivating them and deleting IPs might work too.

 

[Azareal]

It's a shame that even with Brexit, the GDPR will probably stick due to the impact on UK Law in general, although Brexit is a huge mess in it's own right, just look at the politicians barking lol

Also, GDPR is a EU thing and I would imagine that certain places like Germany would enforce it far more harshly, as they take privacy and all that very seriously, apparently.

And there's no need for pretending or any sort of drama, this bit just distracts from the overall point.
If any user requests something, then you do it, if the law requires it. Regardless of their location.

And yes, the law is unenforceable, but that was the whole point of it, to make it look like the EU is being tough on these evil webmasters and billionaires who are abusing people's private data to make a huge profit.

Just tell them you value security and ask them to send you ID to prove it's theirs.

You're not entitled to delete their account. I have rules stating you must not publish any personal information anywhere (this includes real first & last names, phone numbers, addresses, etc) and that account deletion is solely up to staff. If you disagree with the terms, DO NOT register.

I would delete new accounts who signed up because of him. No point in keeping them if they're not tied to discussions and do not contribute anything to the forum.

Alternatively, renaming the accounts, deactivating them and deleting IPs might work too.

No, it does not.

And quite frankly, if it's just a troll, then deleting their posts will probably have the impact of tossing away a roll of toilet paper. Nothing of value lost.
Fighting against the EU on the other-hand, unless you're hiding your identity and all that, is a fool's errand.

 

[Azareal]

And for the record, there are, in theory, legal grounds to not delete their data, although it probably would have to be hidden away. One of those is holding onto the data in-case law enforcement demands it, also some sites delay for like a month with a grace period, just in case you "change your mind".

 

[Gimgak]

I think you should follow the law unless you want to face the rather strict fines that come with knowingly violating the law. Otherwise you should block access to your forum from the EU and delete any accounts associated with the EU.