UK Data Protetion Act

Started by allotments4all, April 12, 2008, 06:02:28 AM

Previous topic - Next topic



This is a question regarding the data protection act in the UK.

I have an ex member of my forum, who got in a dispute with some other members, which eventually led to them leaving the forum, I deleted the account and all posts made by the member who left as requested.

They have now come back with the following ...

QuoteI have been advised that under the data protection act, it is my right to have data relating to myself deleted.

I will ask you once again.

Remove all data relating to me or my user id '******'.

I do not like being pushed around, so am looking for advice on wether the data protection act is in force on an Internet Forum.

Any views welcome - any precedents very welcome!



I am not a lawyer.

Are you OR your server/host based in the UK?
Are you a corporation/business? (businesses can sometimes be classed as operating in the UK)

If the answer to all three of those is NO, then its not applicable to you (only your local and national laws apply).


KB is more of a lawyer than me however I thought that the data protection act is meant to protect personal data and so would not cover forum posts?

I'd also recommend you add a paragraph to your registration agreement stating that a post cannot be removed (etc) so that you won't encounter anything like this in the future
Former Support Team Lead
                              I recommend:
Namecheap (domains)
Fastmail (e-mail)
Linode (VPS)


Indeed, it only covers personal information.
But what counts as personal isn't always clear. (case law)
The usual stuff like name, address, age, and anything identifiable with that user.

For the most part, I would include a paragraph in the registration agreement about removing posts.


I'm not sure what he/she/it is requesting, if you have already deleted his account and posts then you have fulfilled your obligations.

What more do they want.
Liverpool FC Forum with 14 million+ posts.


If any pieces of personal information were copied/quoted, then it would be viable to request those be removed aswell.

Best idea is to say
"As per your request we have already removed your user account and posts."
If you have any particular/specific issues/matters with anything else, please provide specific links for us to deal with."


Thanks everyone - it is a bit odd, I know the post thread they want deleted, it only refers to the ebay accounts the hold (gives no more details than ebay usernames), domains they have registered, and a link to the whois information for one of the domains.

I'll probably just delete the thread - but I would like to know the legality of the data protection act threat.

My understanding of the data protection act was I would be covered by it if I collected information about people - it does not seem to apply in this instance, and as I said, I don't like being threatened with legal action, especially if it is an empty threat!


linking to the whois info for one of the domains, this is purely a link and the data it links to is not on your website. The Data Protection Act in this case applies to the relationship between the company whose website displays the data and the user. The link itself contains no data that is covered by the Data Protection Act.

The others bits of Data it depends on how the Data was obtained.
If they themselves gave you the data and you are using it within the agreement made at the time, then they can only request removal of incorrect Data.
If the Data is being used for purposes not covered by the agreement made at the time of data being given to you then you are in breach of the Act.


Thanks for all your replies.

I think in this case the act has not been breached, and I need not worry.



Well best of luck with this and in the future.