Sometimes things need learned the hard way mate. Its called creative justice. Please do inform your users when you will update your privacy notice & "forum rules" to a reasonable legal standard. When do you plan to delete the thread containing my personal data I've requested you to delete now 3 times?

Anyone who missed what was going on here... The purpose of this thread here was to give a demonstration of how ignorant the admin & moderators here are re the GDPR & the DPA 2018. Absolutely stunning to me that the folk running this forum are 100% clueless about the GDPR & DPA and have the gall to be giving anyone "advice" on it & are even arrogant about their professed & demonstrated ignorance of it. Other people elsewhere online even recommend folk come here for advice about their rights which is how I initially came upon it but, realised quickly they've not a clue. They've not a clue what "personal data' is as demonstrated above. They've not a clue about the "right to erasure" either - also demonstrated above. They don't realise I've already made enquiries into their position, including what is written in the "forum rules" re "right to erasure" (right to be forgotten) but, I have. Look at their own privacy notice on this forum, another good example, here's what they've got to say about children: "CHILDREN The Consumer Forums does not differentiate between adults and children in relation to its data use policy, and the same safeguards are applied regardless of age. However we remind parents to be vigilant over their children's use of the Internet, and if they have any concerns about the Consumer Forums.." The GDPR says exactly the opposite of what is written in their privacy notice on this forum. Children are given special protections in the GDPR - Recital 38. Yet the people running this public forum believe they can just make up their own rules & completely disregard the rights of the users of this forum including the reckless disregard of special protections of children's data. If you've come here for help in the past and have found they will not delete your personal data when requested (note: it does not matter if you use a username/online identifier, if the info relates to you and you can be identified by the data by any means its "personal data") - know that they've either lied or at minimum misrepresented the truth to you when they said they do not & cannot delete your personal data. What does the ICO have to say about it? It states clearly on their website, easy to find for anyone & is an easy to understand interpretation of Article 17 of the GDPR. "What should the organisation do? The organisation should delete your data, unless an exemption in data protection law applies (see below). They should also tell anyone else they have shared your data with about the erasure. They can only refuse to do this if it would be impossible or involve disproportionate effort. If you ask, they must also tell you that they have shared your data with other organisations. If your data has been made public online – such as on social networks, forums or websites – then the organisation must take reasonable steps to inform the people with responsibility for these sites to erase links or copies of that data." https://ico.org.uk/for-the-public/your-right-to-get-your-data-deleted/ Again, this is the polar opposite of what is written in the forum rules of this website. 3.1 - 3.4. also, none of the exemptions apply in the link above. There seems to be a fantasy belief by admin that public domain data is exempt from the rights of the data subject. Also, untrue. See the ICO & also here from the DP Network: 6. Public domain data The Right to Erasure also applies to personal data which has been made public in an online environment (‘The Right to be Forgotten’).You need to be ready to take reasonable steps to inform other organisations who are handling the personal data; asking them to erase links to, copies of, or replication of the data. https://dpnetwork.org.uk/managing-erasure-requests/#:~:text=The%20Right%20to%20Erasure%20also,or%20replication%20of%20the%20data. Plus plenty of case law in this regard. The nature of this website is such that some detail which relates to you & makes you identifiable "personal data" must be given in order to explain the situation to receive help. So, that section of the rules is laughable in the face of facts of the GDPR, "personal data" & "rights of erasure". The reality is that in a public forum, you should be able to delete all your own personal data whenever you want of your own accord as you can on Facebook, Twitter & all other large organisations operating forms of public forums. You shouldn't need to ask the admin. Even Steemit, where all data is held on an uneditable blockchain, they have measures to erase your personal data from the public domain. Yet, CAG here thinks they are above the law in this regard. Also, they are of the belief they can edit your personal data here anytime they like & even edit it in such a way to make it look as though you said something that you did not. This is a huge NO. You have a right to object to this sort of processing of your data and also the right of rectification under the GDPR. But, they aren't going to tell you this.. have a look at their privacy notice which should contain, by law, everything regarding your GDPR rights which I have written here. You can withdraw your consent of processing your personal data at anytime after which, as they cannot rely on any of the exemptions in the GDPR, they must rectify or erase your personal data WITHOUT UNDUE DELAY. You can do this in writing, right here on the forum, in a letter or even verbally and they must comply. They have 30 days to comply. Not only that, but, they must take reasonable steps to inform the people with responsibility for other websites to erase links or copies of that data - contrary to what is currently written in their forum rules! If they do not comply, you have the right to seek a court order compelling them to comply with their legal obligations under the GDPR and also to seek material & non-material damages against the data controller. You can do that by first contacting the data controller of this website: Reclaim the Right Ltd. (the irony ) Marc Brooke Gander 262 Uxbridge Road Hatch End England HA5 4HS Put him on notice that you wish to exercise your rights under the GDPR & perhaps you already have done that by making requests on this forum. If you have already made a request on this forum for personal data to be removed & they have not complied with your request after 30 days they are now in breach of the DPA & GDPR. If he does not comply, you can send a Letter Before Action following pre-action protocol in England and then proceed to file a claim against him in court. The admin will probably delete this post informing you of how to exercise your rights ironically, but, I've already made a copy of this thread (and many others relating) and if this post is edited or deleted, I will post the details elsewhere on the internet so people will be aware of how they can exercise their rights under GDPR against Reclaim the Right Ltd.

Check your email Admin.

I've had more of a look into this. Its nothing to do with or akin to "buyer's regret". Its clear in the GDPR articles. There are 6 categories of "lawful basis" for processing. Contract, consent, vital interest, legitimate interest, legal obligation or public task. Right of erasure applies to personal data processed on the lawful basis of consent which is what you called "freely given". Article 7 (Conditions of consent). 3. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent. Further, in Article 17 (Right to erasure) controller is obligated to erase personal data upon request by the data subject without undue delay. Article 17. 1(b) if the data subject withdraws consent. Not only that, but, it goes further and states at 2. "Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data." https://www.legislation.gov.uk/eur/2016/679/article/17 Its fairly clear cut. Personal data "freely given" in any way, shape, or form is by consent & that consent can be withdrawn at any time & data subjects personal data must be erased without undue delay by the data controller. They've been asked twice to remove it & by not complying they've breached the DPA & GDPR. Looks like I have recourse to report to ICO and apply to get a court order if they continue not to comply plus compensation if I can prove material or non-material damages. The cheeky gits are using my personal data for SEO purposes too. ICO & Letter before action time then I guess.

Good call. I've already assessed a few articles. (About 35 of them) Some of them, I think ICO would say you need to erase all info that relates and is identifiable to the author but, the rest of the article can remain but, many of the articles, the whole lot needs to go. I don't think it needs to be "directly identifying" though. See here even if "anonymised": What about anonymised data? The UK GDPR does not apply to personal data that has been anonymised. Recital 26 explains that: “…The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes.” This means that personal data that has been anonymised is not subject to the UK GDPR. Anonymisation can therefore be a method of limiting your risk and a benefit to data subjects too. Anonymising data wherever possible is therefore encouraged. However, you should exercise caution when attempting to anonymise personal data. Organisations frequently refer to personal data sets as having been ‘anonymised’ when, in fact, this is not the case. You should therefore ensure that any treatments or approaches you take truly anonymise personal data. There is a clear risk that you may disregard the terms of the UK GDPR in the mistaken belief that you are not processing personal data. In order to be truly anonymised under the UK GDPR, you must strip personal data of sufficient elements that mean the individual can no longer be identified. However, if you could at any point use any reasonably available means to re-identify the individuals to which the data refers, that data will not have been effectively anonymised but will have merely been pseudonymised. This means that despite your attempt at anonymisation you will continue to be processing personal data. You should also note that when you do anonymise personal data, you are still processing the data at that point." What is personal data? ICO.ORG.UK Going by this I think I can recognise what is reasonable to request via right of erasure, no? If they want to keep the non-identifiable info that doesn't specifically relate to me they can but, otherwise, not. Seem a correct assumption?

Thanks. Good idea. Whereabouts is the portal? From what I've gleaned, I don't really think whether its been "freely provided" creates any issue over whether its "personal data" or not. Ie. Health information given in a GP's medical history questionnaire is "freely provided" but, doesn't make it exempt from being considered as "personal data". I just don't see anywhere where there is a distinction between "freely provided" or otherwise?

That's part of what I'm trying to nail down. Going by this definition from the ICO website - “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”. Some have my full name attached. - Some do not. Many are articles I wrote that are minutes of meetings but, they contain quite a bit personal analysis as it relates to the community and also as it relates to my personal circumstances in the community. Also, some without my name relate to me and I could be identified from the contents of the article. Although many articles I wrote are published without my name and shows the group's name (pseudonymisation) as the author, many of them still contain identifiable information/data within the articles that relates to me which still makes it personal data. "Pseudonymising personal data can reduce the risks to the data subjects and help you meet your data protection obligations. However, pseudonymisation is effectively only a security measure. It does not change the status of the data as personal data. Recital 26 makes it clear that pseudonymised personal data remains personal data and within the scope of the UK GDPR." What is personal data? | ICO I might not be so miffed but, they continue to use quotes from my articles in their website documents & items on social media that contain my personal data. I want them also to stop processing/using it.

It seems to be "personal data". What is personal data? | ICO I looked also at what reasons they could refuse my request. The closest I found they could use as an excuse is if they have legitimate reasons to still retain or process the data but, that looks unlikely. Even though I left long ago, they still use quotes from my articles in recent pieces they publish on the website and social media and full articles remain on the website.

Sorry, not sure what you mean by that exactly. It was a community group website to oppose certain local developments. Anyone who was in the group could write articles there.

Withdrew consent for a website to use some articles I contributed as I disagreed with some things they did later on. I asked them to remove the material, and they completely ignored it. According to the ICO website regarding the "right to erasure" they should have removed it straightaway, no? How do I sort it out? ICO?