I've been reading the Mumsnet terms of use.
Aston have definitely breached MN's copyright as they did not ask permission to scrape the data and it is clear in terms of use that permission is required for any use.
Their use of MN data also breaches the privacy policy, which is part of MN data protection under terms of use. I have copied part of this below.
"Our aims and duty of care
We recognise our duty of care with regards to your data and will always endeavour to do the right thing with the personal data you choose to share with us, including: not compromising your anonymity; protecting your privacy; storing your data securely and giving you control over your own data.
Our mission at Mumsnet is to help make parents’ lives easier. We believe that securing your data, preserving your anonymity, protecting your privacy, and giving you control over your data are an important aspect of that mission."
Aston have clearly breached these terms unbeknownst to MN, who I don't blame at all but who I hope, in the interests of their users, will pursue very robust legal remedies including reporting to ICO - any words the Vice Chancellor might want to say simply do not cut it. I find it rather breathtakingly arrogant what he's said so far.
MNHQ is very good at deleting posts or threads where users may be vulnerable or at risk - i.e. giving users control over their own data and protecting privacy - which is very much in line with this privacy policy. I have seen this several times, most notably on threads about serious abuse (which have stayed with me, some of it was utterly horrific). It's one of the great things about MNHQ and what makes this site feel like a community - we all look out for each other and MNHQ is very responsive to users raising safety concerns or asking for deletion of posts.
Aston could well have data scraped before certain sensitive data was deleted - so may well hold very sensitive information that MN themselves have now deleted permanently due to its sensitivity and / or risk to a vulnerable user. Since MN was not informed of the data scraping, there is no way Aston can know which data MN has deleted from their scraped data due to direct request from posters or due to serious safety / privacy concerns.
Of course we don't know when the data scraping was done, nor how often. Which is one of many questions that need an answer.
There is no way in hell this is legal under GDPR. I think it's also illegal under GDPR and DPA 2018 that in general our data was used for a different purpose than we all intended, was listed under MN terms of use, or we could possible envisage. Having scraped, using that data for a range of different research projects, none of which got consent from MN or MN users also illegal for the same reason, IMO. But holding data that MN themselves have deleted as they have judged it is inconsistent with data protection / their privacy policy is a whole other level of illegal. I'm hoping the ICO fine Aston a very very large sum of money at the very least.