Heads up to all ManFriday members

[SwearyG]

Our membership list has been leaked online.

Please do what you need to in order to keep yourselves safe.

What really worries me is that this person revealed the data to cause trouble, but what will actually cause more trouble is the implications for ManFriday on the data protection side of things.

The ManFriday folks would be well advised to get an audit of their data that they hold (they have a website for eg if they track IP addresses then that's personal data even if they never text) and put policies in place so that they can show that they have learnt from this.

But what the fuck do I know

There is no way to lock down a list of members in a fb group, regardless of the members individual privacy settings. Yes this is an issue that probably needs addressing, but by fb not MF

Reveal, I'm so not interested in what's you have to say about fb groups and GDPR so your email is going straight in the trash.
I hope Reveal satisfies one of the grounds for processing if she is intending sending out unsolicited emails.

revealingnothingfuckinpersonal

It's time to stop scaremongering. Go and look at how Facebook actually works, you are giving out unhelpful advice.

3 The person who shared the list does not appear to have breached any data protection either. The only material fact made public was the membership of the group, and the public profile data. Their membership of the group would be held to be FB data, and there is no committment anywhere in their terms to treat group memberships as private personal information. It will be covered by their usual caveat that anything you post or do on fb belongs to them and unless you specifically make it private it's fair game. Since group membership cannot be hidden from other members of the group by joining the group you consent to them knowing you are in it.
I have to disagree with you on this point SuperDandy. However legitimately the data was held by FB/the group admin, and however legitimately the leaking member had access to the list of other members, does not give that leaker the right to pass that info to parties outside the group if it had hitherto only been viewable by group members. She or he was processing data without satisfying a legitimate Article 6 GDPR ground for processing and therefore is in breach of GDPR.

The ManFriday folks would be well advised to get an audit of their data that they hold (they have a website for eg if they track IP addresses then that's personal data even if they never text) and put policies in place so that they can show that they have learnt from this.

Unless MF have installed the software to track IP address they do not need a GDPR policy for it. No password or log in is required to access the website so no IP tracker required.

If tgey do hold any data of users/members then i am sure these smart educated women have alreafy put policy in place.

MF have done nothing wrong yet you are intent on showing they have. Why?

However legitimately the data was held by FB/the group admin, and however legitimately the leaking member had access to the list of other members, does not give that leaker the right to pass that info to parties outside the group if it had hitherto only been viewable by group members. She or he was processing data without satisfying a legitimate Article 6 GDPR ground for processing and therefore is in breach of GDPR.

Yes this is what I thought too, I'm not a lawyer and my involvement is not in this type of data but I do work with IG and have read the full legislation and have to work with it. GDPR specifically talks about data controllers and processors needing to take steps to mitigate the possibility of online "jigsaw" identification which could be used to identify someone. It also specifically mentions political campaigning as being ripe for malicious abuse of personal data.

I agree FB groups are a bit of a grey area but I imagine they are covered in some way. Imagine you had a secret medical support group, if you leaked the membership list and locations, workplaces etc online I think there may be consequences because of the sensitive linkage.

Agree it may need a test case to determine this though.

Sounds like the bottom line is whoever did the leaking did it without the members' consent and without any of the grounds for processing applying so she is breaking data protection law.

I have seen the list, I'm sorry that a lot of people's names have been publicly listed with an allegation made against them without evidence but if it's any consolation it's just a first name, last name sometimes followed by a city and in a few cases the place of work. The list does not link any names to their facebook profile addresses.

In many cases this won't be enough to uniquely identify anyone, for example "John Smith, London" (not an actual name on the list) isn't enough as as there will be lots of John Smiths in London.

Cosmic you don’t need to be logged in or give an email address to have your IP address tracked. I said if they are - I don’t know if they are but if they are they need to have a policy.

I think the fb admin liability thing is an interesting debate and will make an interesting case and in my considered opinion groups where there is a fb presence AND an offline presence AND a presence elsewhere on the web AND possible personal communication via other media than fb posts only would be best advised not to rely on merely fb terms and conditions. Would fb messenger be considered like a text message in law or is there a difference between that and a WhatsApp for example? If sent from an official device owned by the organisation as against from a personal phone via downloaded app.

I have an interests in groups that sit in peculiar legal spaces as private or group, online or offline and what the data protection implications are for those groups.

There may be other reasons for police/legal involvement beyond the GDPR regs etc.

Also important to remember the intended purpose of the GDPR regulations is to protect people from abuse of their online presence.

Cosmic you don’t need to be logged in or give an email address to have your IP address tracked. I said if they are - I don’t know if they are but if they are they need to have a policy.

So again you are scaremongering and saying they should do this and could be in trouble for that when you know ZERO about what data if any they have.

I think this goes beyond an interest in groups policy.
You seem intent on bringing MF down.
I ask again why?

RacingSnail there was briefly a more detailed list, now deleted, that had the Facebook profile addresses too. Whoever released that wanted to doxx everyone in that group regardless of whether they were involved in the bust up.

No one can know who had seen it, whether it has been saved elsewhere or whether it will resurface.

I reckon the real issue is not that the MF activists have done anything wrong etc, but the concern that TRAs or MRAs might use that info to cause problems or incite violence.

Clearly whoever released it didn't care about that.

"Clearly whoever released it didn't care about that.?"

No. And if talking about an older woman who happens to be disabled (she isn't even that old - ageist TRAs...) is a hate crime, then I'm quite sure handing the identifiable details of vulnerable/disabled/older/lesbian women over to violent men is a hate crime.

Except neither are.

the irony is I would have written a set of policies and procedures for ManFriday that would have been ironclad and covered their ass going forward - and that was what I meant when I said I would help.
Now, after this, quite frankly they can shove it.

I call bullshit. They can shove it because some random women on the internet disagree with you? You never wanted to help.

Didn't reveal make the same offer of help when Mumsnet had the leak?

Apparently they are the only person in the UK that understands GDPR

As a general rule I think that for a campaigning group focused on a controversial issue to accept the "help" offered by a total random who they know nothing about, especially if that "help" would give the random access to any data they may have, would be a very reckless thing to do. I'm fairly sure that Sweary and the other ManFriday peeps are savvy enough to already know that, but, you know, for those following along with this conversation on whom the "panic now!" might be working.

Revealing - you seem to be wilfully misunderstanding the situation so that you can boast about your credentials.

I’m on that list.

I don’t hold Man Friday or Facebook responsible for sharing my personal information. I hold the duplicitous fuck who shared the list responsible. Most of us in the group have done nothing more than share or comment on relevant gender critical news articles within, what we thought was, a private space where it would not offend sensitive ears.

Thanks to the rat who decided to share the names of those gender critical feminists, many of us will now have to find another way to converse with like minded people using our freedom of speech.

They can’t stop people talking, even if they can stop them talking in certain places. Women feel strongly about this issue and this just galvanises them to take further action.

Scaring women into silence makes those people sharing the list terrrorists. They are using intimidation and fear of potential violence to cause people to change their behaviour to achieve their political aim. That is a far cry from someone using a daft swimming hat to make a political point.

Tweet