I joined the online forum “bikeforums.net” back in 2012, just to be able to read some of the postings on the road bike section.
I didn’t post anything there in my time as a forum member, the community just didn’t interest me much, and they really didn’t seem like the most friendly bunch, but I thought nothing of it really – no skin from my back.
However, over the past ~18 months or so, I started to get really stupid/medically dangerous spam to the address I used to sign up to those forums.
Upon checking the forums, I could see I was not the only one whose site-specific sign-up address was now being spammed. However, the admins on the forum fully stood behind their decision to give the PII for the accounts to their “parent” company for use as a mailing list for dodgy emails, claiming that everyone using the forums had signed up to “promotional” newsletters. Somehow, I don’t think that emails titled “How To Entirely Empty Your Bowels Every Morning – Top Surgeon Explains How” or “Attention! Remove This Toxic Protein From Your Diet” qualify as forum-related newsletters.
Now, with spam emails, it’s considered bad practice to click on the links contained within them or to allow any inline images to load – as this guarantees the leaking of information to the spam source and also guarantees to them that the email address is a valid destination for the spam mails. So, when the forum admins stated “Oh, just click the unsubscribe” link in the mails, that’s definitively not good practice.
The kicker in the situation is that any consent given to join the forum back in 2012 would not have had the correct wording to satisfy GDPR requirements. And, I had no interaction with the forum after the GDPR laws became active, so I could not have given specific consent to that company to share or otherwise allow unknown third parties to use my personally identifiable information.
When I raised the point that their actions were GDPR non-compliant, my concerns were handwaved away, and I continued to receive these spam mails. Recently, I posted back on the forum that I was still receiving the spam emails, and that the problem was one to be fixed by the forum owners.
Their immediate action? To ban the IP I was using (not that they have ever heard of VPNs, and my account on the forum was banned. Not the smartest of people, as that type of action is specifically an offence under the GDPR..
I’ll soon be making a formal complaint to the Irish Data Commissioner about this forum’s actions and parent company’s violations. The parent company does indeed have business interactions with EU entities, so it’ll be interesting to see what happens.
Any more spam emails that I might receive to that sign-up address will just go into the legal folder and used as further evidence of the GDPR violations.
Not the smartest of people really, the bikeforums.net people.