Original Post — Direct link
17 days ago - /u/ModMatK - Direct link

Originally posted by TwoMarc

I am a barrister and at no point in my life have the Met Police ever replied to an SAR in 30 days. The law is very idealistic.

I am also unsure what they would have to provide aside from his card payment details. I’d be very interested to hear from someone who knows for sure what the overlap is with personal data/virtual data.

The interesting bit is that if an account can be associated with someone's personal details, any email (or chain) or slack message which mentions that account name should be supplied under the act. They have to show all information (not just personal information), although certain types of information can be redacted.

17 days ago - /u/ModMatK - Direct link

Originally posted by And_Justice

This is an interesting insight. I didn't realise it chained like that but I suppose it makes sense when you think about it.

Does Jagex have provision to supply such internal information, though? I work in software support (for a rental software provider in the east mids) and we never went to the lengths of redesigning systems to be able to retrieve internal comms about an individual if they requested information under GDPR, just "official" records

Like every other company, it will probably be a pain in the arse for them to do it.

17 days ago - /u/ModMatK - Direct link

Originally posted by FifaKillsMySoul

I've done some projects on GDPR and I'm pretty sure it doesn't cover much more than the data where you - the actual you - or your personal information are referenced. The most common use of SAR is say against a bank where you've had a complaint with someone in a call centre; you'd get quite a lot back because the 'personally identifiable information' includes stuff like calls where you've had to verify your identity (plus it has your voice - of you the individual speaking), all your banking documents, statements, etc.

A game might not be covered, and especially in this context because it's a reference to your avatar. I'm pretty sure businesses also have some rights (in the UK) that protect trade secrets, so not a chance you could ask for detailed descriptions or evidence about how you were detected for breaking rules because that could be distributed and help people break further rules, create smarter bots, etc.

I wouldn't expect him to get any game data, but there could be information in any emails discussing the topic.

17 days ago - /u/ModMatK - Direct link

Originally posted by MopManMoss

Would Jagex really need to comply with the Data Protection Act 2018 in relation to an American citizen?

Yeah, I'm not sure either. But I would imagine the DPA applies to all data held, not just data held of British national.

16 days ago - /u/ModMatK - Direct link

Originally posted by Xaosia

^ This. They're owned by The Carlyle Group.

They're registered and operate within the UK

16 days ago - /u/ModMatK - Direct link

Originally posted by invkts

Just wanted to let you know I appreciate everything you've done for the game :).

You are a swell guy.

thanks buddy