You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Joe Acquisto-j4 <jo...@j4computers.com> on 2018/11/19 03:19:56 UTC
semi-OT - reporting an organization that ignores unsubscribe
requests
Gents,
I somehow became subscribed to a list, political in nature, in whose mail I have no interest. This is a legitimate AFAIK, US organization.
Thus far, several uses of their unsubscribe link had not provided relief. Direct email to the founder and operations manager seem to have been ignored as well.
While I can just dump their mail, it offends my finely hones sense of propriety, justice and my all around good nature. Besides, it hoses me off.
So, is there some "authority" to which I can report these a**holes? that might have an effect?
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by Bob Proulx <bo...@proulx.com>.
Benny Pedersen wrote:
> Kevin Miller wrote:
> > My particular favorite fix is, if the mail list has a web preferences
> > page, to go to there and edit the preferences then set the email address
> > to postmaster@localhost. Now it's their problem. <g>
>
> If thay test fqdn it Will be your problem
> :)
I have often done similar by sending the email to nobody@theirdomain
where theirdomain is the sites fqdn. I am often surprised at how
often it is rejected as already in use by another account! Someone
else has beat me to it!
Bob
RE: semi-OT - reporting an organization that ignores unsubscribe requests
Posted by Benny Pedersen <me...@junc.eu>.
On 21. november 2018 01.32.37 Kevin Miller <ke...@juneau.org>
> My particular favorite fix is, if the mail list has a web preferences page,
> to go to there and edit the preferences then set the email address to
> postmaster@localhost. Now it's their problem. <g>
If thay test fqdn it Will be your problem
:)
RE: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by Kevin Miller <ke...@juneau.org>.
No worries. Someone with a similar issue will search for a solution someday, and have one at hand. :-)
My particular favorite fix is, if the mail list has a web preferences page, to go to there and edit the preferences then set the email address to postmaster@localhost. Now it's their problem. <g>
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357
-----Original Message-----
From: Joe Acquisto-j4 [mailto:joea@j4computers.com]
Sent: Tuesday, November 20, 2018 10:43 AM
To: users@spamassassin.apache.org
Subject: Re: semi-OT - reporting an organization that ignores unsubscribe requests
>>> On 11/19/2018 at 4:35 PM, in message
<c8...@apache.org>, "Kevin A. McGrail"
<km...@apache.org> wrote:
> On 11/18/2018 10:19 PM, Joe Acquisto-j4 wrote:
>> So, is there some "authority" to which I can report these a**holes? that
> might have an effect?
> I would say some blacklists might be interested. I certainly list
> emails based on consent.
Ever have one of those days where you wish you had never raised your hand in class? Seems I may have maligned this un named organization.
For legacy reasons I have two email accounts with similar domains aggregated into one. Short story, I was un-subscribing the wrong one.
Still, they could, perhaps, have done a quick check against their subscriber list, instead of reporting it as successfully unsubscribed.
See, there is always a way to make it someone else's fault.
Sorry for the wasted time.
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by "Kevin A. McGrail" <km...@apache.org>.
On 11/20/2018 2:43 PM, Joe Acquisto-j4 wrote:
> Seems I may have maligned this un named organization.
Other than maligning their cosmic karma, not really sure asking about
how to gritch about them but not actually doing anything does any real
harm :-)
--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
Re: semi-OT - reporting an organization that ignores
unsubscribe requests
Posted by Joe Acquisto-j4 <jo...@j4computers.com>.
>>> On 11/19/2018 at 4:35 PM, in message
<c8...@apache.org>, "Kevin A. McGrail"
<km...@apache.org> wrote:
> On 11/18/2018 10:19 PM, Joe Acquisto-j4 wrote:
>> So, is there some "authority" to which I can report these a**holes? that
> might have an effect?
> I would say some blacklists might be interested. I certainly list
> emails based on consent.
Ever have one of those days where you wish you had never raised your hand in class? Seems I may have maligned this un named organization.
For legacy reasons I have two email accounts with similar domains aggregated into one. Short story, I was un-subscribing the wrong one.
Still, they could, perhaps, have done a quick check against their subscriber list, instead of reporting it as successfully unsubscribed.
See, there is always a way to make it someone else's fault.
Sorry for the wasted time.
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by "Kevin A. McGrail" <km...@apache.org>.
On 11/18/2018 10:19 PM, Joe Acquisto-j4 wrote:
> So, is there some "authority" to which I can report these a**holes? that might have an effect?
I would say some blacklists might be interested. I certainly list
emails based on consent.
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by Pedro David Marco <pe...@yahoo.com>.
In Europe according to GDPR that would probably lead to an epic fine....
On Monday, November 19, 2018, 4:35:56 PM GMT+1, Bill Cole <sa...@billmail.scconsult.com> wrote:
>Short answer: No.
>
>Political and charitable entities are not governed by the main anti-spam
>law in the US (known as "CAN-SPAM") on the theory that if they were not,
<they could invalidate the whole law on constitutional grounds. CAN-SPAM
>only governs *commercial* email, which has weaker legal protection from
>government regulation than does political speech or straight
>solicitations for charity.
----PedroD
Re: semi-OT - reporting an organization that ignores unsubscribe requests
Posted by Rupert Gallagher <ru...@protonmail.com>.
Spam is income for those who sell it, a cost for those who buy it, and a liability for those who receive it. Thousands of junk and weaponized messages try their luck while wasting our resources. It is not by accident that we have anti-spam laws. Our unpaid job is to reject spam efficiently. Sometimes you cannot reject it, because sent properly, by someone you can identify, and it falls within your legal reach. That's when you file a complaint to the ombudsman and cash in a small reward for the inconvenience. Laws are there for us, not against us.
On Tue, Nov 20, 2018 at 11:36, Martin Gregorie <ma...@gregorie.org> wrote:
> On 18 Nov 2018, at 22:19, Joe Acquisto-j4 wrote:
>>
>> > Gents,
>> >
>> > I somehow became subscribed to a list, political in nature, in
>> > whose mail I have no interest. This is a legitimate AFAIK, US
>> > organization.
>> >
> I just auto-bin this stuff if their 'unsubscribe' link doesn't work.
> Emirates, the well-known airline, is the latest outfit to get this
> treatment here.
>
> However, given the recently mentioned US freedoms of political speech,
> why can't you simply exercise your freedoms by reflecting it back to
> the mailing list unseen but with a polite note added to the the body in
> big caps saying something along the lines of:
>
> "I tried to unsubscribe from your list but that doesn't work, so here's
> your unwanted mail back. Kindly take me off your list".
>
> I don't see how that could be twisted into offensive speech, but it
> just might embarrass their mailadmin into taking you off the list.
>
> Martin
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by Martin Gregorie <ma...@gregorie.org>.
On 18 Nov 2018, at 22:19, Joe Acquisto-j4 wrote:
>
> > Gents,
> >
> > I somehow became subscribed to a list, political in nature, in
> > whose mail I have no interest. This is a legitimate AFAIK, US
> > organization.
> >
I just auto-bin this stuff if their 'unsubscribe' link doesn't work.
Emirates, the well-known airline, is the latest outfit to get this
treatment here.
However, given the recently mentioned US freedoms of political speech,
why can't you simply exercise your freedoms by reflecting it back to
the mailing list unseen but with a polite note added to the the body in
big caps saying something along the lines of:
"I tried to unsubscribe from your list but that doesn't work, so here's
your unwanted mail back. Kindly take me off your list".
I don't see how that could be twisted into offensive speech, but it
just might embarrass their mailadmin into taking you off the list.
Martin
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 18 Nov 2018, at 22:19, Joe Acquisto-j4 wrote:
> Gents,
>
> I somehow became subscribed to a list, political in nature, in whose
> mail I have no interest. This is a legitimate AFAIK, US organization.
>
> Thus far, several uses of their unsubscribe link had not provided
> relief. Direct email to the founder and operations manager seem to
> have been ignored as well.
>
> While I can just dump their mail, it offends my finely hones sense of
> propriety, justice and my all around good nature. Besides, it hoses
> me off.
>
> So, is there some "authority" to which I can report these a**holes?
> that might have an effect?
Short answer: No.
Political and charitable entities are not governed by the main anti-spam
law in the US (known as "CAN-SPAM") on the theory that if they were not,
they could invalidate the whole law on constitutional grounds. CAN-SPAM
only governs *commercial* email, which has weaker legal protection from
government regulation than does political speech or straight
solicitations for charity.
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by "Anne P. Mitchell, Esq." <am...@isipp.com>.
>
> Gents,
Ahem. ;-)
>
> I somehow became subscribed to a list, political in nature, in whose mail I have no interest. This is a legitimate AFAIK, US organization.
>
> Thus far, several uses of their unsubscribe link had not provided relief. Direct email to the founder and operations manager seem to have been ignored as well.
>
> While I can just dump their mail, it offends my finely hones sense of propriety, justice and my all around good nature. Besides, it hoses me off.
>
> So, is there some "authority" to which I can report these a**holes? that might have an effect?
Speaking as someone who actually wrote part of the U.S. anti-spam law (of which I'm the first to say that it is pathetic and anemic (except of course, the part that I wrote ;-) )...I can say categorically that political email is exempt from most Federal law relating to email, email marketing, etc..
But THAT said, a word to their provider can (and sometimes does) still have the desired (individual) effect, because providers care about their IP space reputation (more so than most political campaigns).
Anne
Anne P. Mitchell,
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by "Anne P. Mitchell, Esq." <am...@isipp.com>.
> The email address is an address, part of your personally identifiable data. If an identifiable entity in the US sends mass mail to European addresses, then they must have a representative in Europe and comply with the GDPR.
I somehow missed that John is in the U.K., and actually re-reading his email suggests that he may be in Canada ("hoses me off" ;-) )... John, if you are in Canada than this may fall under CASL, in which case you can report the email here:
http://fightspam.gc.ca/eic/site/030.nsf/eng/h_00017.html
If you are, in fact, in the EU, then by all means I'd go the route of invoking GDPR. Many (if not most..sigh) entities in the U.S. believe that they don't have to worry or care about GDPR..however the language in GDPR that says, in essence, "we will go after anybody anywhere in the world who violates GDPR" coupled with the private right of action suggests that you'd at least have a shot. The reason that political spam is exempted in the U.S. is because of the 1st Amendment..which of course does not apply outside the U.S.. ;-)
Anne
Anne P. Mitchell,
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop
>
>
> On Tue, Nov 20, 2018 at 17:03, John Hardin <jh...@impsec.org> wrote:
>> On Tue, 20 Nov 2018, Rupert Gallagher wrote:
>>
>> > Yes, if you are European, and might get some money as compensation.
>>
>> From a US political advocacy group which has no commercial presence in EU?
>> How does GDPR apply in that situation?
>>
>> > On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 <jo...@j4computers.com> wrote:
>> >
>> >> Gents,
>> >>
>> >> I somehow became subscribed to a list, political in nature, in whose mail I have no interest. This is a legitimate AFAIK, US organization.
>> >>
>> >> Thus far, several uses of their unsubscribe link had not provided relief. Direct email to the founder and operations manager seem to have been ignored as well.
>> >>
>> >> While I can just dump their mail, it offends my finely hones sense of propriety, justice and my all around good nature. Besides, it hoses me off.
>> >>
>> >> So, is there some "authority" to which I can report these a**holes? that might have an effect?
>>
>> --
>> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
>> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
>> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
>> -----------------------------------------------------------------------
>> The world has enough Mouse Clicking System Engineers.
>> -- Dave Pooser
>> -----------------------------------------------------------------------
>> 600 days since the first commercial re-flight of an orbital booster (SpaceX)
>
>
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by John Hardin <jh...@impsec.org>.
On Wed, 21 Nov 2018, Rupert Gallagher wrote:
> On Wed, Nov 21, 2018 at 03:41, John Hardin <jh...@impsec.org> wrote:
>
>> On Tue, 20 Nov 2018, Rupert Gallagher wrote:
>>
>>> The email address is an address, part of your personally identifiable
>>> data.
>>
>> I'm not disputing that. I write software that deals with PII in my day job.
>>
>>> If an identifiable entity in the US sends mass mail to European
>>> addresses, then they must have a representative in Europe and comply
>>> with the GDPR.
>>
>> (1) how do you *force* someone in the US to have a representative in
>> Europe?
>
> You file a complaint with your national ombudsman. In your case, stress
> the fact that they are processing political data in addition to common
> data. Do not expect immediate termination of spam. The ombudsman will
> proceed to verify the facts, identify the parties involved, check
> compliance claims, and enforce the EU-US bilateral agreement.
see the discussion of the bilateral agreement below.
> In the end, the spammers
Point of order: we're not talking about spammers per se, we're talking
about a legitimate US-only organization (NOT necessarily a business) that
is sending email to an EU correspondant, possibly at that person's
automatically-processed request (e.g. by subscribing to a mailing list).
> will most likely refuse to appoint an EU representative,
Why would the organization do so, if their only interest is in the US?
> and the EU will shut down their website.
If the organization has no presence in the EU, and the website is not
hosted in the EU, *how*? The EU is *not* the World Government and Ultimate
Internet Regulatory Authority.
>> (2) if they do no business in the EU, and do not have any presence in the
>> EU (sending email to addresses in the EU is not "having a presence in the
>> EU"), how are they subject to fines for violating the law in the EU?
>>
>> If, for example, I - a private, non-commercial entity - hosted a mailing
>> list on my private server (which I have done in the past), and someone in
>> the EU subscribed and posted to that list and their email address was
>> captured in the list archives, and they later unsubscribed and asked for
>> their email address to be removed from the list archives, and I (for
>> whatever reason) did not do so, *how* would an EU court levy fines against
>> me?
>>
>> The US is not a signatory to the GDPR as far as I am aware, and I have
>> *no* legal presence outside the US.
>
> The US signed a bilateral agreement with the EU:
> https://www.privacyshield.gov/
By my quick reading:
(1) that only applies to businesses and (apparently) common carriers - I
don't see any suggestion that something like a domestic political advocacy
group would be affected (I'm presuming that since such is not a commercial
entity or common carrier they are not subject to the jurisdiction of the
FTC or DOT), and certainly not a private citizen acting on their own
behalf (like in my mailing list hypothetical above).
(2) it is a *voluntary* framework for assuring your customers you abide by
requirements aligned with the GDPR, with certification by a third party
that you do so.
(3) it only provides for punishment of companies that have *voluntarily*
enrolled and don't actually implement the required controls, which is
punished as "deceptive advertising" (i.e. claiming to protect your
privacy but not actually doing so); there are fines, but apparently there
is no provision for the *huge* fines that GDPR threatens, and I see no
provision for "shutting down a website" (though that may be dragged in
via other FTC regulations related to deceptive advertising). If a company
persistently violates the terms of their enrollment they will be removed
from the program.
So: that does not appear to apply at all to me as a private citizen
running a mailing list, and *probably* does not apply to purely-US
non-business entities (e.g. a political advocacy organization) that have
not applied for membership in the program so that they can publicly claim
to be protecting your privacy under a framework similar to the GDPR.
>
>>> On Tue, Nov 20, 2018 at 17:03, John Hardin <jh...@impsec.org> wrote:
>>>
>>>> On Tue, 20 Nov 2018, Rupert Gallagher wrote:
>>>>
>>>>> Yes, if you are European, and might get some money as compensation.
>>>>
>>>> From a US political advocacy group which has no commercial presence in EU?
>>>> How does GDPR apply in that situation?
>>>>
>>>>> On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 <jo...@j4computers.com> wrote:
>>>>>
>>>>>> Gents,
>>>>>>
>>>>>> I somehow became subscribed to a list, political in nature, in whose mail I have no interest. This is a legitimate AFAIK, US organization.
>>>>>>
>>>>>> Thus far, several uses of their unsubscribe link had not provided relief. Direct email to the founder and operations manager seem to have been ignored as well.
>>>>>>
>>>>>> While I can just dump their mail, it offends my finely hones sense of propriety, justice and my all around good nature. Besides, it hoses me off.
>>>>>>
>>>>>> So, is there some "authority" to which I can report these a**holes? that might have an effect?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Vista: because the audio experience is *far* more important than
network throughput.
-----------------------------------------------------------------------
601 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by "Anne P. Mitchell, Esq." <am...@isipp.com>.
>
> I don't want to weigh in on the perceived worth of your signature, but
> are you aware of the signature convention that has been around for
> decades? It is mentioned in RFC 3676 and many other places:
>
> There is a long-standing convention in Usenet news which also commonly
> appears in Internet mail of using "-- " as the separator line between
> the body and the signature of a message.
>
> (https://tools.ietf.org/html/rfc3676#section-4.3)
>
> If you prefix your signature with DASH DASH SPACE, smart MUAs will
> either show the signature in muted colours, in a collapsed state, or by
> other means of making it less intrusive.
That's odd...until you mentioned it I wasn't aware that my MUA was *not* including that!...let me see if I can figure out why it isn't. Thank you!
Anne
(suppressing .sig for now)
Re: semi-OT - reporting an organization that ignores unsubscribe requests
Posted by Ralph Seichter <m1...@monksofcool.net>.
* Anne P. Mitchell:
> I have found that establishing my expertise and authority up front
> tends to ward off lengthy discussions that take up way more mailing
> list bandwidth than the signature.
I don't want to weigh in on the perceived worth of your signature, but
are you aware of the signature convention that has been around for
decades? It is mentioned in RFC 3676 and many other places:
There is a long-standing convention in Usenet news which also commonly
appears in Internet mail of using "-- " as the separator line between
the body and the signature of a message.
(https://tools.ietf.org/html/rfc3676#section-4.3)
If you prefix your signature with DASH DASH SPACE, smart MUAs will
either show the signature in muted colours, in a collapsed state, or by
other means of making it less intrusive.
-Ralph
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by "Anne P. Mitchell, Esq." <am...@isipp.com>.
> On Nov 24, 2018, at 4:25 PM, @lbutlr <kr...@kreme.com> wrote:
>
> This is a very excessive signature block. I’m glad your proud of your resume, but inflicting itnon a mailing list with every post is a bit much.
It's not a matter of pride, and I generally don't disagree with you...however when discussing things actually having to do with the law, I have found that establishing my expertise and authority up front tends to ward off lengthy discussions that take up way more mailing list bandwidth than the signature.
Much like this email, really.
Anne
Anne P. Mitchell,
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop
Re: semi-OT - reporting an organization that ignores unsubscribe requests
Posted by "@lbutlr" <kr...@kreme.com>.
This is a very excessive signature block. I’m glad your proud of your resume, but inflicting itnon a mailing list with every post is a bit much.
On Nov 21, 2018, at 12:39, Anne P. Mitchell, Esq. <am...@isipp.com> wrote:
> Anne P. Mitchell,
> Attorney at Law
> GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant
> CEO/President, Institute for Social Internet Public Policy
> Board of Directors, Denver Internet Exchange
> Board of Directors, Asilomar Microcomputer Workshop
> Legal Counsel: The CyberGreen Institute
> Legal Counsel: The Earth Law Center
> California Bar Association
> Cal. Bar Cyberspace Law Committee
> Colorado Cyber Committee
> Ret. Professor of Law, Lincoln Law School of San Jose
> Ret. Chair, Asilomar Microcomputer Workshop
Re: semi-OT - reporting an organization that ignores unsubscribe requests
Posted by Rupert Gallagher <ru...@protonmail.com>.
The "right to be forgotten" is the natural outcome of three decades of self-inflicted pain. Some argue that deleting old e-mails is like re-writing history. Other, like me, argue that e-mail was born as an informal medium, different than, for example, a published book or factual evidence of a genocide. I contend that e-mail can only be included as evidence in court if the forensics are both sound and complete, because (most) e-mails can be easily fabricated. Would you like to be convicted by a fake e-mail? I guess not. Also, many of those "archives" have no legal or commercial value. They are not a book you can re-sell. Granted that, there are people who committed suicide out of shame, because they were the object of defamation or cyberbullying, things that move almost no one, until it happens to their children. A number of lawyers in the EU just couldn't pass by without taking notice. Both the US and the UN at some point will follow up, and make the world a better place.
On Wed, Nov 21, 2018 at 20:39, Anne P. Mitchell, Esq. <am...@isipp.com> wrote
>> On Nov 21, 2018, at 12:03 PM, Bill Cole <sa...@billmail.scconsult.com> wrote:
>>
>> On 21 Nov 2018, at 13:03, Anne P. Mitchell, Esq. wrote:
>>
>>> Except for the private right of action provided in GDPR, and small claims court in the U.S.
>>
>> Are you saying an EU law can create an actionable civil tort claim in a US state small claims court for actions which are not illegal under any US state or federal law?
>
> No, I'm saying that anybody can sue anybody for anything in the U.S., and it's extremely easy to file an action in small claims court. It wouldn't even have to be, technically, 'under' GDPR (as you mention, there is always tort) - but GDPR would be the hook that they would use, and the authority (note I said authority, not law) they would cite.
>
> That said, I think it's much more likely that the lawsuits already filed against Google and Facebook by Max Schrems will be ones to test the jurisdiction/enforcement issues.
>
> Anne
>
> Anne P. Mitchell,
> Attorney at Law
> GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant
> CEO/President, Institute for Social Internet Public Policy
> Board of Directors, Denver Internet Exchange
> Board of Directors, Asilomar Microcomputer Workshop
> Legal Counsel: The CyberGreen Institute
> Legal Counsel: The Earth Law Center
> California Bar Association
> Cal. Bar Cyberspace Law Committee
> Colorado Cyber Committee
> Ret. Professor of Law, Lincoln Law School of San Jose
> Ret. Chair, Asilomar Microcomputer Workshop
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by "Anne P. Mitchell, Esq." <am...@isipp.com>.
> On Nov 21, 2018, at 12:03 PM, Bill Cole <sa...@billmail.scconsult.com> wrote:
>
> On 21 Nov 2018, at 13:03, Anne P. Mitchell, Esq. wrote:
>
>> Except for the private right of action provided in GDPR, and small claims court in the U.S.
>
> Are you saying an EU law can create an actionable civil tort claim in a US state small claims court for actions which are not illegal under any US state or federal law?
No, I'm saying that anybody can sue anybody for anything in the U.S., and it's extremely easy to file an action in small claims court. It wouldn't even have to be, technically, 'under' GDPR (as you mention, there is always tort) - but GDPR would be the hook that they would use, and the authority (note I said authority, not law) they would cite.
That said, I think it's much more likely that the lawsuits already filed against Google and Facebook by Max Schrems will be ones to test the jurisdiction/enforcement issues.
Anne
Anne P. Mitchell,
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 21 Nov 2018, at 13:03, Anne P. Mitchell, Esq. wrote:
> Except for the private right of action provided in GDPR, and small
> claims court in the U.S.
Are you saying an EU law can create an actionable civil tort claim in a
US state small claims court for actions which are not illegal under any
US state or federal law?
That would be novel... have there actually been successful cases?
--
Bill Cole
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by "Anne P. Mitchell, Esq." <am...@isipp.com>.
P.S. I should have added: the whole jurisdiction issue is, clinically speaking, one of the most interesting parts of GDPR. I've never seen a law that so broadly asserted that the country or union from which the law was promulgated will enforce it anywhere and everywhere - it's pretty damned gutsy. It will almost certainly be sorted out through lawsuits, and that will definitely be popcorn time.
> On Nov 21, 2018, at 11:03 AM, Anne P. Mitchell, Esq. <am...@isipp.com> wrote:
>
>
>
>> On Nov 21, 2018, at 8:48 AM, Bill Cole <sa...@billmail.scconsult.com> wrote:
>>
>> There is no reason for anyone without a commercial presence in the EU or CH to be concerned with GDPR.
>
> Except for the private right of action provided in GDPR, and small claims court in the U.S.
>
> And, for entities that spam enough people "in the EU" (for our analysis/explanation of that, along with why U.S. companies should comply with GDPR, see here: https://www.isipp.com/resources/how-email-marketing-must-comply-with-the-eu-general-data-protection-regulation-gdpr/ NB: GDPR does not state anywhere that it applies to EU residents or citizens, only the vague and ambiguous "in the EU") the language in GDPR that states they will go after anyone, anywhere in the world.
>
> Anne
>
> Anne P. Mitchell,
> Attorney at Law
> GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant
> CEO/President, Institute for Social Internet Public Policy
> Board of Directors, Denver Internet Exchange
> Board of Directors, Asilomar Microcomputer Workshop
> Legal Counsel: The CyberGreen Institute
> Legal Counsel: The Earth Law Center
> California Bar Association
> Cal. Bar Cyberspace Law Committee
> Colorado Cyber Committee
> Ret. Professor of Law, Lincoln Law School of San Jose
> Ret. Chair, Asilomar Microcomputer Workshop
>
>
>
>
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by "Anne P. Mitchell, Esq." <am...@isipp.com>.
> On Nov 21, 2018, at 8:48 AM, Bill Cole <sa...@billmail.scconsult.com> wrote:
>
> There is no reason for anyone without a commercial presence in the EU or CH to be concerned with GDPR.
Except for the private right of action provided in GDPR, and small claims court in the U.S.
And, for entities that spam enough people "in the EU" (for our analysis/explanation of that, along with why U.S. companies should comply with GDPR, see here: https://www.isipp.com/resources/how-email-marketing-must-comply-with-the-eu-general-data-protection-regulation-gdpr/ NB: GDPR does not state anywhere that it applies to EU residents or citizens, only the vague and ambiguous "in the EU") the language in GDPR that states they will go after anyone, anywhere in the world.
Anne
Anne P. Mitchell,
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 21 Nov 2018, at 9:03, Rupert Gallagher wrote:
> On Wed, Nov 21, 2018 at 03:41, John Hardin <jh...@impsec.org> wrote:
[...]
>> The US is not a signatory to the GDPR as far as I am aware, and I
>> have
>> *no* legal presence outside the US.
>
>>
>
> The US signed a bilateral agreement with the EU:
> https://www.privacyshield.gov/
It's widely misunderstood how hard it is for the US government to
enforce the laws of other countries on US people and companies.
Participation in Privacy Shield is an entirely voluntary program and the
only punishment for a self-certifying entity that claims to be complying
is that if the FTC determines that they persist in non-compliance, they
are removed from the list of complying entities and added to a list of
persistent non-compliers. Beyond that, the only punishment would be if
they continue to claim participation in Privacy Shield (i.e. simple
fraud.)
There is no reason for anyone without a commercial presence in the EU or
CH to be concerned with GDPR.
Re: semi-OT - reporting an organization that ignores unsubscribe requests
Posted by Rupert Gallagher <ru...@protonmail.com>.
On Wed, Nov 21, 2018 at 03:41, John Hardin <jh...@impsec.org> wrote:
> On Tue, 20 Nov 2018, Rupert Gallagher wrote:
>
>> The email address is an address, part of your personally identifiable
>> data.
>
> I'm not disputing that. I write software that deals with PII in my day job.
>
>> If an identifiable entity in the US sends mass mail to European
>> addresses, then they must have a representative in Europe and comply
>> with the GDPR.
>
> (1) how do you *force* someone in the US to have a representative in
> Europe?
> You file a complaint with your national ombudsman. In your case, stress the fact that they are processing political data in addition to common data. Do not expect immediate termination of spam. The ombudsman will proceed to verify the facts, identify the parties involved, check compliance claims, and enforce the EU-US bilateral agreement. In the end, the spammers will most likely refuse to appoint an EU representative, and the EU will shut down their website.
> (2) if they do no business in the EU, and do not have any presence in the
> EU (sending email to addresses in the EU is not "having a presence in the
> EU"), how are they subject to fines for violating the law in the EU?
>
> If, for example, I - a private, non-commercial entity - hosted a mailing
> list on my private server (which I have done in the past), and someone in
> the EU subscribed and posted to that list and their email address was
> captured in the list archives, and they later unsubscribed and asked for
> their email address to be removed from the list archives, and I (for
> whatever reason) did not do so, *how* would an EU court levy fines against
> me?
>
> The US is not a signatory to the GDPR as far as I am aware, and I have
> *no* legal presence outside the US.
>
The US signed a bilateral agreement with the EU:
https://www.privacyshield.gov/
>
>> On Tue, Nov 20, 2018 at 17:03, John Hardin <jh...@impsec.org> wrote:
>>
>>> On Tue, 20 Nov 2018, Rupert Gallagher wrote:
>>>
>>>> Yes, if you are European, and might get some money as compensation.
>>>
>>> From a US political advocacy group which has no commercial presence in EU?
>>> How does GDPR apply in that situation?
>>>
>>>> On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 <jo...@j4computers.com> wrote:
>>>>
>>>>> Gents,
>>>>>
>>>>> I somehow became subscribed to a list, political in nature, in whose mail I have no interest. This is a legitimate AFAIK, US organization.
>>>>>
>>>>> Thus far, several uses of their unsubscribe link had not provided relief. Direct email to the founder and operations manager seem to have been ignored as well.
>>>>>
>>>>> While I can just dump their mail, it offends my finely hones sense of propriety, justice and my all around good nature. Besides, it hoses me off.
>>>>>
>>>>> So, is there some "authority" to which I can report these a**holes? that might have an effect?
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> The question of whether people should be allowed to harm themselves
> is simple. They *must*. -- Charles Murray
> -----------------------------------------------------------------------
> 600 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by John Hardin <jh...@impsec.org>.
On Tue, 20 Nov 2018, Rupert Gallagher wrote:
> The email address is an address, part of your personally identifiable
> data.
I'm not disputing that. I write software that deals with PII in my day
job.
> If an identifiable entity in the US sends mass mail to European
> addresses, then they must have a representative in Europe and comply
> with the GDPR.
(1) how do you *force* someone in the US to have a representative in
Europe?
(2) if they do no business in the EU, and do not have any presence in the
EU (sending email to addresses in the EU is not "having a presence in the
EU"), how are they subject to fines for violating the law in the EU?
If, for example, I - a private, non-commercial entity - hosted a mailing
list on my private server (which I have done in the past), and someone in
the EU subscribed and posted to that list and their email address was
captured in the list archives, and they later unsubscribed and asked for
their email address to be removed from the list archives, and I (for
whatever reason) did not do so, *how* would an EU court levy fines against
me?
The US is not a signatory to the GDPR as far as I am aware, and I have
*no* legal presence outside the US.
> On Tue, Nov 20, 2018 at 17:03, John Hardin <jh...@impsec.org> wrote:
>
>> On Tue, 20 Nov 2018, Rupert Gallagher wrote:
>>
>>> Yes, if you are European, and might get some money as compensation.
>>
>> From a US political advocacy group which has no commercial presence in EU?
>> How does GDPR apply in that situation?
>>
>>> On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 <jo...@j4computers.com> wrote:
>>>
>>>> Gents,
>>>>
>>>> I somehow became subscribed to a list, political in nature, in whose mail I have no interest. This is a legitimate AFAIK, US organization.
>>>>
>>>> Thus far, several uses of their unsubscribe link had not provided relief. Direct email to the founder and operations manager seem to have been ignored as well.
>>>>
>>>> While I can just dump their mail, it offends my finely hones sense of propriety, justice and my all around good nature. Besides, it hoses me off.
>>>>
>>>> So, is there some "authority" to which I can report these a**holes? that might have an effect?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The question of whether people should be allowed to harm themselves
is simple. They *must*. -- Charles Murray
-----------------------------------------------------------------------
600 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: semi-OT - reporting an organization that ignores unsubscribe requests
Posted by Rupert Gallagher <ru...@protonmail.com>.
The email address is an address, part of your personally identifiable data. If an identifiable entity in the US sends mass mail to European addresses, then they must have a representative in Europe and comply with the GDPR.
On Tue, Nov 20, 2018 at 17:03, John Hardin <jh...@impsec.org> wrote:
> On Tue, 20 Nov 2018, Rupert Gallagher wrote:
>
>> Yes, if you are European, and might get some money as compensation.
>
> From a US political advocacy group which has no commercial presence in EU?
> How does GDPR apply in that situation?
>
>> On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 <jo...@j4computers.com> wrote:
>>
>>> Gents,
>>>
>>> I somehow became subscribed to a list, political in nature, in whose mail I have no interest. This is a legitimate AFAIK, US organization.
>>>
>>> Thus far, several uses of their unsubscribe link had not provided relief. Direct email to the founder and operations manager seem to have been ignored as well.
>>>
>>> While I can just dump their mail, it offends my finely hones sense of propriety, justice and my all around good nature. Besides, it hoses me off.
>>>
>>> So, is there some "authority" to which I can report these a**holes? that might have an effect?
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> The world has enough Mouse Clicking System Engineers.
> -- Dave Pooser
> -----------------------------------------------------------------------
> 600 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: semi-OT - reporting an organization that ignores unsubscribe
requests
Posted by John Hardin <jh...@impsec.org>.
On Tue, 20 Nov 2018, Rupert Gallagher wrote:
> Yes, if you are European, and might get some money as compensation.
From a US political advocacy group which has no commercial presence in EU?
How does GDPR apply in that situation?
> On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 <jo...@j4computers.com> wrote:
>
>> Gents,
>>
>> I somehow became subscribed to a list, political in nature, in whose mail I have no interest. This is a legitimate AFAIK, US organization.
>>
>> Thus far, several uses of their unsubscribe link had not provided relief. Direct email to the founder and operations manager seem to have been ignored as well.
>>
>> While I can just dump their mail, it offends my finely hones sense of propriety, justice and my all around good nature. Besides, it hoses me off.
>>
>> So, is there some "authority" to which I can report these a**holes? that might have an effect?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The world has enough Mouse Clicking System Engineers.
-- Dave Pooser
-----------------------------------------------------------------------
600 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: semi-OT - reporting an organization that ignores unsubscribe requests
Posted by Rupert Gallagher <ru...@protonmail.com>.
Yes, if you are European, and might get some money as compensation.
On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 <jo...@j4computers.com> wrote:
> Gents,
>
> I somehow became subscribed to a list, political in nature, in whose mail I have no interest. This is a legitimate AFAIK, US organization.
>
> Thus far, several uses of their unsubscribe link had not provided relief. Direct email to the founder and operations manager seem to have been ignored as well.
>
> While I can just dump their mail, it offends my finely hones sense of propriety, justice and my all around good nature. Besides, it hoses me off.
>
> So, is there some "authority" to which I can report these a**holes? that might have an effect?