150 points assurer who has issued 315 points to 25 people wants his account deleted.


Discovery

A: In the original request for deletion the Claimant explicitly agreed to arbitration.
A: An E-Mail was sent with the following content:

Dear <Anonymous>,

First off, I wish to apologise for the long delay. This arbitration got lost in the shuffle.

May I inquire your motivation to leave CAcert?

I will attempt to make this an efficient process from now on.

Kind regards,

Philipp Dunkel
(Arbitrator)

C: sent an E-Mail with the following points:

A: I issue the following preliminary ruling:

The claimant has a legitimate interest in his privacy and the privacy of his data.
The claimant has requested that the case-file be anonymised.
There is no overriding interest of the community to have direct access to this data in this case.

Therefore I rule that the case-file is anonymised.


Deliberation

There are two conflicting sets of interest in this case. On the one hand there is the interest of the claimant in preserving his privacy. On the other hand there is the interest of the community to preserve the integrity of its assurance network and enable the enforcement of possible reliances or future disputes. The privacy interest of the claimant is one that is recognised by CAcert in its Privacy Policy as well as many international precedents. The interests of the community derives from the following items:

Point 1 affects the assurer network. There may be future disputes in regards to these assurances. Points 2 and 3 may have caused others to rely on certificates or signatures made by these certificates that may be cause for a dispute in the future.

In order to give their due to both legitimate interests a balance has to be found. Removing the account itself does not appear practical since that would severely impede the interests of the community. However since the interest of the claimant is only in his privacy, all fields in the database that contain personal information (names, emails, date-of-birth) could be filled with an anonymised value to hide the persons identity. Since the identity of the claimant is known to the arbitrator any future arbitration could gain access to that information if requested by an arbitrator and if and only if found necessary. The claimant has done assurances and is obliged to retain the CAP forms of those assurances. However as the claimant is leaving the community, he should no longer hold these forms. These forms need to be retained somehow. So an alternative person needs to be appointed to do so. As the arbitrator already holds the personal information of the claimant, having him also retain these CAP forms may seem appropriate. In this way the anonymity of the claimant can be obtained and his privacy interests observed as no identifiable data of his is held in any automated system. At the same time the interests of the community can be maintained if the arbitrator hold that information and the CAP forms in a secure manner.


Ruling

After due consideration I issue the following ruling :

  1. A snapshot of the account information shall be taken and printed on paper.
  2. All certificates of the claimant shall be revoked.
  3. The account of the claimant shall be anonymised by doing the following:
    • Setting the date of birth to 1970-01-01
    • Setting all Name fields to a20090328.1
    • Removing all domains
    • Removing all secondary email addresses
    • Setting the primary email address to support@cacert.org

    • Setting all other fields containing any identifiable information to a20090328.1
  4. The claimant shall send all CAP forms in his possession to the arbitrator
  5. The arbitrator shall print this case-file to paper
  6. The arbitrator shall put the print-out of this case-file, the print-out of the account status as well as the CAP forms into an opaque envelope and seal that envelope.
  7. The arbitrator shall designate that envelope with the arbitration number and retain this envelope for 7 years, after which time it shall be destroyed.

This ruling may be used as a precedent for all similar cases where an assurer wishes to remove his account.

Notes

a20090618.3 uses this case as a precedent and gives some clarifications about data retention.


Arbitrations/a20090328.1 (last edited 2010-01-31 22:28:31 by UlrichSchroeter)