• Arbitrations
• a20131124.1

• Case Number: a20131124.1
• Status: close
• Claimants: Manuel S, Marcus M
• Respondent: CAcert

• Initial Case Manager: EvaStöwe

• Case Manager: MartinGummi

• Arbitrator: EvaStöwe

• Date of arbitration start: 2014-01-11
• Date of ruling: 2014-01-11
• Case closed: 2014-01-11
• Complaint: Delete Account / requesting a copy off of personal data before and after closing of account
• Relief: TBD

Before: Arbitrator Eva Stöwe (A), Respondent: CAcert (R), Claimant: Manuel S (C1), Marcus M (C2), Case: a20131124.1

History Log

• 2013-11-24 (issue.c.o) case s20131124.35

• 2013-11-24 (iCM): added to wiki, request for CM / A
• 2014-01-11 (CM): I'll take care of this case as CM and select Eva Stöwe as A.
• 2014-01-11 (A): clarified with C2 that C1 accepted CCA (via VoIP)
• 2014-01-11 (CM): init mail
• 2014-01-11 (A): question to C1 if he really wants us to provide the requested information since this would require people to see this information, or if a general information about what data is stored in our DB and anonymized by closing of an account would be enough.
• 2014-01-11 (C1): respondet that he is happy if his mail and DoB would not be accessible anymore.
• 2014-01-11 (A): informed C1 about how the delete account script handles personal data and suggest to close the case.
• 2014-01-11 (C1): aggrees with the suggestion.
• 2014-01-11 (A): announces that the case will be closed.
• 2014-01-11 (CM): close case

Original Dispute, Discovery (Private Part) (optional)

• Link to Arbitration case a20131124.1 (Private Part), Access for (CM) + (A) only

EOT Private Part

Discovery

• C1 asked to close his account and requested a copy off all data about yourself wich will be held by cacert.org.
• The delte account procedure could be initiated by support. Arbitration is currently not neede to handle this.
• C2 was the support member who did this. Because of running certificates the account has to be held valid for 3 month after this.
• C2 accepted CCA/DRP by account creation and creation of the certificates.
• To provide the whole information set it would be needed to write new sql-queries and handle them (and the resulting data) manually by critical team.
  • At least 3 people would be able to see that personal information by doing so.
  • This would be contraproductive to secure the private information of C1.
• A general information about what information is stored about a user and what is done by the delete account procedure may be enough to fulfill the needs of C1.
• C1 only wanted to protect his email and DoB information - which will be the case after the delte account procedure.
• C1 has got this information and does not want us to do anything more.

Ruling

C1 was informed about the nature and the treatment of his personal information stored by CAcert. He does not require CAcert to provide him with further informations. Nothing more needs to be done in this regard.

Support should continue with the close account procedure that was already initiated.

-- Cologne, 14-01-11

Execution

• 14-01-11 (CM): Execution to Support

Similiar Cases

• CategoryArbitration

• CategoryArbCaseAccountDelAssurer

• CategoryArbCaseAccountDelNonAssurer

• CategoryArbCaseAccountCleanup