hello there.

we run our business form the uk, but our servers are in usa.

If somebody abuses our services, and brakes our TOS by hosting illegall content, are we within rights to share their details with companies involved.

For example, somebody we hosted atempted a phishing scam related to ebay, can we legally pass this users details such as ip address,e mail address, name, address, telephone number etc on to ebay, without braking the law.

We are trying to do the right thing, but we dont want to put ourselves ina position wheree we coudl be sued.

any advice would be great

thanks in advance
craig

Shouldn't you check this with UK lawyer? people on WHT are not lawyer...i think it will be best to either talk to ebay or check with your local lawyer.

If it's illegal you call the Police and pass everything on to them.

simple!

Originally posted by craigj
If somebody abuses our services, and brakes our TOS by hosting illegall content, are we within rights to share their details with companies involved.


The data protection act requires you to inform users who their data will be disclosed to up-front. If the people you wish to share the data with aren't on that list, you can't disclose the information to them unless they get a court order.

Originally posted by craigj
For example, somebody we hosted atempted a phishing scam related to ebay, can we legally pass this users details such as ip address,e mail address, name, address, telephone number etc on to ebay, without braking the law.

IF Ebay, (in this example) or the Authorities (More than likely it'll be the FBI rather than Ebay) were to contact you regarding a specific client, I'd check it out. "IF" this client was indeed breaking the law, there would be no problem with you disclosing this information.

Our TOS for example states we do not and will not share information with "any" out side source. "HOWEVER" it also states that information can and will be shared with the proper authorities for activity that is deemed in violation of law or otherwise cause harm.

We are trying to do the right thing, but we dont want to put ourselves ina position wheree we coudl be sued.

If you took it upon yourself then yea, you could have a problem. But if you are aproached by the Authorities then I see no problem with you complying. In fact I'd check my TOS and make sure you make it clear that information pertaining to Illegal activity will be reported to the Authorities as requested.

BUT you'll have to make sure there isn't a problem with this in UK law.

You're in a position where the laws of 2 lands need to be reviewed.

1) You are hosted on a US server. This does open you up to US laws in certain circumstances

2) you are a UK business and as such are open to its laws

As far as getting in trouble because a customer wants to do someting stupid. It's been declaired that a ISP/Host can not be held responcible for the content or activity of a customer. "UNTIL" the ISP/Host is made aware of the activity.

What this means is you are golden until you hear a client is breaking the law. At that point it is up to you to verify and remove offending content (and or susspend account) . Failure to do so can open you up to legal problems.

I think there should not be any problem with Law in any country when you are helping to catch a criminal. If i have a customer who violated my TOS by doing something illegal then he automatically loses his right of privacy becaz by explicitly committing a fraud that person is not a "lawful customer" and if you as a host try to protect "Your client" and in turn you commit a crime becaz you indirectly participated in his acts by not giving out his information to the law !

Originally posted by ozone_mark
I think there should not be any problem with Law in any country when you are helping to catch a criminal. If i have a customer who violated my TOS by doing something illegal then he automatically loses his right of privacy becaz by explicitly committing a fraud that person is not a "lawful customer" and if you as a host try to protect "Your client" and in turn you commit a crime becaz you indirectly participated in his acts by not giving out his information to the law !

Strictly speaking under the UK DPA, even the authorities need a court order to get records. However, if you've made the customer aware of the fact that you'll disclose information to legal entities on request in your T&C's then you're okay.

The important thing is that the customer knows the people who'll you'll disclose his details to without a court order.

Incidentally, the UK DPA only covers 'personal' data about an individual; it doesn't cover data that you hold on companies (that's covered by other laws).

It's primary purpose was to allow people to get information that's held about themselves.

Originally posted by disoft
Incidentally, the UK DPA only covers 'personal' data about an individual; it doesn't cover data that you hold on companies (that's covered by other laws).

It's primary purpose was to allow people to get information that's held about themselves.

Basically true, although the line is blurred when you're talking about sole traders or other unincorporated forms of company (and gets complicated with private limited companies where directors can and are strongly indentified with the public image of their comapny's as the law says "identifiable" data).

I'd advise the OP to speak to a lawyer specialising in either corporate & contract law to data protection law, the free hour most offer should be plenty for them to get the answers they need.

If it's in your ToS you can do it. If it's not they would need a court order unfortunatly. So be sure to add it to your ToS if it's not already.