Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Is using my personal information for scam a GDPR violation?
6 points by anticristi on Sept 4, 2019 | hide | past | favorite | 5 comments
I recently got an attempted scam from this company: https://wptr.biz. Their scam seems to be widely known: https://www.wipo.int/pct/en/warning/pct_warning.html.

The scam works as follows: Monitor the database of PCT applications, then send a letter with an invoice that resembles the genuine service. Scam fees can clock as high as thousands of euros. Although the collected information is public, I certainly did not agree to it being collected and processed for the purpose of scamming me. Is this a GDPR violation?

I complained to the Swedish Data Protection Agency and they basically replied "we are too busy".



I can't see how it can be. But if it is, then the Swedish Protection Agency will be too busy!

Personally, I'd raise a complaint against that agency for neglect. I'm not sure of the best way, but start with the police, local politician. Greif the agency with red tape and bureaucracy into singling them out.

They are also part of the EU, so maybe go over their heads and raise it there, maybe start with your local MEP. But the shame approach with the EU, would get some results. All legal, safe and better to use the system to combat the system.


This is a classic scam using public databases (e.g. companies register).

It's legal to collect public data for marketing purposes as far as I know.

Issuing fake invoices is probably fraud.

Under the GDPR you may have a right to demand the scammers remove your details from their own database ;)


If its public information, its highly unlikely to be a GDPR violation. They may also be operating in a country outside of the EU, so they'd be immune to GDPR regulation anyways.


Doesn't matter if they're from the EU or not. If you target (people in) the EU, the GDPR applies, no matter where you're from. Whether the GDPR can be effectively enforced is another question of course.


Not true, the GDPR only applies if you do business with the EU. There are some companies that have decided to become "GDPR Compliant" that are outside of the EU, but they don't really need to.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: