Why you cannot enforce your legal rights against Trustpilot

sheramber

GraceCourt said:

CKhalvashi said:

Do you mind me asking why this is overly important and why you feel your rights have been breached?

Maybe we can give more assistance if you stop trying to school me in how the law works (for which I have plenty of knowledge) and get to the bottom of the matter.

As I understand you feel wronged by the group of companies collectively trading as Trustpilot. What have they done that is legally wrong that you require assistance with on the forums to protect your consumer rights?

At risk of repeating myself, the vast majority of the general public feel comfortable about the fact that there are laws in the United Kingdom that will protect them if their personal data is used unlawfully, causing them to suffer loss and/or distress as a direct consequence.  The vast majority of organisations try hard to be compliant and the Information Commissioner's Office ("ICO") generally prioritises assistance and guidance when personal data is stored and/or processed unlawfully, using its legal powers only as a last resort.

But the ICO is woefully under-resourced, and complaints to the ICO generally take around three months before they are even looked at and assigned to a caseworker, so where - as in this case - a real threat arises for data subjects' personal data because the organisation has placed itself outside any legal framework that might provide relief (whether financial, administrative, or both), I believe that it is very important that the general public becomes aware of that threat and individuals are able to make informed decisions accordingly.

In the case of Trustpilot A/S, it has very deliberately set up its business processes in such a way as to minimise - or even exclude completely - any obligations that it might otherwise have to comply with UK consumer protection legislation.  My post is to draw attention to that.  Trustpilot Limited has been incorporated in England, it has registered with the ICO as a data controller, but UK data subjects have no way of holding it to account as such because the UK Trustpilot web site makes it clear that users are contracting with a different company, registered in Copenhagen, that cannot be served with legal claims by UK data subjects.  Yet, it (Trustpilot A/S) wrongly pretends that the contract is governed by UK law, and is within the jurisdiction of the UK Courts, when in fact it is most certainly not the case.  What more is needed by way of indication that "all is not well"?

In the original post (above) I have asked Trustpilot A/S to respond on this.  I will post their reply, if there is one, but it will remain the case - as I have asserted - that Trustpilot A/S cannot be trusted (irony!) with the personal data of UK data subjects.

This forum is called "consumer rights": in dealing with Trustpilot A/S, UK data subjects have none.  This therefore appears to be an appropriate forum within which to flag up that salient fact, so that UK data subjects are aware of the significant risks to their personal data.  You might have plenty of knowledge of the law in England & Wales but clearly not enough to understand why no-one can now file a civil claim in the UK against a company incorporated in Denmark: this used to be easily possible via Part 78 CPR 1998 proceedings (EU Small Claims procedure) but Part 78 was revoked when the UK left the EU.

What percentage of UK subjects read this forum and what percentage of that number care or understand?

Nobody here seems to be wringing their hands with worry about it.

GraceCourt

sheramber said:

What percentage of UK subjects read this forum and what percentage of that number care or understand?

Nobody here seems to be wringing their hands with worry about it.

Then great, no harm done.

But I suspect a measurable proportion of non-commenters wonder why they are receiving so much "spam" from sources around the world or - worse - have been the targets of identity fraud because their personal data has not been stored and/or processed lawfully.

At least those who have read the OP might take greater care before entering into unenforceable contracts with non-UK companies... I'll bet that most UK Trustpilot reviewers on uk.trustpilot.com didn't even know they weren't providing their personal data to a UK-incorporated company, in which case legal redress would be possible using Article 12 of the UK GDPR.  If that doesn't bother them, no harm done by warning them.

Zinger549

GraceCourt said:

sheramber said:

What percentage of UK subjects read this forum and what percentage of that number care or understand?

Nobody here seems to be wringing their hands with worry about it.

Then great, no harm done.

But I suspect a measurable proportion of non-commenters wonder why they are receiving so much "spam" from sources around the world or - worse - have been the targets of identity fraud because their personal data has not been stored and/or processed lawfully.

At least those who have read the OP might take greater care before entering into unenforceable contracts with non-UK companies... I'll bet that most UK Trustpilot reviewers on uk.trustpilot.com didn't even know they weren't providing their personal data to a UK-incorporated company, in which case legal redress would be possible using Article 12 of the UK GDPR.  If that doesn't bother them, no harm done by warning them.

Doesn't matter if companies sell your details or not. If you use the internet your information is out there so. Spam is annoying but everyone gets it. Just mark it as spam. Email services are pretty good at picking it up these days but some will get through the filter. Considering the issues you have with companies on the internet I'm surprised you still use it. 

Bradden

GraceCourt said:

sheramber said:

What percentage of UK subjects read this forum and what percentage of that number care or understand?

Nobody here seems to be wringing their hands with worry about it.

Then great, no harm done.

But I suspect a measurable proportion of non-commenters wonder why they are receiving so much "spam" from sources around the world or - worse - have been the targets of identity fraud because their personal data has not been stored and/or processed lawfully.

At least those who have read the OP might take greater care before entering into unenforceable contracts with non-UK companies... I'll bet that most UK Trustpilot reviewers on uk.trustpilot.com didn't even know they weren't providing their personal data to a UK-incorporated company, in which case legal redress would be possible using Article 12 of the UK GDPR.  If that doesn't bother them, no harm done by warning them.

I wouldn't worry about  your data - googe "Data Brokers" - they have it already :-)

GraceCourt

Bradden said:

I wouldn't worry about  your data - googe "Data Brokers" - they have it already :-)

Not from anyone who uses "single-recipient" e-mail addresses, and Firefox installed with Canvas Fingerprint Defender, uBlock Origin, User-Agent Switcher, Privacy Badger, and NoScript, they haven't!

Even if they glean any meaningful data at all, it won't be attributable to any individual user or person because they won't even be able to obtain the IP address as the common denominator with which to aggregate it, because of how NoScript works.

RefluentBeans

Grace - if you have this much of an issue, then consult a solicitor, and take your point to the courts. I feel that you’ll have a struggle to show how you were damaged though. But you appear to have such serious issues with this that you can’t appease via a forum. 

I get you feel you may be warning people about entering into contracts they may have a hard time enforcing - but this comes off more of a rant (and in my opinion should be placed there rather than on this board), and it doesn’t appear you seem to be asking for help (or offering much advice other than ‘read the T/C’s, which is pretty much the takeaway from half of the posts on here).  

Exodi

GraceCourt said:

GingerTim said:

Can't say I'd be especially worried about that - but then I wouldn't put personal data into a Trustpilot review.

It doesn't need to be in a review... just reading reviews will be providing data like your IP address, browser type, browser agent string, site from which you were referred, etc., etc.  That's all saleable information even though it might not include personal data and I'm not aware of any browsing security software that warns against browsing to trustpilot.com!

All sites can harvest this, but then most sites don't have deliberately misleading terms and conditions!

If you think that's bad, I suggest you are sitting down when you look into what data TikTok collects...

Bradden

GraceCourt said:

Bradden said:

I wouldn't worry about  your data - googe "Data Brokers" - they have it already :-)

Not from anyone who uses "single-recipient" e-mail addresses, and Firefox installed with Canvas Fingerprint Defender, uBlock Origin, User-Agent Switcher, Privacy Badger, and NoScript, they haven't!

Even if they glean any meaningful data at all, it won't be attributable to any individual user or person because they won't even be able to obtain the IP address as the common denominator with which to aggregate it, because of how NoScript works.

You are correct of course and clearly know your tech. The the number of people following your advice is quite low. For example -  noScript on android has about 100,000 users according to the play store. Considering the  number of users out there it's a drop in the ocean.
Personally I'm not too worried about it - I accept that giving away some privacy is the cost of a "free" internet. If we're not paying for it someone else is.. who pays to keep the MSE server running? I don't use ad-blockers for the same reason - I think they're pushing towards IP theft but that's just my view I can understand why others do.