I propose the following data to be a new case:
| Fields | Data |
|---|---|
| Name | The service actively checks your provided identifiable information required by the service |
| Description | The service would check if your provided identifiable information required by the service is correct. The check measures could be analyzing your browser information and/or providing the identifiable information to third-party or the authority. |
| Classification | blocker |
| Topic | Topic Anonymity (ToS;DR Phoenix) |
| Weight | 80 |
Could you provide an example of service to which this case would apply?
If I don’t wrong, most of the financial services or services offering means of payment perform checks
I guess so, but I’m not sure whether they often share the PII with authorities or outside third parties or not.
If this sharing is exclusively with third parties involved in the operation of the service, the blocker rating could be too much maybe.
For me this case should be rated “bad” and the weight at 20 or 30
Also isn’t this case way too specific? I am not even sure if there is any service doing it
Couchsurfing (service-183) perhaps?
3.3 Our Address-Verification Tool. Our address verification tool is intended merely to confirm that the postal address a member submits to us is an address at which that member is able to access or receive mail.
You’ve got an excerpt? Ironically the ToS are too long lol
This does not say “actively checks” though, sounds like a one time thing upon registration, which is normal for quite a few services.
Oh, I misunderstood the proposal. So this is for when a continuous monitoring is in place for some prerequisite for using the service? And specifically for PII, otherwise Netflix’ “are you still watching?” would count 
Sorry for being late. The case is based on Case 409: You must provide your identifiable information.
Do you have any example though? I believe this is way too specific
I think I have an example for him.
This is Revolut
Information from social media Occasionally, we will use publicly available information about you from selected social media websites or apps to carry out enhanced due diligence checks. Publicly available information from social media websites or apps may also be provided to us when we conduct general searches on you (for example, to comply with our anti-money laundering or sanctions screening obligations).
For this question, I have found similar point in a service but I forget what the service is.
Also, I found that “blocker” is too harsh for this.
I just found a point for this:
“为提高您使用我们及我们合作伙伴提供服务的安全性,确保操作环境安全与识别注册账号异常状态,更好地保护您或其他用户或公众的人身财产安全免遭侵害,更好地预防钓鱼网站、欺诈、网络漏洞、计算机病毒、网络攻击、网络侵入等安全风险,更准确地识别违反中华人民共和国法律法规或12306网相关协议规则的情况,我们可能使用或整合您的用户信息、交易信息、设备信息、位置信息、日志信息以及我们合作伙伴取得您授权或依据法律共享的信息,来综合判断您账户及交易风险、进行身份验证、检测及防范安全事件,并依法采取必要的记录、审计、分析、处置措施”
Maybe it counts because it is from 12306, a state-run railway ticket-buying website and it is easy to think about what they would do.
I agree with the creation of the case, but as @lxda raised, this should be a bad point with a weight of 30.
The main reason for this is that the purposes of this check is only for security purposes (unathorized account use, fraud…), at least according to the example you have provided.
Even though it this verification can be extremely privacy invasive and prevent users from using the service anonymously.
If no other points of view are expressed within 2-3 days, I’ll add the new case.
Edit: The case has been added: Case 492: Your provided identifiable information is actively checked by the service
This Topic will soon be closed.
This topic was automatically closed after 2 days. New replies are no longer allowed.