The user requests to remove his name and e-mailaddress from lists archive on 5 posts.

Before: Case Manager Ulrich Schroeter (CM). Arbitrator Lambert Hofstra (A). Respondent: Iang (R2) Claimant: Ja. St. (C) Case: a20090913.1

  1. 2009-09-13 (CM) Req. CCA / DRP acceptance of (C)
  2. 2009-09-13 (CM) Arbitrator assigned (A)
  3. 2009-09-15 (C) accepts arbitration under CCA/DRP
  4. 2009-09-14 (R2) accepts arbitration under CCA/DRP
  5. 2009-09-24 (A) Updated wiki, added more detail to the claim of C:

Claim is twofold:

  1. 2009-09-24 (A) Multiple Respondents are mentioned, this is impractical, especially because one of the respondents is CAcert Inc. Since the initial claim only addresses the policy email list, (one of) the owners of this list shall act as Respondent. The second claim is regarding a specific post on a public email list. Since it was posted by one of the mail list owners of the policy list, I choose him (Iang) as the Respondent
  2. 2009-09-24 (A) Further questions sent to C and R. Also question to mail list admins: mail list architecture has changed on March 27, 2009. Mail archives have been available to everyone before that date, but are more easily accessible by search engines since that date. So basically not much changed since march 2009.
  3. 2009-10-04 (A) Private discussions between CM and R were shared with C and his feedback was requested. C has nothing further to add.
  4. 2009-10-27 (CM) request for progress report
  5. 2009-11-15 (A) A has asked for info on how email is search-able by search engines like Google.


Regarding the request of C, to remove his posts from the email archive, I rule that this is not required. This ruling is based on the following observations:

Regarding the request to remove PII that was put on a public mail list by a third person I rule that this is valid, and the corresponding email archive must be modified in such a way that no PII of C is kept in the posts. This ruling is based on the following observations:

8. Privacy of user data

CAcert Assurers can see the name, birthday and the number of points by looking up the correct email address. No other person related data is published by CAcert. 

I also rule that a discussion on email list policies must be started on the policy list, to extend the privacy policy with policies on email lists. This discussion will be started by A.

Instructions to Support

Please remove all Personally Identiable Information (PII) in the specific posts by:

Arbitrations/a20090913.1 (last edited 2010-11-21 23:57:04 by UlrichSchroeter)