Case Proposal: The service actively checks your provided identifiable information required by the service

I propose the following data to be a new case:

Fields Data
Name The service actively checks your provided identifiable information required by the service
Description The service would check if your provided identifiable information required by the service is correct. The check measures could be analyzing your browser information and/or providing the identifiable information to third-party or the authority.
Classification blocker
Topic Topic Anonymity (ToS;DR Phoenix)
Weight 80
3 Likes

Could you provide an example of service to which this case would apply?

2 Likes

If I don’t wrong, most of the financial services or services offering means of payment perform checks

2 Likes

I guess so, but I’m not sure whether they often share the PII with authorities or outside third parties or not.
If this sharing is exclusively with third parties involved in the operation of the service, the blocker rating could be too much maybe.

2 Likes

For me this case should be rated “bad” and the weight at 20 or 30

2 Likes

Also isn’t this case way too specific? I am not even sure if there is any service doing it

2 Likes

Couchsurfing (service-183) perhaps?

3.3 Our Address-Verification Tool. Our address verification tool is intended merely to confirm that the postal address a member submits to us is an address at which that member is able to access or receive mail.

3 Likes

You’ve got an excerpt? Ironically the ToS are too long lol

3 Likes

This does not say “actively checks” though, sounds like a one time thing upon registration, which is normal for quite a few services.

2 Likes

Oh, I misunderstood the proposal. So this is for when a continuous monitoring is in place for some prerequisite for using the service? And specifically for PII, otherwise Netflix’ “are you still watching?” would count :joy:

2 Likes

Sorry for being late. The case is based on Case 409: You must provide your identifiable information.

3 Likes

Do you have any example though? I believe this is way too specific

2 Likes

I think I have an example for him.

This is Revolut

Information from social media Occasionally, we will use publicly available information about you from selected social media websites or apps to carry out enhanced due diligence checks. Publicly available information from social media websites or apps may also be provided to us when we conduct general searches on you (for example, to comply with our anti-money laundering or sanctions screening obligations).

2 Likes

For this question, I have found similar point in a service but I forget what the service is.

Also, I found that “blocker” is too harsh for this.

3 Likes

I just found a point for this:

“为提高您使用我们及我们合作伙伴提供服务的安全性,确保操作环境安全与识别注册账号异常状态,更好地保护您或其他用户或公众的人身财产安全免遭侵害,更好地预防钓鱼网站、欺诈、网络漏洞、计算机病毒、网络攻击、网络侵入等安全风险,更准确地识别违反中华人民共和国法律法规或12306网相关协议规则的情况,我们可能使用或整合您的用户信息、交易信息、设备信息、位置信息、日志信息以及我们合作伙伴取得您授权或依据法律共享的信息,来综合判断您账户及交易风险、进行身份验证、检测及防范安全事件,并依法采取必要的记录、审计、分析、处置措施”

Maybe it counts because it is from 12306, a state-run railway ticket-buying website and it is easy to think about what they would do.

2 Likes

I agree with the creation of the case, but as @lxda raised, this should be a bad point with a weight of 30.

The main reason for this is that the purposes of this check is only for security purposes (unathorized account use, fraud…), at least according to the example you have provided.
Even though it this verification can be extremely privacy invasive and prevent users from using the service anonymously.

1 Like