Data has been collected from publicly available webpages that form part of the $WEBSITE. These pages contain timestamped posts made by $WEBSITE users, associated with their usernames.
I recognise that individuals' posts constitute personal data. The individual that a post relates to is often likely to be identifiable in combination with registration data held by $WEBSITE, for example.
I note that I generally do not have the means to identify individuals from the information being processed. However, it is possible that some individuals will have chosen to post information that is readily identifiable.
The purposes of processing is to better understand the use of the $WEBSITE, the nature of its content over time, and how content is produced and engaged with by $WEBSITE users.
The lawful primary basis of processing is Article 6(1)(f) of the GDPR - "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party…".
I believe that the purpose outlined above identifies the legitimate interests and that the processing meets the necessity test with respect to that purpose.
None of the data is private, but it may be sensitive and its processing might be experienced as intrusive or objectionable.
However, I believe that users of the $WEBSITE understand that their posts are made public and that their posts may be the subject of research. (This is discussed further in the context of special category data below.)
I also believe there is a substantial public interest in content of $WEBSITE - in the last decade or so, there have been many articles concerned with $WEBSITE status as ###### and its influence in British politics (e.g. ###### in 2009). ###### published The Politicization of $WEBSITE in late 2020.
It is possible that posts made to $WEBSITE constitute 'special category' data. In particular, in the ###### topic, someone may well make choose to make a post revealing their political opinions.
The condition for processing this would be Article 9(2)(e) "made public by the data subject".
The $WEBSITE Privacy Policy makes it extremely clear to users that content posted in the forums is made available to the public.
Of your registration data, only your $WEBSITE username is displayed on screen for other users to see – but posts on $WEBSITE are visible to anyone on the internet. So when posting, you should bear in mind that any personally identifying details you include in the text or pictures you post could be seen by anyone.
$WEBSITE (with the exception of some topic) are visible to search engines. This means that any personal information users choose to share in their posts on a $WEBSITE product can be seen widely. We cannot control who sees these posts.
Practically, it is obvious to users of the forums that their content is made public and linked back to their usernames. The $WEBSITE also make available the ability to view any posts associated with a username as a Premium feature.
I note that $WEBSITE also provides copies of all posts to other processors for the purposes of research.
We also provide an anonymised copy of all posts to a handful of carefully chosen organisations so that they can analyse social trends. None of your personal information is ever shared and we remove usernames before sharing this information.
This is relevant insofar as it should further set users' expectations regarding the use of their data.