Using Email Addresses from a Closed Website

jacksn

Hi folks,

I worked as an external web developer for a property news website that had 10k subscribers. The website closed down in 2018 abruptly and when I was removing the webiste, I took a backup of the users (name and email addresses), the email accounts are mostly corporate email addresses.

I am now involved in a new property startup/venture and was considering using the email addresses for a marketing campaign to introduce the new venture. Is this a wise move?

hurikane

Eh no, they haven’t signed up to your new service. I’d imagine the data protection commissioner would have a large fine for you. I’d imagine you shouldn’t even have that backup.

chillinpenguin

You stole people’s information as no one said you could have it and no one gave you their information. They gave permission to a now closed website.

You are now asking should you use the information you stole/ obtained without permission for your own personal gain.....

jacksn

Thanks for the responses, I appreciate your time.

At the time, I made the owners aware that I created the backup of users in case the website was to be restored at a later date, they asked me to save the file and then vanished. I have never opened the file until recently when I discovered it on an old hard-drive.

un5byh7sqpd2x0

What you have already done, and what you are proposing to do, is illegal.

Darc19

Even with 10,000 names and if you had purchased the old site you would need to know who gave permission to sign up for marketing emails.

Now, most people wouldn't notice or care, but a few probably would and they could cause some grief.

bobbyy gee

No one's going to know
100 euro keeps me quite

Mod
Joke?

Mrs OBumble

Sam Lazy Tablecloth wrote: »

What you have already done, and what you are proposing to do, is illegal.

According to which law, given that they are mostly corporate addresses not private ones?

Del2005

Mrs OBumble wrote: »

According to which law, given that they are mostly corporate addresses not private ones?

GDPR. It wasn't in effect when the OP made the backup but it's now illegal to keep personal information without a valid reason and the OP has no valid reason to keep, or use, a database of email addresses from a company which no longer exists.

com1

Mrs OBumble wrote: »

According to which law, given that they are mostly corporate addresses not private ones?

A person’s name and corporate email address can be considered under gdpr legislation if they identify the person, which I assume they would

ted1

Have you no ethics ?

seamus

Del2005 wrote: »

GDPR. It wasn't in effect when the OP made the backup but it's now illegal to keep personal information without a valid reason and the OP has no valid reason to keep, or use, a database of email addresses from a company which no longer exists.

"Illegal" is overstating it.

It would be considered a breach, and the DPC would demand that the backup be deleted and that would be the end of it.

Any road OP, you definitely cannot use this database to go fishing for sales, and you are required under GDPR to delete it.

august12

jacksn wrote: »

Hi folks,

I worked as an external web developer for a property news website that had 10k subscribers. The website closed down in 2018 abruptly and when I was removing the webiste, I took a backup of the users (name and email addresses), the email accounts are mostly corporate email addresses.

I am now involved in a new property startup/venture and was considering using the email addresses for a marketing campaign to introduce the new venture. Is this a wise move?

As far as I am aware, generic email addresses are ok to hold e.g. info@ or sales@ but not individual name email addresses or any contact details within the business.

thomas 123

None of it is allowed people agreed to x your proposing to do Y with it now. It’s not allowed at all.

If it’s critical you use this list seek legal advice before you send out any comms.

See the data owners rights summarized here: https://www.citizensinformation.ie/en/government_in_ireland/data_protection/rights_under_general_data_protection_regulation.html#

From that you will see your plan would fail on many points.

hurikane

The OP is well aware, that this is wrong. Not sure why they are asking.

jacksn wrote: »

not until the local florist that operates an entry level wordpress/woocommerce website to carry out orders is hacked or the data is breached by an unauthorised user or Mary in the shop decides to start using customer emails for newsletters that Sean didn't consent to when placing an order.

Will the local florist have a 'right to erasure' policy in place? will they have a breach notification policy and will they have a process for Sean to access the information they have stored on him? .. doubt it

also the personal information they may store may fall under 'special categories' if Sean is gay and sent flowers to his boyfriend and this was noted by the florist in Seans order history?

GDPR is giving the power very firmly to Sean and every punter out there and the process of reporting a business for failing to protect their data is going to be as simple as possible with the DPO office.

loveyer

Sounds like illegal thing, but corporate emails works better for marketing. I think, that you need look closer to your contract about NDA
But I think there's the way if you change surnames, for example if that was
john[at]travel[dot]com or johnsmith[at]travel[dot]com (and you change to John Johnson-Smith).

davindub

OP aside from GPDR, you need to consider e privacy directives.

In a nutshell, you cannot use the data even if it consists of corporate emails (unless the communication is specific to the business of their corporate email, so viagra etc is not permitted..).