I don't think 2+2 is the bad guy. Most poker-related websites operate in a grey area and don't have much regard for the law of all jurisdictions where they operate, and I don't have much of a problem with that. The only thing that amazes me is that unlike many of those other websites 2+2 pretends that it does care about the law with cookie-notices, extended user agreements with standard legal blabla etc. And yet at the same time you are still debating whether to allow passport-copies, as if it isn't obviously clear that at least that isn't legal in some of the jurisdictions 2+2 chooses to operate. To realize that you only need common sense, no legal expert.

Do you have any idea what consent implies? It implies a free choice and the service offered can’t be conditional on the consent given, which it clearly is in your terms and conditions. Also ‘at any time’ definitly rules out that you can make the withdrawal of concent dependent on financial transactions.

GDPR, article 7

(...)

The data subject shall have the right to withdraw his or her consent at any time.

(...)

When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.

There are legal possibilities to publicize negative experiences about individuals, but the legal justification of that will never be that someone consented to that.

This seem like fair practice. I am definitely questioning some practices and if they are actually GDPR complaint but it not question for me to answer.
What is purpose of real name posting for small online deal? In your experience have to not backed anyone because you have found their name on 2+2 (not poker room username)?
Not being ass, just asking your experience about usefulness of real name for online deals. And i can see where it might be useful for sure.

Having looked through your posts i think thats a perfect template of what is acceptable to post in this thread.

Have noticed its tough to get bobo to change his stance once hes made up his mind but your stance of there is no proof posting passports is illegal is comical to me.

These people aren't just making things up for no reason. Basic common sense tells me i can't even publish my own passport in public as its not owned by me.

https://www.quora.com/Does-the-gover...it-my-property

https://uk.answers.yahoo.com/questio...1174455AAr1BDr

Its certainly not owned by samurai staking! All government issued IDs are owned by the issuing government.

Yes that true. I am just feeling it so crazy that this have happened this long and GDPR + every EU country now having it own National Data Protection Authorities allow me do something about trying get EU citizens information removed if 2+2 will not do anything about it (Not saying 2+2 is not interested to do something about it).
(Not saying i am not just wasting my time and energy by going over GDPR and finding where to and how to report if needed ect.).
Can you share more of 2+2 (By "2+2" meaning it administration) opinion so far? Have 2+2 seeing any legitimate reasoning for allowing this information? I mean 2+2 at the end have ultimate power to allow this information or not and is biggest player involved with position it should be allowed (by not removing this information).
I personally did not see much arguments if any for allowing this information or it helping to future backers but again maybe you can share more of what 2+2 thinks about it and why it have position of allowing this information (Or if it have that position anymore).

I would guess there is also strict policies and practices how documents like ID should be collected and stored and anyone is not allowed to do it.

+100000000000000 for common sense

While 2+2 have authority to keep or not keep this content like passports/addresses on it website with it moderation rights.
At end of the day it not what 2+2 and it lawyers think is illegal or not but what theses authorities know is illegal or not and have authority to take more steps to stop theses actions even if 2+2 keep thinking it legal to post passports/addresses in it forum:
*Any EU country national data protection authority
*Domain registrar
*Hosting provider
(I would guess they have not been spammed with reports yet about negative feedback thread)
While i will not go and find terms agreed about illegal content and GDPR laws and pretend to be lawyer but I would think there is 0% chance that 2+2 terms overwrite everything if any of theses authorities find something about posting passports/addresses being illegal.

We can obviously ask all theses authorities if they find this content illegal if we want find out more precisely (They probably have more knowledge about legal website content then 2+2 lawyers so might be useful information for this discussion thread). Obviously just semi-joke while 2+2 is in open discussion about removing this information themselves.

***I am not saying 2+2 administration have not covered their asses with their terms and everything but that they are not authority to determine what is illegal or legal content in it website if some higher authority find it is illegal.

2+2 can be responsible regardless of whether or not being the original source of said content. To me this is just common sense, but while 1-tabling I had some time to check out why.

See an exerpt of this book i.e., which talks specifically about discussion boards:

A "hosting" activity, on the other hand, represents a service, or its part, consisting of "the storage of information provided by a recipient of the service," such as video-sharing or trading platforms, discussion forums, social networks, Web-hosting services etc. Providers of such services are "not liable for the information stored at the request of a recipient of the service," on the condition that the provider (1) is passive, (2) does not have actual knowledge of illegal activity or information and, (...) (3) upon obtaining such knowledge or awareness, the provider acts expeditiously to remove or disable access to te information (...).

Clearly in this case the provider is aware of passport copies being displayed, because someone assigned by the provider to moderate the discussion (meaning you) is debating whether or not to allow it. The exception created for mere providers doesn't apply anymore after a moderator is aware, and from that point on it has become 2+2's legal concern despite your refusal to assume any.

The GDPR applies to the processing of personal data: information on a passport is the perfect example of personal data and displaying it on a website is a perfect example of processing. The GDPR doesn't contain rules for when the processing of personal data is forbidden but it contains a positive list with scenario's when it's allowed. The real question is thus not how they're breaking the law, but how they're complying with the law.

Processing shall be lawful only if and to the extent that at least one of the following applies:

the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
processing is necessary for compliance with a legal obligation to which the controller is subject;
processing is necessary in order to protect the vital interests of the data subject or of another natural person;
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

To me only the last justification makes any sense in this case, and I can see how that justifies the publication of a name, but I have a hard time imagining how the publication of a passport or utility bill is necessary for the purpose of a legitimate interest pursued by a (future) backer, especially when weighing it against the rights and freedoms of the data subject.


Furthermore there's article 87.

Member States may further determine the specific conditions for the processing of a national identification number or any other identifier of general application. In that case the national identification number or any other identifier of general application shall be used only under appropriate safeguards for the rights and freedoms of the data subject pursuant to this Regulation.

Many documents posted on 2+2 contained that number while almost every EU country forbids use of that number outside a limited list of organisations.


Again, I don't really care if 2+2 follows EU law. But if 2+2 decides to operate outside of the law the honorable thing to do would be to just state so and don't pretend otherwise. If there is a lawyer out there who says 2+2 never has any responsibility for user content the smart thing to do would be to fire him because that's BS.

While i am not lawyer my common sense says if posts is illegal 2+2 can be held responsible even if their terms says "bla bla users is fully responsible for their posts" and their lawyers advise same when 2+2 have knowledge about posts and purposely chooses to not remove them.

I would guess there is still parties who actually don't have knowledge about alleged illegal content but if they find it being illegal (Regardless if 2+2 find it legal or not) can put twoplustwo.com domain or website in hard position:
Actual web-hosting company who host twoplustwo.com --> Website can be taken down if web hosting company find content illegal, plus right now when GDPR is in action i would think lot services panic about anything what might be non-compliance with GDPR on their servers.
Domain registrar (Twoplustwo use service and rent web label twoplustwo.com from them so people don't need visit ip address 204.232.160.144 to reach their server) --> Suspension of domains for illegal activity happens regularly.

Would be interesting to find out if some EU National Data Protection Authority find content illegal on website if they go talk with website owner or directly with web-hosting company/domain registrar about information removal (Assuming it not giant website like facebook/google ect)

Not sure we can actually use word "legitimate" when we are talking about online poker staking deals.
Not saying 2+2 should allow real name or not but i have hard time seeing it as "legitimate" reason by GDPR when some random guy send you money via poker room transfer, you gamble it away and he ask for money back and after you don't he post your personal information.
I would guess they are talking more about if official company have written and lawful contract with person about some liability like credit and they want get debt paid back or similar not online poker deal.

Perhaps you've found that in other threads, but not in this one, considering I haven't even given my stance on the issues. Seems to be a few people (incorrectly) assuming what my stance is, though.

Just to make sure I'm being completely clear, I've taken no stance in this thread about whether the personal info that's being posted should continue to be, or whether the posting of that information is legal. But I haven't seen any proof in this thread; not sure what's comical about me saying that.

This "common sense" thing gets trotted out a lot, and it's being misused quite a bit, like you've done here. Obviously you don't mean I can't post a picture of something I don't own, as that would be silly. I assume what you mean is that I can't publish something that I don't own the copyright to, but I don't think it's completely clear that a passport would fall into that category - certainly not enough so to be "common sense". But that's a different way to approach the legality; most seem to believe it breaks privacy laws. Just not sure which one(s) yet.

Again, I'll say that the legality doesn't have to be the central issue - we could banish the publishing of such info even if it wasn't illegal. I was just asking because people keep talking about it being illegal, but never citing a law that is being broken.

My hope is still to have more discussion of the pros and cons of allowing this material to be published. For informational purposes, for punitive purposes, for deterrence purposes, from a moral perspective, or any other points of view. Hopefully some others will chime in.

While 2+2 privately holds unknown stance and not openly share it with posts about intended action or real action against unacceptable posts i would think it normal to assume that it have not changed it stance what it has been openly sharing with it actions (By not removing posts) for years and years (Even if it recently have changed it stance privately unknown to users).
This is first post where anyone from 2+2 administration have indicated that it have potentially changed it stance in some way.

Finding laws it break or don't is 2+2 responsibility and not knowing if 2+2 break any law don't free them from responsibility if content is shared and stored on forum illegaly.
If i want report 2+2 for something i believe breaks law but for example i don't know even close what law it is i can still freely do it and allow more informed authority like EU National Data Protection Authorities, hosting provider, domain registrar and others to find out what laws if any this forum is breaking.

It don't look like anyone in this forum thread is giving any arguments for allowing any sensitive so there obviously can't be any discussion.
But yes we can wait for them to come.

Anyway this is where i stand:
2+2 have no responsibility to even have negative feedback thread, i would think it good thread by itself but purpose should be only informative as 2+2 should not be platform for punish/deterrence purposes (Also refer to this post and this post where i express why i think it not that effective anyway and alternatives platforms can be used with same results).
If it for informative purposes our target to reach is potential future backers and they not benefit from seeing passport/phone/address about potential horse as they don't need to know what home they live in or what they look like to make safe informed decision based on negative feedback shared.
I would also think if 2+2 decide to be platform for punish/deterrence then there need to have solid evidence that repayments have been made because information included in 2+2 post and if so alternative platforms would not give same or better results. There seem not to have any evidence for that or if there is i am not aware of it.
Also if 2+2 decide to be platform for punish/deterrence then it need clearly state that it openly allow theses posts and allows that sensitive information in it forum and not just ignore posts who break original post (Still actively allowing theses posts but trying to cover it ass with some terms in OP).

I would also consider risk:reward ratio being very bad:

Reward: Very small % times backer get his money back but most times (I would think 95%+ but not sure) this information stays on forum for years and years without any repayments and close to 0% chance that repayments will start.

Risk: Because person information is shared openly in very well tracked forum for extended period of time and potentially checked regularly by criminals for new information, any player who have their sensitive information shared have been put in very vulnerable and dangerous situation for extended period of time (Even when it clear that there is close to 0% chance to get any repayments from player or backer have gone out of staking business/have died).
Some of risks (Over extended period of time):
*Fake accounts with your information can be created where criminals can use illegal payment methods like stolen credit cards.
*Someone can use knowledge about your real name and other information like address to scam/threaten you via phone.
*Someone can put you in dangerous situation in real life if they know your address, name, phone number and other information.
Obviously i am not criminal to know what more them can do with this information but i would guess this list can go longer.

Legality don't need central issue if 2+2 remove posts by themselves (Or indicate they will do it in public way). -- Your posts seem to starting indicate that it is case but 2+2 administration have not yet made any public statement about it.

If 2+2 decide to continue be platform for punish/deterrence purposes and continue allowing sensitive information on it forum then legality need to be main issue as there is no other way to force posts removal. (Not saying this is case or 2+2 is not in open discussion at this moment).
However if at end of discussion 2+2 decide that posts is allowed stay way they are then users only option is to seek help from authorities higher then 2+2 administration and they will care only about legality making it central issue.

While this forum thread is not about legality of posts, while 2+2 have not publicly shared that it plans to remove or edit posts with very sensitive information and wants discuss with it users only what information should be allowed (Assuming very sensitive information being removed or indicated that it will be removed) it seem very reasonable that users post about legality of posts and what actions can be made against 2+2 if they decide to keep allowing theses posts.

I would think bringing up legality would stop if 2+2 would publicly share it intentions with negative feedback thread and their new stance on what information they plan to make acceptable in negative feedback thread and then we (2+2 community) would be able have more discussion about if real name, city, face if public personality like big poker player should be allowed or not and for what purpose this information is being shared and similar questions what you seem wanting to discuss with 2+2 community. Basically i would think 2+2 sharing that it plans make changed to what it allows in negative feedback thread publicly would spark more conversation about specific information being allowed or not and it purpose if shared.

He was talking about my stance, and I was replying to his post.

Um, yes, I'm aware of this. I was simply asking a question of those who say a law is being broken. If they don't have an answer, that's fine - I just assumed that since they are so sure a law is being broken, they might be able to help out in that regard. No big deal if they can't.

There's pretty much zero chance anyone is unclear on where you stand at this point.

I thought we'd give it a little more than the <3 days since this thread was created before making any decisions.

Ah yes, my bad there. In some sense while being just part of 2+2 administration you being only one discussing this issue publicly with 2+2 community almost make you "2+2" (in this thread).



Obviously take more time but some indications where it at would be nice even if it not close to deciding like indicating what information administration sees have to be removed without real discussion because it too sensitive (Unedited ID, Unedited proof of address for example).

I think your stance was clear by allowing it to go on for years, while it hasn't been allowed at other forum sections. I (and maybe others) inferred this was due to your personal stance on the issue.

What more proof do you need besides my post on the legality? Especially regarding posts containing the national identification number (thus passports) the law is very clear.

When I used "common sense" it meant that a sense of justice could already provide the answer, regardless of the law you're looking for. To me asking what law says that you can't post a passport of someone else on a message board is like asking what law says you can't steal. But apparently our moral values are so different that this doesn't apply. Might be cultural as well as Europeans probably care a bit more about privacy where Americans might care more about vigilancy.

It has been posted a number of times: GDPR. (PDF)

The absence of any reaction by the people spamming the feedback thread with sensitive info is telling, just as the scammers often don't respond when they know they're wrong.

While i don't want bring up GDPR legality of posts and 2+2 accountability too much, someone have brought my attention to this.

This is recital 18 of the GDPR about personal or household activities:

https://gdpr-info.eu/recitals/no-18/
1.This Regulation does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity. 2.Personal or household activities could include correspondence and the holding of addresses, or social networking and online activity undertaken within the context of such activities. 3.However, this Regulation applies to controllers or processors which provide the means for processing personal data for such personal or household activities.

Again you need define what 2+2 is within GDPR, is it data controller, data processor or not. I don't understand with what logic 2+2 come up that it is not data controller or data processor when it shared and stored on it website and have means to remove sensitive content.

‘controller’ means the natural or legal person...
‘processor’ means a natural or legal person...
http://www.privacy-regulation.eu/en/...tions-GDPR.htm

If 2+2 is data controller which provide the means for processing personal data, I would think it obvious that it is illegal for data controller (2+2) under GDPR to make public (Determining it should be public by not removing after having knowledge about post) unedited EU citizen passport for example as they have certain responsibility to keep this personal data securely stored and confidential.

Also refer to previous shared DPA 1998 (The Data Protection Act 1998 has been replaced by GDPR and DPA 2018 - see 404 pages from old DPA 1998) guideline about online forums and them being data controller.

https://ico.org.uk/media/for-organis...a-guidance.pdf

"We produced many guidance documents on the previous Data Protection Act 1998. Even though that Act is no longer in force, some of them contain practical examples and advice which may still be helpful in applying the new legislation."

Your link provides the clear answer:

However, even if the content is not moderated before posting this does not necessarily mean that the person or organisation running the site isn’t a data controller. If the site only allows posts subject to terms and conditions which cover acceptable content, and if it can remove posts which breach its policies on such matters, then it will still, to some extent, be determining the purposes and manner in which personal data is processed. It will therefore be a data controller.

I might add to that the responsibility to not store some data at all (regardless if it's securely stored and or confidential).

What is 2+2 position then? its been 5 days since anyone has posted?

I wanted to give a little feedback as a backer/staker. This is just my opinion.

Disclaimer: We have backed hundreds of poker players (if not in the 1k+ range) over a 6+ year span and still have a staking thread on 2+2.

We have posted ~40 times in the Negative feedback forum, with ~12ish of the players paying money back to some extent. We have had a few dozen circumstances where we did not need to go to the boards and post the player's information and instead the player and us settled the situation privately.

Since we have been backing for so long, we have seen every type of scam in the book. From players robbing us straight away right after we send the bankroll, to chip dumping, to playing games they are not allowed to play / casino games, and more.

We generally only post in situations where it is blatently clear that the horse violated our contract/agreement. We won't post on someone who lost 2 buy ins more than he was allowed to or have draconian punishments- but we will post when players straight up rob us.

It is a tough call in regards to what 2+2 should allow or not allow on the forums. I understand both sides of the arguments and I do think that IDs and addresses should be edited out of the pictures if they are posted.

As backers in a very unregulated industry, it's difficult to fight back or punish those who have outright scammed. Posting an ID on the internet is one of the few leverages we have in these situations. Now, you could say "well, you just need to do better diligence and stake more trustworthy people". While I definitely agree that many backers (ourselves included) need to do a better background check, that also does not mean that you are immune to somebody scamming you. We have had relationships with players for over a year and then, for whatever reason, they will disappear with our bankroll and winnings. Should people be allowed to do that with relative impunity? I do not think that posting a person's screen name and email address is much leverage- after all, you can always change your email and your poker screen name is just one screen name amongst many sites.

Maybe just a screen name and skype/email/real name is enough of punishment going forward and I can see not posting an ID. I would assume that most stables that do post IDs have something in their agreement that allows them to do so and the player is fully understanding of this if they break the agreement. In most of the situations that you see backers posting IDs, you won't see any argument from the horses that scammed, meaning that they probably are guilty of the whatever the backer is accusing them of. That being said, perhaps an ID being posted is too harsh. What do people think about people's faces posted onto 2+2 and no ID?

Again, just my opinion and not an opinion of others.

First of all very nice ninja edits by Orange on 06-05-2018 editing out ID's...

https://forumserver.twoplustwo.com/s...postcount=2507
Last edited by orange; 06-05-2018
https://forumserver.twoplustwo.com/s...postcount=2280
Last edited by orange; 06-05-2018

Maybe ninja edit out also address and phone numbers as there is probably close to 0% chance to get money back after 5 years anyway.

But at end of day it just shows that 5 years ago you had different stance about posting ID's then now and it very understandable but bit sketchy to silently edit your own posts with ID's and come post only after doing it but not mention it in any way.

You are arguing B here:
A)Scammer ID should be posted online
B)Scammer ID should be posted online on specifically 2+2 forum platform

Not same thing. You could post ID's on other public online places and not 2+2 where purpose of negative feedback thread should be information for potential future backers not as platform for punishing and scaring scammer.

Again using word punishment (What you used lot times in your post) says lot about your stance how 2+2 platform should be used.
You are basically arguing that 2+2 should be platform for punishing/scarring people not platform for informing future backers only. (You still could use different platform for punishing/scarring person)

lol at "agreements", not sure if you are joking or not, they are clearly not legally binding contracts if they talk about posting someone ID/address publicly.
Posting ID's/address and/or keeping ID's/address posted is very likely against GDPR in every way.
But again as earlier said in this thread we can ask EU National Data Protection Authorities, hosting provider, domain registrar if they think theses publicly posted ID's/Addresses is illegal or not so we can have more informed discussion in this forum thread and who knows maybe they think theses "agreements" free backers/2+2 from all responsibility from posting and/or keeping this sensitive information public.
Sure, 95% people who is posted in negative feedback thread is guilty of accusations fully or partially but i don't see how it changes anything at all.

Proof of Orange ninja edits skills: https://web.archive.org/web/20141005.../index168.html

Purpose of posting real name for small online deals? Have you found out that you should not stake someone online by their real name? (Not their poker rooms screen name/skype name and assuming this information was provided)
To be clear i don't have strong position about real name positing and there is lot lot more urgent issues right now in negative feedback thread but would think it need serve legitimate reason if posted, if it 95% times is just irrelevant information for small stakes online backers maybe it something what should be posted only if conditions is met like if it Live deal/no major rooms screen names was provided/Scammer is not EU citizen ect.

Not going to let this drag on forever, but I have no problem with this playing out for a week or two before making any decision - especially when this thread, thus far, has primarily been two people (other than me) posting. Still hoping to get a few more opinions.

I don't think ninja edit means what you think it means.

LOL, what???

First of all, there was nothing silent about it - there's an edit note right at the bottom of every post. Secondly, WTF is sketchy about removing some information from the post? You're in this thread making the argument that some information shouldn't be posted, and then when someone removes some of that information, you're complaining that it's sketchy?

If orange had come on here and said "posting ID is bad and we'd never do it" after having deleted ID from every post where he did so, that would be sketchy. But that's not what he said. Maybe this thread reminded him that he hadn't deleted some info he had meant to. Maybe it made him rethink some posts. Who cares?

This strikes me as an odd argument. Why is 2+2 specifically such an issue for you? If you're against personal information being posted to punish people, then make that argument. Either it's OK or not; the platform is irrelevant. And yes, I understand that we are discussing 2+2 specifically, but what I'm getting at is that I'd like to hear why you think ID should not be posted as a punishment/deterrent, putting the platform and legalities aside.

Fantastic, you cracked the case!

Ugh. This is something I have a VERY strong position on. If real names aren't going to be permitted, this thread and forum become pretty useless IMO. Well, not useless, but much, much less useful. Something is needed to tie these guys to different accounts. There are hundreds, if not thousands, of poker sites for these guys to create new accounts on. Scam a backer or two on one site, that screen name gets outted, and on they go to a different site. Or if the site allows name changes, no need to even create a new account. I'd need to see a really, really compelling reason to disallow real names being posted.

And just a quick comment about the legal arguments - I stopped responding as I didn't see the point in the continuous back-and-forth about it. I disagree with much of what was posted, and on some other points I don't have a strong opinion but was far from convinced about what you guys are so certain is correct. I am not a lawyer, and I don't think anyone else who has been posting is either, in spite of the certainty with which some assertions were being made. Your opinions are appreciated, but I'll leave it to the real lawyers to determine if any changes need to be made from a legal standpoint - keeping in mind that we may decide to disallow some information regardless of any legal opinion.