
Ask HN: Is using my personal information for scam a GDPR violation? - anticristi
I recently got an attempted scam from this company: https:&#x2F;&#x2F;wptr.biz. Their scam seems to be widely known: https:&#x2F;&#x2F;www.wipo.int&#x2F;pct&#x2F;en&#x2F;warning&#x2F;pct_warning.html.<p>The scam works as follows: Monitor the database of PCT applications, then send a letter with an invoice that resembles the genuine service. Scam fees can clock as high as thousands of euros. Although the collected information is public, I certainly did not agree to it being collected and processed for the purpose of scamming me. <i>Is this a GDPR violation?</i><p>I complained to the Swedish Data Protection Agency and they basically replied &quot;we are too busy&quot;.
======
Zenst
I can't see how it can be. But if it is, then the Swedish Protection Agency
will be too busy!

Personally, I'd raise a complaint against that agency for neglect. I'm not
sure of the best way, but start with the police, local politician. Greif the
agency with red tape and bureaucracy into singling them out.

They are also part of the EU, so maybe go over their heads and raise it there,
maybe start with your local MEP. But the shame approach with the EU, would get
some results. All legal, safe and better to use the system to combat the
system.

------
mytailorisrich
This is a classic scam using public databases (e.g. companies register).

It's legal to collect public data for marketing purposes as far as I know.

Issuing fake invoices is probably fraud.

Under the GDPR you may have a right to demand the scammers remove your details
from their own database ;)

------
bifrost
If its public information, its highly unlikely to be a GDPR violation. They
may also be operating in a country outside of the EU, so they'd be immune to
GDPR regulation anyways.

~~~
richardk3000
Doesn't matter if they're from the EU or not. If you target (people in) the
EU, the GDPR applies, no matter where you're from. Whether the GDPR can be
effectively enforced is another question of course.

~~~
bifrost
Not true, the GDPR only applies if you do business with the EU. There are some
companies that have decided to become "GDPR Compliant" that are outside of the
EU, but they don't really need to.

