So the admins of the block bot have made an announcement today (Whoops, forgot to publish this and it’s now months later!) in regards to the Data Protection Act and their operation …
This communication has been going on for a while, with very long pauses in between, the UK Information Commission (ICO) have better things to do than worry about anti-harassment tools on Twitter that only store public data! This communication was initially started by me as some people were claiming the block bot was “violating” the UK Data Protection Act (DPA) and I was a Data Controller. Both patently false but to get a definitive answer from the ICO involved the admins explaining how it works and what their roles are, and me explaining I have no role apart from rebooting the server and making sure the data is secure. This information and the complaints submitted by people trying to get the bot shut down were taken into consideration by the ICO.
So, they’ve ruled the block bot doesn’t violate any of the clauses in the DPA, at all. Not only that but I’m not a Data Controller and no one on the team need register as one.
The three admins are in charge and I cannot modify the data without their instruction to do so. Quite why no one understands this when I stepped down as an administrator/blocker of the block bot over 18 months ago I can’t imagine. Regardless the matter is now closed, definitively, and I’d encourage any one else worried about the DPA requirements of their anti-harassment tools to contact the ICO. They are very helpful! @Marian has also offered to give people specifics of what we’ve learned, but we’d recommend always contacting the ICO.