Requests for user data related to theft

[jmyres]

I manage a small forum for the industry I work in. We host a topic for posting for-sale ads, and I received an email from a member who believes he's been scammed out of a few thousand dollars by another user on the forum. He is asking if I can provide user data for the member he was transacting with to him or his bank.

Based on IP address logs, the buyer is in the US and the seller is in Central Africa, so GDPR doesn't seem to apply. I have searched quite a bit and can't find information specifically for this situation. Has anyone else run into this, or is there a thread or site that might cover this issue?

 

[StarArmy]

Maybe you can ask him to have the investigating law enforcement agency contact you and give the information to them. That way you're not just giving out member information to a user which might violate your privacy policy.

I assume you have something in your TOS about cooperating with law enforcement agencies?

I don't know what anyone's gonna be able to do with just an IP address though, especially one overseas.

 

[Kirby]

I'd not give out any information unless lawfully requested by law enforcement agencies, no matter where the users seem to be located.

You don't know exactly where they are nor do you know what has happened and if you are being tought the truth or lied upon.

 

[Paul B]

As above.

In and of itself, an IP address is not that useful and the the US police are not going to investigate a case of fraud on the other side of the world for such a (relatively) small amount.

Your buyers should be using a reputable escrow service.