Data diversity and tiered safeguards

Does the platform process or store victim-related data?

No. The platform deliberately excludes victim data from its ingestion pipelines. Legal pathways are significantly clearer and more robust when processing data tied directly to a suspicion of criminality or malicious behaviour. Restricting the platform’s scope strictly to suspect infrastructure and threat actors minimises privacy risks and avoids the complex legal challenges associated with handling sensitive victim or witness data.

What types of data fields are processed, and are they treated equally?

The ecosystem handles a diverse range of signal types beyond traditional infrastructure points like URLs and IP addresses. The GSE can handle any valid threat indicator, including phone numbers, email addresses, crypto wallets, and IBANs. Because a phone number or bank account carries a higher privacy risk than an automated domain name, the platform enforces a tiered safeguard system. As data sensitivity increases, stricter access controls, enhanced verification steps, or sharing within private groups is recommended.

How does data protection risk management change as indicators become more identifiable?

The GSE adopts a risk-based approach to the way it handles different data types. Low-risk technical telemetry (such as standard malicious hostnames) flows through standard automated pipelines. Conversely, high-risk data types that directly identify individuals (such as specific personal phone numbers or financial coordinates) trigger advanced data protection safeguards. These include restricted querying privileges, mandatory documentation of the investigator's legal basis, and enhanced security controls to prevent unauthorised lookups.

What level of control do sharing organisations retain over the signals that they have shared?

Sharing organisations maintain granular control over the signals that they have shared. The platform does not force a "one-size-fits-all" broadcast model; instead, data sharers (or Licensors as they are referred to in the GSE Terms) have can control exactly how data is shared and to whom. Contributors can revoke access or update the sharing parameters of their submitted signals at any time through the platform interface.

What is the difference between open marketplace sharing and private groups?

The platform provides a flexible, dual-layered sharing ecosystem:

• The Open Marketplace: The open marketplace is used for broader community defence, allowing participants to share standard infrastructure indicators, such as domain-based links (URLs) or IP addresses widely to enable real-time mitigation actions across the entire GSE community.
• Private Groups: These are often the first port of call for new partners within the GSE community, who are testing out the system, and may be reluctant to share in the open marketplace. Private groups can also be used for the sharing of more sensitive data types (such as bank accounts, merchant IDs, crypto wallet addresses, email addresses).

How does the platform legally transfer signals to "third countries" outside the European Economic Area (EEA)?

For data transfers to jurisdictions lacking an EU adequacy decision, the GSE adopts strict compliance mechanisms under Chapter V of the GDPR by incorporating Standard Contractual Clauses (SCCs) coupled with mandatory Transfer Impact Assessments (TIAs). To maintain a highly agile and lightweight base agreement, these additional components are currently applied on a case-by-case basis with partners.