Legal and Data Protection

What is the Global Signal Exchange (GSE)?

The Global Signal Exchange (GSE) is a centralised clearinghouse designed to combat online scams, fraud, and cybercrime. It functions as a cooperative ecosystem allowing tech platforms, financial institutions, and law enforcement to share and analyze threat "signals" in real time.

What exactly constitutes a "signal" under data protection frameworks?

A signal is any piece of information used to flag malicious behaviour, including domain names, hostnames, IP addresses, URLs, phone numbers, email addresses, and IBANs. Because some of these indicators (like emails, phone numbers, and certain IP addresses) can identify a living individual, they are treated as personal data under global privacy laws.

How do privacy laws and fraud prevention coexist within the GSE?

Privacy laws like GDPR do not obstruct fraud prevention. The GSE utilises clear governance structures and technical controls to ensure data sharing aligns with international frameworks. Under many data protection regimes, processing fraud indicators relies on the legal basis of legitimate interests (preventing cybercrime) or fulfilling public safety mandates.

Who determines how my personal data is processed within the platform?

The GSE acts as a data controller or joint controller (along with the data sharer or Licensor as defined in the GSE terms) depending on the specific partnership agreement. The GSE Terms & Conditions outline the obligations of both the central platform and participating members regarding security, accuracy, and regulatory compliance.

Does a shared signal mean someone is legally guilty of fraud?

No. A signal is a voluntary notification about unusual or suspicious cyber activity, similar to a digital neighbourhood watch. It does not constitute a definitive legal finding of wrongdoing or provide courtroom-ready evidence on its own. Data is assigned varying levels of confidence based on community and automated feedback.

What rights do individuals have regarding their personal data in the GSE?

In accordance with the GSE Privacy Policy, individuals hold comprehensive data subject rights, including:

• Access: Requesting a copy of the specific data held about them.
• Correction: Amending inaccurate or incomplete records.
• Deletion: Requesting removal if there is no overriding legal reason to hold it.
• Restriction & Objection: Temporarily limiting or objecting to how their data is used.

How is the data technically secured against breaches?

The platform is hosted securely on the Google Cloud Platform and leverages advanced infrastructure to ensure data integrity. Safeguards include encryption for data in transit and at rest, restricted role-based access management, and continuous automated pattern analysis.

Are signals shared across international borders?

Yes. Because cybercrime operates globally, threat indicators must move across international boundaries to effectively stop bad actors. Cross-border data flows are restricted to verified, qualifying organisations and are bound by strict legal mechanisms, data transfer agreements, and applicable localised privacy rules.

Can anyone access the platform to look up personal data?

No. To prevent abuse and protect consumer privacy, access to the platform is restricted to accredited organisations only. Access is vetted and managed explicitly by the Global Signal Exchange team to ensure that only authorised entities handle the data.