This is only a minor issue, but one I thought people should be aware of…
While the website at https://petition.parliament.uk/petitions says “We won’t publish your personal details anywhere or use them for anything other than this petition”, it *is* still possible for someone to find out if you’ve signed a particular petition, if they know your name, email address, and postcode.
If you sign a petition, what happens is you get redirected to a page saying “please check your email” — you’re sent an email with a link in it to click, to confirm that the person associated with the email account actually wants to sign.
But if you sign a petition that has already been signed someone using that email address, you see this instead:
This means that if anyone wants to know if you’ve signed a particular petition, they can go and find out, just by entering your details.
Now, this is a minor issue, and can’t be used on a major scale — but it’s still revealing your personal data, and I can think of circumstances where someone would not want that data revealed.
The solution is easy — just have the website *always* redirect to the “check your email” page, and send out another email saying “you have already signed this petition”. That simultaneously stops anyone from finding your data, and also lets you know that someone’s been trying to use your name and email address. Quite why they’ve chosen to do something which I’m pretty sure is in breach of the Data Protection Act instead, I don’t know…