"If you are a company, you are probably bound by the Data Protection Act (or local equivalent) not to share my information without consent. If you are an individual, no such laws app". This isn't strictly correct, anyone (including private individuals) who is processing personal data, in circumtstances under which they determine the means by and the purposes for the processing, is a data controller, unless they are exempt. There is an exemption in the Data Protection Act 1998 where the processing is "only" for domestic purposes. However, I would suggest, and case law would support, that processing of the type you describe might not attract the protection of this exemption. That said, I doubt very much the Information Commissioner would agree, so I'm not sure there's much mileage in this argument. Nonetheless, I made it last year in approximate terms: http://informationrightsandwrongs.com/2013/06/21/ico-social-media-guidance-shirking-responsibility/