Actually, the question is: what mustn't be done. You may not compromise the privacy of the user or make him identifyable to yourself or a third party, either by name or a unique property except if he explicitly gives his consent.
How far you allow the user to give a detailed consent is your own choice (the best way to handle this IMO is [No consent*] [Fine-tuned consent] [Full consent]), but at least you must provide sufficient data on whom the information is shared with if third parties are involved, otherwise a conscious consent to share the information cannot be given.
* if your page or web app requires a log in, you should obviously exclude that from the no consent rule, but make it obvious that the choice for the user is either to allow for the login our leave your service.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Actually, the question is: what mustn't be done. You may not compromise the privacy of the user or make him identifyable to yourself or a third party, either by name or a unique property except if he explicitly gives his consent.
How far you allow the user to give a detailed consent is your own choice (the best way to handle this IMO is
[No consent*] [Fine-tuned consent] [Full consent]
), but at least you must provide sufficient data on whom the information is shared with if third parties are involved, otherwise a conscious consent to share the information cannot be given.* if your page or web app requires a log in, you should obviously exclude that from the no consent rule, but make it obvious that the choice for the user is either to allow for the login our leave your service.