Chris Spray on 30 November 2004 at 12:09 said:-
> I'm in the "yes" camp. The Directive derives in part, from
> the Universal
> Declaration of Human Rights, through the European Convention on the
> Protection of Human Rights and Fundamental Freedoms. These
> are encompassed
> in the recent European Charter of Fundamental Rights which
> "affirms the
> universal nature of rights, in so far as those in the Charter
> are, for the
> most part,accorded to everyone regardless of nationality or place of
> residence". The charter views the Protection of Personal Data as a
> fundamental right (Article 8).
The original derivation supports the difficulties outlined in the previous
point about logical jurisdictional legitimacy.
Using as an example the UN Website privay policy which denies the UN have
any responsibility for the security of any personal data they may cause to
have collected via that website. Assuming that the UN will, ethically at
least, be attempting to follow the UDHR this seems antithetical to at least
the UDHR articles 12 and 13, until you consider other UN agreeements and
exemptions, which if applied universally, seem to then make some logical
sense, albeit utilising UN legal exemptions in that way overturns what are
ostensibly primary objectives.
> The Directive doesn't impose any constraints in relation to
> data subjects
> and in its 2nd paragraph says "..data-processing systems are
> designed to
> serve man;...they must, whatever the nationality or residence
> of natural
> persons, respect their fundamental rights and freedoms,
> notably the right
> to privacy...".
The UDHR is equally all encompassing, but it would seem may not be so.
>
> Para. 5 of part 1 of the Act sets out its application. This
> is defined in
> relation to the status of the Data Controller. In its
> silence about any
> constraints in relation to nationality or residence of data
> subjects, I
> think you have to conclude that there are no such constraints
> intended.
>
> The Information Commissioner's Legal Guidance states
>
> "A data subject need not be a United Kingdom national or
> resident. Provided that the data controller is subject to
> the Act, rights with regard to
> personal data are
> available to every data subject, whatever his nationality or
> residence."
>
Equally, a UK national or resident, whose personal data are collected from
within the UK, seems to be able to have their rights denied.
A logically adjustment of the jurisdictional boundaries to locate the
personal data collection at the geographical location of the primary server,
or data controllers site does not deal with the difficulties, it merely
masks them.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Chris Spray
> Sent: 30 November 2004 12:09
> To: [log in to unmask]
> Subject: Re: FW: [data-protection] Non Uk Citizens access rights
>
>
> I'm in the "yes" camp. The Directive derives in part, from
> the Universal
> Declaration of Human Rights, through the European Convention on the
> Protection of Human Rights and Fundamental Freedoms. These
> are encompassed
> in the recent European Charter of Fundamental Rights which
> "affirms the
> universal nature of rights, in so far as those in the Charter
> are, for the
> most part,accorded to everyone regardless of nationality or place of
> residence". The charter views the Protection of Personal Data as a
> fundamental right (Article 8).
>
> The Directive doesn't impose any constraints in relation to
> data subjects
> and in its 2nd paragraph says "..data-processing systems are
> designed to
> serve man;...they must, whatever the nationality or residence
> of natural
> persons, respect their fundamental rights and freedoms,
> notably the right
> to privacy...".
>
> Para. 5 of part 1 of the Act sets out its application. This
> is defined in
> relation to the status of the Data Controller. In its
> silence about any
> constraints in relation to nationality or residence of data
> subjects, I
> think you have to conclude that there are no such constraints
> intended.
>
> The Information Commissioner's Legal Guidance states
>
> "A data subject need not be a United Kingdom national or
> resident. Provided that the data controller is subject to
> the Act, rights with regard to
> personal data are
> available to every data subject, whatever his nationality or
> residence."
>
> Jo asked, if this is right, what could someone outside the
> EEA do about a
> breach. I'm not a lawyer, but I assume the answer is the same as for
> anyone in the UK i.e. ask the Commissioner to make an
> assessment and/or
> take the data controller to a UK court, where such a remedy
> is available.
>
> Chris
>
>
>
>
>
> davidwyatt <[log in to unmask]>@JISCMAIL.AC.UK> on 30/11/2004
> 09:03:54
>
> Please respond to davidwyatt <[log in to unmask]>
>
> Sent by: This list is for those interested in Data
> Protection issues
> <[log in to unmask]>
>
>
> To: [log in to unmask]
>
> Subject: Re: [data-protection] FW: [data-protection] Non
> Uk Citizens
> access rights
>
>
> I thought Yes but lets not be too quick to judge here that No
> is incorrect.
> I agree the answer is not in the Act
>
> We know the UK Act does not faithfully reproduce the
> requirements of the EC
> directive and we also know that if the Act has failings then the EC
> directive can be applied. Whats to say there is not something about EU
> citizen rights only in the legislative hierarchy which drove
> the directive.
> What is needed is clear organised research to answer this. .
>
> What appears clear is that most DPA officers would entertain
> the request
> whether the rights are there or not.
>
> David Wyatt
>
> ----- Original Message -----
> From: "Graham Hadfield" <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: Monday, November 29, 2004 3:54 PM
> Subject: Re: [data-protection] FW: [data-protection] Non Uk
> Citizens access
> rights
>
>
> > >NO - only EU citizens (not sure about the status of
> accession states).
> >
> > The act defines a "data subject" as "an individual who is
> the subject of
> > personal data" - doesn't say anything about nationality.
> Therefore, the
> > answer to the original question must be Yes.
> >
> > Graham
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|