Dear Pals,

The Transborder Data Flow must be reviewed on case-by-case basis.
The UK Law and the EU Directive relate to two types of countries of
destination for "data flow" - Such which have adequate Privacy Protection
legal arrangements and the "others" who are -non-compliant.

The later include the USA and the former the State of Israel (1981 ACT,
regulations and Data Bases Registrar).

In the case of Turkey one must first establish (with the help of the UK
commissionaire and EU relevant data (available on the Site of the Council) -
if it belongs to the later type - "non compliant" states - then the solution
is a specific Agreement among the recipient in Turley and owner of the
database (in this case the List of e-mail subscribers) - the wording samples
are available from ICC site (International Chamber of Commerce).

Germany has prevented processing Credit Cards transactions of its nationals,
until the "processor" firm in the USA has signed such and agreement, that
ensured the rights of data subjects as if the processor operated in Germany
and... allowed German Inspectors to enter the processing site in Texas(?)
USA,  at any time, and verify that all the measure for Data Protection and
processing of complaints by data subjects have been implemented, as
contracted.

If interested please contact me for further assistance \ consultation.



Yosi Margalit LL.B. CISA
The Privacy Protection Public Council
Min. of Justice, Gvmt. Of Israel
19 Vitkin street
Tel-Aviv 63474
Tel:03-5464642, Mobile:058-804368
FAX: 03-5463152

-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]]On Behalf Of Roger Cook
Sent: Thursday, January 25, 2001 6:41 PM
To: [log in to unmask]
Subject: Re: Mirroring of discussion list archives

 Dear All,

 Yes an interesting problem.  Herewith a contribution for discussion.

 1. The data transfer to Turkey will be outside the EEA so should be
 subject to informed prior consent.

 2. An email address is "personal data" in some circumstances.  The one I'm
 using here is not because the nature of my job means that it is a public
 one.  Others in the group may have private ones and these need permission.

 3. I don't think we should hamper the acquisition of knowledge by any
 student and, dare I say it, Turkey is struggling a bit with its EU
 membership because of its Human Rights record so access to the data here
 may be beneficial.

 4. The student supervisor has taken the best first step of asking.  When
 this occurs, my reaction is always to say that the person is establishing
 legitimacy.  If they were not "legal decent honest & truthful" they would
 have just done it!

 5. There is nothing that I have posted that would cause me any concern
 should any Turkish student read it.

 6. So on balance, I would be in favor of the data transfer.

        But perhaps there are contrary opinions?

                Roger Cook


______________________________ Reply Separator
_________________________________
Subject: Mirroring of discussion list archives
Author:  Adrian Tribe <[log in to unmask]> at Internet
Date:    25/01/2001 15:20


Dear colleagues,

I have been asked by someone in Turkey whether he can mirror on
his local (public) Web site the messages sent to a jiscmail list
that I own, so that the students and staff at his academic
institution can follow the list without clogging up his limited
bandwidth by all being subscribed individually.  It all sounds
very worthy etc, but...!

His argument is that as there is already an archive accessible
world-wide from the jiscmail.ac.uk Web site, there aren't really
any further DP considerations.  I'm not happy with that argument.
At the very least I feel I would have to inform the list members
that personal data (name and e-mail address at least) of
contributors would be being stored and displayed via a Web site in
Turkey as well as the UK, although how would I deal with it if
someone objected?  What other issues should be considered here?

On one level I realise that this is all rather petty stuff, and for
all I know, this sort of thing is going on all over the place, but
as the list owner in this case, I would like to try to do the
right thing!

Thanks.

Best wishes,
Adrian

Adrian Tribe <[log in to unmask]>
List owner, [log in to unmask]


__________________________________________________________________________

Please ensure that any attachments to this E-Mail are checked for viruses.
__________________________________________________________________________

________________________________________________________________________

The information in this email (and any attachment) may be for the
intended recipient only. If you know you are not the intended recipient,
please do not use or disclose the information in any way and please
delete this email (and any attachment) from your system.
________________________________________________________________________