Thank you to everyone who has commented so far on this issue.
A couple of thoughts that come to mind after reading people's
posts and thinking a bit more about it:
1) I certainly think that anyone who operates a list server
where the list archive is available on a public Web site
needs to ensure that anyone who subscribes is aware of the
implications of this. Some might argue that JISCmail has not
done enough on this front (nor mailbase before it). As a list
owner I can change the welcome message to highlight this
issue, but I think it should be down to the operator of the
list server system to inform users of this. After all, this
is the Data Controller in this instance, yes?
2) If the list server provider is the data controller, then it
would be up to that provider (JISCmail in this instance) to
establish 'contractual' arrangements with any other Web site
operator that wishes to mirror a list archive, placing them
under the same obligations regarding data processing and
security etc as the data controller has to operate under. If
the provider was willing to enter into this kind of arrangement
then it would have to inform all potential subscribers of this
fact, so that they would know that their personal data could
appear on a public Web site in, say, Turkey.
I will, for the time being at least, turn down the request I have
had to mirror the messages posted to the list I own. However,
I am inclined to refer the person to JISCmail anyway, as I think
it should be dealt with at that level, not the list owner level.
Would others agree with that?
Thanks again.
Best wishes,
Adrian
Adrian Tribe <[log in to unmask]>
Web Editor, Birkbeck College, University of London
|