Dave Wyatt on 05 February 2002 at 01:46 said:-

> A 'data subject' can reside anywhere in the world and have
> rights under the UK Act provided the data controller or his representative
is
> subject to UK law.

Agreed. And one of those rights is not to have their data transferred to a
country which does not uphold their rights without their consent.

> This to my mind does not allow a data controller to
> argue he cannot dispatch the subject access simply by trying to argue
eighth principle.

The eight principle is not the full basis of the point I am trying to
explore.

> Im intrigued by the scenario can you clarify by example how
> this occurs?

A data subject within a country which does not support the level of human
rights agreed at an international level,
http://www.un.org/Overview/rights.html
 and who has visited the UK, say for a university course, is required by
persons wishing her harm to obtain the response to a subject access request
from the university data controller within the UK. The data controller
within this country would be legally required to respond to the request.
(Even if the data subject were in some form of detention within the other
country.) The educational attainment/university course was of a type not in
favour within the home country at that time, although there would have been
nothing unlawful involved at international level.

How would such a situation sit with the EUCHR and the HRA? (Hence my
earlier reference to the HRA as a potential means of finding an answer.
Perhaps one of the legal eagles could comment?).

Considerations involving principle eight issues involves determining if the
data subjects rights will be upheld in a country data is transferred to; And
consequently must involve EUCHR/HRA type considerations. Could principle
eight compliance, if necessary, then be used as a ready tool to link into
for determining any response in cross border situations?

What definition of data exists to determine if a trans-border data flow
exists? It seems to me, correctly, that there is no quantitive limit
involved. Unless I have missed something of course.

I mention the CRB because I assume they will have liased with other
countries who offer similar services and wonder how they had arranged to
deal with these types of issues, following the advice received from the
other countries. :-)

The exemptions come into play when considering legal exemptions or similar,
in similar types of scenarios. I am aware that with section 29 exemptions,
there are HRA as well as other considerations involved prior to transfer.

Looks to me like an anomaly.

Ian W


> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Dave Wyatt
> Sent: 05 February 2002 01:46
> To: [log in to unmask]
> Subject: Re: Transborder data flows
>
>
> Ian
>
> A 'data subject' can reside anywhere in the world and have
> rights under the
> UK Act provided the data controller or his representative is
> subject to UK
> law. This to my mind does not allow a data controller to
> argue he cannot
> dispatch the subject access result to the country where the
> data subject
> resides and in a language the data subject understands
> (intelligible copy?)
> simply by trying to argue eighth principle.
>
> I would also assume clear consent from the data subject must
> be forthcoming
> as part of authenticating process which must exist when
> processing a data
> subject access request before proceeding with any data
> release. (Reasonable
> process) How can you proceed with subject access without
> evidence of the
> consent of the data subject or his appointed agent. If a data
> subject wants
> the data posted to any location worldwide he has to specify
> this fact in
> writing (Section 7(2))which would surely be evidence of
> consent, negating
> any arguments of using the application of eighth principle to
> a prevent
> completion of a subject access request.
>
> Im intrigued by the scenario can you clarify by example how
> this occurs?
>
> David Wyatt
>
> > -----Original Message-----
> > From: This list is for those interested in Data Protection issues
> > [mailto:[log in to unmask]]On Behalf Of Su Goulding
> > Sent: 04 February 2002 10:10
> > To: [log in to unmask]
> > Subject: Re: Transborder data flows
> >
> >
> > consent of data subject?
> > Su
> >
> > -----Original Message-----
> > From: Ian Welton [mailto:[log in to unmask]]
> > Sent: Friday, February 01, 2002 7:54 PM
> > To: [log in to unmask]
> > Subject: Transborder data flows
> >
> >
> > If a data controller receives a valid request for
> information from a data
> > subject outside the EEA, and can properly respond to such a
> request within
> > the EEA, may they so pass the response outside the EEA, even if
> > it involves
> > a trans-border data flow to a country without adequate
> protection for the
> > rights of the individual?
> >
> > Ian W
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > All archives of messages are stored permanently at
> > http://www.jiscmail.ac.uk/lists/data-protection.html
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> > (all commands go to [log in to unmask] not the list please)
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> >
> >
> =====================================================================
> >
> > This email is confidential and may also be privileged. If you
> > are not the intended recipient please notify us immediately by
> > telephoning +44 (20) 7330 3000 and requesting the IT Helpdesk.
> > You should not copy it or use it for any purpose nor disclose its
> > contents to any other person.
> >
> > Allen & Overy
> > One New Change
> > London
> > EC4M 9QQ
> >
> > Tel:+44 (20) 7330 3000
> > Fax: +44 (20) 7330 9999
> > General Email: [log in to unmask]
> > www: http://www.allenovery.com
> >
> > Allen & Overy is a solicitors' partnership. A list of the names
> > of partners and their professional qualifications is open to
> > inspection at the above office. The partners are either
> > solicitors or registered foreign lawyers.
> >
> > IMPORTANT NOTICE:
> >
> > This is a legal communication not a financial communication.
> > Neither this nor any other communication from this firm is
> > intended to be, or should be construed as, an invitation or
> > inducement (direct or indirect) to any person to engage in
> > investment activity. The following information is provided in
> > accordance with the Solicitors' Financial Services (Conduct of
> > Business) Rules 2001. The provision of our legal services may
> > relate to investments. We are not authorised by the Financial
> > Services Authority, but we are regulated by the Law Society and
> > we can undertake certain activities in relation to investments
> > which are limited in scope and incidental to our legal services
> > or which may reasonably be regarded as a necessary part of our
> > legal services. If for any reason we are unable to resolve a
> > problem between us and a client, our client may utilise the
> > complaints and redress scheme operated by the Law Society.
> >
> >
> >
> =====================================================================
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > All archives of messages are stored permanently at
> > http://www.jiscmail.ac.uk/lists/data-protection.html
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> > (all commands go to [log in to unmask] not the list please)
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^