Tim Trent on 18 August 2004 at 13:56 said:-
> I think the question is: "If a data processor is under a
> binding contract to
> the data controller to comply with UK DPA (or more stringent
> laws) despite
> their locality, is the export of data, even sensitive data,
> against the
> letter and spirit of the relevant laws?". I present this
> uncommented upon
> for discussion here
As a generic question a generic answer would be that provided the binding
contract could be followed appropriately the export of data would be in
order.
Gauging appropriate is not easy, as many international companies will no
doubt be aware, so following the EU trans-border data flow guidance and
documentation does provide a simple measurement of appropriate. i.e. if
listed - probably legitimate, if not - some doubt on sustaining appropriate
protections must exist.
Given the Norwich Unions reported new car insurance plan, where the amount
of insurance paid is directly related to where the car is driven, (as
tracked and documented by computer location systems controlled by the
company?) appropriate protections can be difficult to determine and could
impact in areas where the organisation arranging the processor contract has
no commercial interest.
Trust of course will form a major part of such contracts for many regular
data subjects, who could well have nothing to fear from their data being
processed in India.
Ian w
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|