** Reply to note from [log in to unmask] Wed, 1 Dec 2004 10:53:19 -0000 > Has anyone come across this one before in connection with Greek DP Law? > > Imagine a Greek citizen who normally lives in Greece but has a holiday home in > the UK. Whilst in the UK, this person does some business with a UK Data > Controller who processes some personal data about the Greek citizen. > > Below is a translation of the Greek DPA. Section 3b appears to put Greek DPA > obligations on UK data controllers (and other EU data controllers as well). > Is this not at odds with the EU DP Directive (Article 4) which defines how > national DP law should apply? > > 3. The present law shall apply to any processing of personal data, provided > that such processing is carried out: > > a) by a Controller or a Processor established in Greek Territory or in a > place where Greek law applies by virtue of public international law. > b) by a Controller who is not established in Greek Territory or in a > place where Greek law applies, when such processing refers to persons > established in Greek Territory. In this case, the Controller must designate in > writing, by a statement addressed to the Authority, a representative > established in Greek territory, who will substitute the Controller to all the > Controller's rights and duties, without prejudice to any liability the latter > may be subject to. The same shall also apply when the Controller is subject to > exterritoriality, immunity or any other reason inhibiting criminal prosecution. > c) by a Controller who is not established in the territory of a > member-state of the European Union but in a third country and who, for the > purposes of processing personal data, makes use of equipment, automated or > otherwise, situated on the Greek territory, unless such equipment is used only > for purposes of transit through such territory. In this case, the Controller > must designate in writing by a statement addressed to the Authority a > representative established in Greek territory, who will substitute the > Controller to all the Controller's rights and duties, without prejudice to any > liability s/he may be subject to. The same shall also apply when the > Controller is subject to exterritoriality, immunity or any other reason > inhibiting criminal prosecution. > > Would anyone like to comment on whether they think this may just be a dodgy > translation of Greek DP law, or if a UK data controller could indeed be bound > by the Greek DPA in the above circumstances? I got as far as here: http://www.dpa.gr/ I am afraid it will take me more coffee to remember to read Greek. What is the source of your passage above? Charles -- Charles Christacopoulos, Management Information Officer, Planning & Information, University of Dundee, Dundee, DD1 4HN, Scotland, United Kingdom. Tel: 44(0)1382-344891. Fax: 44(0)1382-348845. http://www.somis.dundee.ac.uk/ ::egothor http://www.egothor.org/ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^