I think this is the equivalent of, but not identical to, section 5(1) (b) of
DPA 1998 and applies to processing of Greek data in Greece by a company
which operates in, and may even have an office in, Greece but where the
company is not established, i.e. legally registered, in Greece - say a
Thomson holiday reps office having dealings with Greeks?
In your scenario I don't think the Greeks would intend Greek law to apply.
Alasdair Warwood
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]]On Behalf Of Trevor Chew
Sent: 01 December 2004 10:53
To: [log in to unmask]
Subject: Greek Data Protection Law
Has anyone come across this one before in connection with Greek DP Law?
Imagine a Greek citizen who normally lives in Greece but has a holiday home
in the UK. Whilst in the UK, this person does some business with a UK Data
Controller who processes some personal data about the Greek citizen.
Below is a translation of the Greek DPA. Section 3b appears to put Greek
DPA obligations on UK data controllers (and other EU data controllers as
well). Is this not at odds with the EU DP Directive (Article 4) which
defines how national DP law should apply?
3. The present law shall apply to any processing of personal data, provided
that such processing is carried out:
a) by a Controller or a Processor established in Greek Territory or in
a place where Greek law applies by virtue of public international law.
b) by a Controller who is not established in Greek Territory or in a
place where Greek law applies, when such processing refers to persons
established in Greek Territory. In this case, the Controller must designate
in writing, by a statement addressed to the Authority, a representative
established in Greek territory, who will substitute the Controller to all
the Controller's rights and duties, without prejudice to any liability the
latter may be subject to. The same shall also apply when the Controller is
subject to exterritoriality, immunity or any other reason inhibiting
criminal prosecution.
c) by a Controller who is not established in the territory of a
member-state of the European Union but in a third country and who, for the
purposes of processing personal data, makes use of equipment, automated or
otherwise, situated on the Greek territory, unless such equipment is used
only for purposes of transit through such territory. In this case, the
Controller must designate in writing by a statement addressed to the
Authority a representative established in Greek territory, who will
substitute the Controller to all the Controller's rights and duties, without
prejudice to any liability s/he may be subject to. The same shall also apply
when the Controller is subject to exterritoriality, immunity or any other
reason inhibiting criminal prosecution.
Would anyone like to comment on whether they think this may just be a dodgy
translation of Greek DP law, or if a UK data controller could indeed be
bound by the Greek DPA in the above circumstances?
--
----------------------------------------------------------------------------
--
Halifax plc, Registered in England No. 2367076. Registered Office: Trinity
Road, Halifax, West Yorkshire HX1 2RG. Regulated by the Financial Services
Authority. Represents only the Halifax Financial Services Marketing Group
for the purposes of advising on and selling life assurance, pensions and
collective investment scheme business.
===========================================================================
==
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
