LOL
Might not be necessary, but I’m sure Lawrence (or any of us) participating in this board have consented to the processing you are undertaking Jonathan.
Can’t get you out of jail though for failing to notify....
R
Renzo Marchini
Special Counsel
Dechert LLP
+44 20 7184 7563 Direct
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]]
On Behalf Of Baines, Jonathan
Sent: 21 January 2015 09:32
To: [log in to unmask]
Subject: Re: [data-protection] Outsourcing and sensitive personal data
If one pushes at the extremities of data protection law, one starts to feel absurdity.
I’m processing your personal data here, Lawrence, and I’m determining the purposes for which and the manner in which I am doing so. I am, de facto, data controller. Arguably I
don’t have an exemption from notification, so I may be committing a criminal offence by failing to notify. I can probably claim the sixth condition in Sch 2 DPA to legitimise the processing, but there is even an argument as to whether the processing is “necessary”
etc.
I don’t know where Jiscmail store the data sent via this list, and I don’t know what security measures they take – have I met my DPP7 and DPP8 obligations? (Not to mention DPP2
and DPP5).
If one construes “domestic purposes” broadly and pragmatically (as the ICO does) then all of my processing here is probably exempt, but Lindqvist made abundantly clear that “The
act of referring, on an internet page, to various persons and identifying them by name or by other means…constitutes the processing of personal data wholly or partly by automatic means...[and] is not covered by any of the exceptions in Article 3(2) of Directive
95/46”.