JISCMail - DATA-PROTECTION Archives

Oops typo in my first sentence:

Good question. If my recipient is an EU company, then I do not think I am transferring the data to outside of the EU, .....

Renzo Marchini
Special Counsel
Dechert LLP
+44 20 7184 7563 Direct

From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Marchini, Renzo
Sent: 04 April 2016 16:33
To: [log in to unmask]
Subject: Re: [data-protection] email address as personal data
________________________________
Donald

Good question. If my recipient is an EU company, then I do not think I am transferring the data to outside of the US, I think my recipient would be (ie transferring data to its processor and it is its problem to have the correct model contract in place!   As you say, taking the technology out of the problem.

Best
Renzo

Renzo Marchini
Special Counsel
Dechert LLP
+44 20 7184 7563 Direct

From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Donald Henderson - CHX
Sent: 04 April 2016 15:32
To: [log in to unmask]<mailto:[log in to unmask]>
Subject: Re: [data-protection] email address as personal data

Picking up on the third point, what if it isn't a US company, but they use a US-based cloud email provider?

Something I like to do  is try and remove the technology from the problem. If this was a conventional letter with the sender's signature, would we actually consider this a data transfer problem?

Donald Henderson
Information Compliance Manager
Perth & Kinross Council

From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Claire E Miller
Sent: 04 April 2016 15:25
To: [log in to unmask]<mailto:[log in to unmask]>
Subject: Re: [data-protection] email address as personal data

An employee of an EU company sends an email (on behalf of the employer) to an address of an individual at a US company.


1.     Is this a transfer of "personal data" for the purposes of the eight principle?   (The content of email is not personal data.  But the email heading will contain, as usual, the email address "From: [log in to unmask]<mailto:[log in to unmask]>".)



I think it must be - it identifies the individual and tells you that they work for the organisation.


2.     If so, can the EU company rely on "consent" of the employee to avoid having to comply with the eighth principle?

Is the employee really consenting if they are told by their employer to email someone and it is part of their role? Is it a request or an order? Is it reasonable/acceptable for them to say no? If not, it's not really consent.


3.     If so, does it make any difference if the employee does not know that the nationality of the recipient entity (ie does not know that the company at which the recipient works is a US company)?



If the employee can consent freely to sending the email, it must make a difference whether or not they know that the recipient works for a US company, otherwise it's not informed consent - they can't consent to sending the email (and their personal data) to the US if they don't know that that's what they're doing.


Claire Miller
Information Governance Officer
Legal Services
University of Central Lancashire

From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Marchini, Renzo
Sent: 04 April 2016 15:14
To: [log in to unmask]<mailto:[log in to unmask]>
Subject: [data-protection] email address as personal data

I would appreciate the lists thoughts on the following conundrum.

It is generally accepted that an email address is personal data.

An employee of an EU company sends an email (on behalf of the employer) to an address of an individual at a US company.


1.     Is this a transfer of "personal data" for the purposes of the eight principle?   (The content of email is not personal data.  But the email heading will contain, as usual, the email address "From: [log in to unmask]<mailto:[log in to unmask]>".)


2.     If so, can the EU company rely on "consent" of the employee to avoid having to comply with the eighth principle?


3.     If so, does it make any difference if the employee does not know that the nationality of the recipient entity (ie does not know that the company at which the recipient works is a US company)?

Note I know the UK (with it self-assessment as to adequacy rules on transfer) are more permissive, but I am interested more in the general position.

Any thoughts gratefully received!

Best
Renzo

________________________________
________________________________
This e-mail is from Dechert LLP, a law firm, and may contain information that is confidential or privileged. If you are not the intended recipient, please delete the e-mail and any attachments, and notify the sender. Dechert LLP is a limited liability partnership registered in England & Wales (Registered No. OC306029) and is authorised and regulated by the Solicitors Regulation Authority. A list of names of the members of Dechert LLP (who are solicitors or registered foreign lawyers) is available for inspection at its registered office, 160 Queen Victoria Street, London EC4V 4QQ.
________________________________

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.jiscmail.ac.uk_lists_data-2Dprotection.html&d=CwMFAg&c=XHgqDMffAkUKcWDgZTAtfA&r=WA4vMljdqTypcda6BHAprb1VUCTP6WWutu0BST87unI&m=bynRSpUjzgV0Wg29IDD7XGBs-gDzjlJQtLrvLqRi1rg&s=IYhxGIn1pRgSp0lijbBo5bo0qeGWPjgQ01lGD3CeAeQ&e=>

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

  *   Leaving this list: send leave data-protection to [log in to unmask]<mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
  *   Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
  *   To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
  *   To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.jiscmail.ac.uk_help_commandref.htm&d=CwMFAg&c=XHgqDMffAkUKcWDgZTAtfA&r=WA4vMljdqTypcda6BHAprb1VUCTP6WWutu0BST87unI&m=bynRSpUjzgV0Wg29IDD7XGBs-gDzjlJQtLrvLqRi1rg&s=rHC31H2JRp0zUP1x655MFs6KkMjERMVqQeGYFwyxnq4&e=> and are sent in the body of an otherwise blank email to [log in to unmask]<mailto:[log in to unmask]>

Any queries about sending or receiving messages please send to the list owner [log in to unmask]<mailto:[log in to unmask]>

(Please send all commands to [log in to unmask]<mailto:[log in to unmask]> not the list or the moderators, and all requests for technical help to [log in to unmask]<mailto:[log in to unmask]>, the general office helpline)

________________________________

**********************************************************************
This e-mail is from Dechert LLP, a law firm, and may contain information that is confidential or privileged. If you are not the intended recipient, please delete the e-mail and any attachments, and notify the sender. Dechert LLP is a limited liability partnership registered in England & Wales (Registered No. OC306029) and is authorised and regulated by the Solicitors Regulation Authority. A list of names of the members of Dechert LLP (who are solicitors or registered foreign lawyers) is available for inspection at its registered office, 160 Queen Victoria Street, London EC4V 4QQ.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^