In a landmark legal decision affecting online data, the European Court of Justice last week defined what constitutes the transferral of personal data across national borders. The case, in which the European Court ruled on whether a church worker could be fined for processing personal data about colleagues online, also addressed the transfer of personal data. The question was whether placing personal information online constituted a transferral of that data to other countries that could access that information via the internet.
The court decided that in such cases data is not in fact transferred abroad, because it is merely viewed in other countries but stored on a server in the host country. Paula Barrett, head of data protection at law firm Eversheds, said the ruling would be welcomed by UK-based companies that run web sites, intranets and extranets.
"This is good news," said Barrett. "There has been a debate about whether when you put personal data [such as a worker's phone number] on a web site you could be transferring it abroad, and as such would have to get approval from everyone concerned. This has taken the common-sense view that this is not the case. As it is placed onto a server you are not physically transferring it."
George Gardiner, a partner at law firm Stephenson Harwood, agreed: "This is good news for businesses - to decide otherwise would have created many problems."
However, Eversheds' Barrett warned organisations not to become complacent about their data protection processes, following the ruling. "People do not have carte blanche to put whatever they want on web sites," Barrett commented.
Quelle: Vnunet, 17.11.2003
