outsourcing GP appointments to India: is this legal under DPA?

Nicholas Bohm nbohm at ernest.net
Wed Jan 19 18:17:36 GMT 2011

On 19/01/2011 18:05, David Biggins wrote:
>> -----Original Message-----
>> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
>> bounces at chiark.greenend.org.uk] On Behalf Of Andrew McLean
>> Sent: 18 January 2011 7:57 PM
>> To: ukcrypto at chiark.greenend.org.uk
>> Subject: Re: outsourcing GP appointments to India: is this legal under
> DPA?
>> Another analogous situation is export controls on "technologies" (i.e.
>> intangibles). Do you think anyone would get away with "Your honour I
> didn't
>> export the plans for the ****, they remained on a server in the UK.
> Yes, they
>> could be viewed on a client workstation in Iran, but the plans stayed
> in the
>> UK".
> A little over a decade ago,  this was the position with respect to
> strong encryption technology - at least according to CESG and the DTI at
> the time.
> Sending a strong crypto algorithm to certain countries would be an
> offence.
> But putting them on a server where someone could download them, was not.
> It seemed rather ridiculous even then,   and has not grown less so with
> time.
> D.

The question is, who does the exporting?  And the answer, now - I think
- as then, is that it is the person who does the acts which cause the
data to be exported.  That may indeed be the person who, from outside
the UK, sends the request to the UK website which makes the data
readable abroad.

Contact and PGP key here <http://www.ernest.net/contact/index.htm>

More information about the ukcrypto mailing list