outsourcing GP appointments to India: is this legal under DPA?
Peter Mitchell
otcbn at callnetuk.com
Thu Jan 20 11:09:12 GMT 2011
Nicholas Bohm wrote on 19-01-11 18:17:
> The question is, who does the exporting? And the answer, now - I think
> - as then, is that it is the person who does the acts which cause the
> data to be exported. That may indeed be the person who, from outside
> the UK, sends the request to the UK website which makes the data
> readable abroad.
In the recent Sportradar case, the High Court Chancery Division decided that "a company is responsible for 'making available' internet-hosted material in the country where its host server is based, not in the country where the material is read or used".
http://www.bailii.org/ew/cases/EWHC/Ch/2010/2911.html
This seems relevant to our "exporting" controversy. But I do not know to what extent judgments of a court that deals with one particular area of the law are regarded as binding on courts that deal with other areas. Probably it is decided on a case by case basis, the main desideratum being whatever best suits the authorities.
Re outsourcing medical data to India; it has been done routinely for a decade at least, and for material that is far more sensitive than appointments. Several specialist companies have been set up to do it, and AFAIK are flourishing.
--
Pete Mitchell
More information about the ukcrypto
mailing list