outsourcing GP appointments to India: is this legal under DPA?

Peter Mitchell otcbn at callnetuk.com
Thu Jan 20 11:09:12 GMT 2011

Nicholas Bohm wrote  on 19-01-11 18:17:
> The question is, who does the exporting?  And the answer, now - I think
> - as then, is that it is the person who does the acts which cause the
> data to be exported.  That may indeed be the person who, from outside
> the UK, sends the request to the UK website which makes the data
> readable abroad.

In the recent Sportradar case, the High Court Chancery Division decided that "a company is responsible for 'making available' internet-hosted material in the country where its host server is based, not in the country where the material is read or used". 

This seems relevant to our "exporting" controversy. But I do not know to what extent judgments of a court that deals with one particular area of the law are regarded as binding on courts that deal with other areas. Probably it is decided on a case by case basis, the main desideratum being whatever best suits the authorities.  

Re outsourcing medical data to India; it has been done routinely for a decade at least, and for material that is far more sensitive than appointments. Several specialist companies have been set up to do it, and AFAIK are flourishing.  

Pete Mitchell

More information about the ukcrypto mailing list