<div dir="ltr">2013/5/7 Clive D.W. Feather <span dir="ltr"><<a href="mailto:clive@davros.org" target="_blank">clive@davros.org</a>></span><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class="im">
<br>
</div>The European Court, in case C-101/01 ("Lindqvist") decided that<br>
<br>
there is no 'transfer [of data] to a third country' within the meaning<br>
of Article 25 of Directive 95/46 where an individual in a Member State<br>
loads personal data onto an internet page which is stored with his<br>
hosting provider which is established in that State or in another<br>
Member State, thereby making those data accessible to anyone who<br>
connects to the internet, including people in a third country.<br>
<br>
In other words, putting material on a web site is not exporting it as far<br>
as the Data Protection Act is concerned. Whether this would be accepted as<br>
precedence by a UK court on an export control matter is another question.</blockquote><div><br></div><div style>I'm sceptical as to whether Lindqvist has any relevance. The case concerned whether there had been a "transfer" of personal data by Bodil Lindqvist within the meaning of Article 25 of the data protection directive. I can immediately think of two reasons why it does not help us:<br>
</div><div style><br></div><div style>[1] It concerns two different readings "transfer" v "export" that appear in very different legal frameworks. I suspect that interpretation of one does not help with the other.</div>
<div style><br></div><div style>[2] A close reading of Lindqvist suggests it is not as helpful as one might think at first sight. The CJEU seems to think that because she did not herself carry out the transfer - it was done by the web hosting service she was using - that was OK. I suspect a court (mindful that Bodil Lindqvist faced criminal charges for blogging that someone she knew at church had a sprained ankle inter alia) wanted to make sure the web was legally possible by making a much nicer distinction than most of us would be happy to live with.</div>
<div style><br></div><div style>There's a little bit of help in the underlying EU export control legislation. Article 2(b) of Council Regulation 1334/2000 says:</div><div style><br></div>"export" shall mean:<br>
<br>...<br><br>(iii) transmission of software or technology by electronic media, fax or telephone to a destination outside the Community; this applies to oral transmission of technology by telephone only where the technology is contained in a document the relevant part of which is read out over the telephone, or is described over the telephone in such a way as to achieve substantially the same result;</div>
<div class="gmail_quote"><br></div><div class="gmail_quote" style>So, it would appear that hosting export controlled software would be an export if it were downloaded outside the jurisdiction. I cannot see how offering support could be.</div>
<div class="gmail_quote" style><br></div><div class="gmail_quote" style>But, I'm not a specialist software export lawyer. Although this is roughly my field, I haven't researched the point, so this is just how it appears to me off the top of my head.</div>
<div class="gmail_quote" style><br></div>-- <br>Francis Davey<br><br>
</div></div>