outsourcing GP appointments to India: is this legal under DPA?

[Ian Batten]

On 15 Jan 2011, at 21:29, Roland Perry wrote:

> In article <AANLkTim08VD1xv9b_AF2JaHuMpsXvBMkJE7tbk6qWjm8 at mail.gmail.com>, Adrian Midgley <amidgley at gmail.com> writes
>> 
>> Data is data, and if it is accessed in India data has reached India
> 
> And the exact opposite theory (to the one you are critiquing) is used to prosecute people who administer offshore child porn sites from the UK.

That's a really good point.  I had tried to construct some similar counter-argument to the NHS's position involving logging in to classified servers via a thin client to view material in breach of the Official Secrets Act, but came up against the Computer Misuse Act.    Your example "solves" that: the NHS argument would appear to mean that if a Bad Person offers a Citrix, RDP, VNC or similar remote login solution so that UK residents can log in to a server located in (for the sake of argument) international waters and then view child pornography residing on that server, no offence will have taken place.   

If the argument is made by the prosecution, as it would be, that the transient copy created in memory as part of displaying the image constitutes "making" an image, then a fortiori the NHS's position collapses.  If the NHS's position is sustained, then provided a consumer of child pornography can show the images were only transiently present on their machine, they have an arguable defence.    Child Pornography legislation is closer to strict liability than Data Protection, so the arguments aren't symmetrical, but
I suspect no-one has thought this through in enough detail to know...

ian