Clarity on EU Data Transfer Rules
A landmark ruling by the European Court of Justice (ECJ), which clarifies EU data protection law on the transfer of data, is good news for website owners as it simplifies and restricts the work necessary to comply with data protection law.
The ruling (Case C-101/01, Criminal proceedings against Bodil Lindqvist, November 2003) was the first under the Data Protection Directive and found that personal data stored on a server in one country is not 'transferred' abroad when accessed in another country. This will save website owners a lot of time and trouble when publishing personal details such as employee phone numbers on a website. As the data is not considered to be transferred abroad, they are not required to get permission from all the parties involved.
But, although this ruling clarifies the situation in terms of the EU, wider international law varies significantly and can therefore still be problematic for website owners. In the Gutnick v Dow Jones case, the Australian High Court ruled that online articles are 'published' when they are downloaded and read outside their country of origin (December 2002). Joseph Gutnick sued Dow Jones for alleged libellous statements made in an online version of Barron’s Digest. Although the article was written in New York and placed on a server in New Jersey, the fact that it could be read and downloaded in Victoria, Australia, was enough to persuade the Australian High Court that the article had been published there for the purpose of defamation law.
Website publishers need to be careful when publishing potentially defamatory material. Although it might be safe to do so in the country of origin they may still face libel suits elsewhere. It makes sense to seek legal advice on national laws on any subject in question before placing this sort of material online.