Page last updated on Wednesday, November 16 2005 at 2043 UK
The European Court of Justice (ECJ) has ruled on the scope and application of the European Data Protection Directive in the case of Bodil Lindqvist. This ruling means that personal data contained in a web page does not necessarily constitute a breach of the data protection legislation.
Until now, the data protection authorities in the European Economic Area (EEA) have determined that any organisation placing personal data on a web page is in contravention of data protection law. This is because the data could be accessed from outside the EEA and the act of posting it therefore constitutes a breach of prohibition under the EEA Data Protection Directive on transferring data to non-EEA countries.
This treatment has recently changed, however, following a decision by the ECJ in the case of Bodil Lindqvist. The decision establishes that the inclusion of personal data in a web page which is hosted on the server of a European hosting company does not breach the Data Protection Directive because it does not, in itself, constitute a transfer of data outside of EEA territory. This applies so long as the hosting provider is established in a European state and does not depend upon the server itself being located within the European Community.
This decision is likely to be of interest to any organisation which uses global intranet systems to share information or which promotes its business using a website which includes details about employees.
In reaching their decision, the ECJ noted that the Data Protection Directive does not define ‘transfer’ and it contains no provisions concerning the use of the Internet. The Court considered the technical nature of the Internet and the fact that the information posted by Mrs Lindqvist would only be accessible on request and through the infrastructure of the hosting provider.
The decision of the ECJ in this case reverses previous guidance from the Information Commissioner and, whilst it is helpful in setting precedent, it does raise further questions.
The ECJ’s ruling considers only the owner of the website; it does not comment on the position of the hosting provider who is providing the infrastructure to facilitate multinational access to the personal information. Furthermore, the ruling does not negate the requirement for an individual’s consent in order to justify processing their sensitive personal data, which can include photographs.
The full text of the Lindqvist decision (ECJ Case C-101/01) can be found here (Adobe Acrobat format, 119kb).
If you would like us to contact you about ecj rules on applicability of data protection legislation to websites or any other issue, please fill in your details below...
Thu, 02 Feb 2006 17:42:07 GMT
TKM looks at the details of China's latest landmark IPR ruling
Mon, 31 Oct 2005 12:50:00 GMT
TKM embarks on industry-first with new online services
Tue, 18 Oct 2005 10:35:00 GMT
TKMs Director of ICT Forensics admitted to Expert Witness Institute
Home | Client Login | Services | International | Corporate | Contact Us
© TKM Technologies Ltd. 2009 All rights reserved.
Print this article
