The Witchfinder points out some potential flaws in the Block Bot team’s reasoning, in light of their claims that hosting data abroad makes them immune from UK Data Protection legislation.
Your author will be brief. Some members of the Block Bot team advance the idea that holding the data abroad makes them immune from UK Data Protection law. Funnily enough, UK legislators thought of that.
The Data Protection Act 1998, Schedule 1, provides as follows –
“[…] 8 Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.“
Now, Block Bot creator James Billingham and for that matter the blocker who added me are based in the UK (although the latter has now resigned). So if they decide to block someone, where is the data? Well they have to write it down on a computer or similar device such as a mobile phone, based wherever they are.
Q. If someone types data into the Twitter client on a mobile phone in the UK, before they click ‘send’ where is the data?
A. In the mobile phone’s memory, in the UK.
Q. If someone types data into the Twitter website on a PC in the UK, before they click ‘send’ where is the data?
A. In the PC’s memory, in the UK.
Q. When they click send what happens?
A. The data is transmitted to the Twitter servers in the United States, thereby transferring it outside the EEA.
What does the ICO Guidance, here say?
“You will be processing personal data in the UK and transferring it even if:
you collect information relating to individuals on paper, which is not ordered or structured in any way; and”
“Putting personal data on a website will often result in transfers to countries outside the EEA.”
The Claimant rests. (If someone junior from the Information Commissioner’s Officer went along with the ‘abroad’ argument we would only escalate it and ask them to clarify).