[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Request for help - Tor legal FAQ



Hi,

On 04.04.2011 07:54, Marcia Hofmann wrote:
> To make the FAQ as current and useful as possible, we want to make sure
> that we know about any legal issues that relay operators in the United
> States may have experienced over the past few years.

I understand the focus on USA, but wouldn't this be a good opportunity
to add legal information about other countries as well?

For example, I was unsure about the legal situation in the UK and data
retention, so I was blunt enough to write to the ICO Information
Commissioner's Office.

-------- snip --------
Subject: 	Response from the Information Commissioner's Office
Date: 	Fri, 11 Feb 2011 11:15:36 +0000
From: 	<casework@xxxxxxxxxxxxxx>

Dear Mr Bartl,

Thank you for your emailed enquiry to the Information CommissionerÂs
Office (ICO), dated 26 January 2011, regarding Tor exit software.

As I understand it, your enquiry asks for our advice on the legal
requirements relating to the retention of personal data in the UK.

The principle requirement regarding the retention of personal data is
contained within the Data Protection Act 1998 (DPA98). The DPA98 is
specifically concerned with the processing of personal data by
organisations (Âdata controllersÂ). ÂProcessing includes obtaining,
holding, recording, disclosing or using personal data in any way.
Personal data is data which relates to and identifies a living individual.

The Fifth Principle of the DPA98 states personal data must not be
retained for longer than necessary for the purpose or purposes for
processing. Therefore, the DPA98 does not place a mandatory retention
period on personal data, or particular categories of personal data, but
requires that any data controller retaining personal data must have a
justifiable reason for doing so.

For further information, please use the following link:

Principle 5 - Data Protection Guide
<http://www.ico.gov.uk/for_organisations/data_protection/the_guide/information_standards/principle_5.aspx>

As your correspondence identifies, there are other statutory
requirements which stipulate minimum retention periods for particular
categories of personal data (such as the EU Data Retention Directive).
However, the ICO can only consider issues relating specifically to
legislation which we oversee (the DPA98, Freedom of Information Act
2000, Privacy and Electronic Communications (EC Directive) Regulations
2003 and Environmental Information Regulations 2004). For further
information about the impact of the Data Retention Directive in the UK,
you may wish to contact the Department for Business, Innovation and
Skills at http://www.bis.gov.uk/



Yours sincerely,

Case Officer  First Contact Group
*Information CommissionerÂs Office*
Tel: 0303 123 1113. Ext 5686.
-------- snip --------

-- 
Moritz Bartl
https://www.torservers.net/
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays