[Chapter-delegates] European data protection laws vs. membership database

[Marcin Cieslak]

Hello,

At ISOC Poland we recently stumbled into a legal problem - Polish (and
the European Union) data protection laws forbid transfer of personal
data abroad unless the country implements similar or stricter personal
or data protection measures. The United States are known not be such a
country.

There some exceptions to the rule (like when it is necessary to execute
some kind of contractual agreement in name of a person involved), they
don't apply directly to society members however.

We are considering some integration possibilities to send data of our
new members automatically to the Internet Society so that they can
become "global members". How can we do this to reduce legal hassle?

I can see some solutions to this:

1) Ask our prospective members to specifically agree to the abroad
transfer. In case they don't agree they can't become global members
(not a good solution as we have no legal ground refuse their local
membership then).

2) Check the legal situation where the ISOC membership system can be
stored and administered. The website
http://www.privireal.org/content/dp/switzerland.php
claims that Swiss laws are equivalent to the EU ones since the year 2000.

Is it possible that personal data could be hosted and administered by
the Geneva office and therefore we (at least EU countries) could avoid
this problem?

Any other solutions/ideas? Anyone (esp. from EU) looked into this before?

-- 
              << Marcin Cieslak // saper at saper.info >>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3170 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20070629/e3833eaf/attachment.bin>