Quote

I don't want Bush's anti-terror thugs reading my e-mail !

Wonder why   

Quote from: disfroot

Isn't this illegal under EU Data Protection Law ?

No it's not.

Hi,
This is part of us using Postini to reduce spam. You can see more information regarding this here.
You can opt-out of Postini if you wish, however the long-term plan is to retire our existing anti-spam solution so this would leave you with no server side filtering.
It's worth mentioning that no email is stored on Postini servers.

Quote from: HPsauce

Quote from: disfroot Isn't this illegal under EU Data Protection Law ? No it's not.

no sources quoted, I note.
There are three issues that I can see
i) Postini , if US-based, must be in compliance with the (weak) requirements of the
Safe Harbor (sic) EU-US legislative agreement -  where is the evidence of compliance ?
http://www.export.gov/safeharbor/sh_overview.html
ii) all data transiting through non-UK territory loses any protection
against interception by unauthorised third parties it may have enjoyed
under RIPA had the UK<->UK traffic not been re-routed.

iii) why did Plusnet not seek my explicit consent, warning me that I would be losing
data protection as a result of their outsourced anti-spam implementation ?

Quote from: Mand

Hi, This is part of us using Postini to reduce spam. You can see more information regarding this here. You can opt-out of Postini if you wish, however the long-term plan is to retire our existing anti-spam solution so this would leave you with no server side filtering.

not exactly a choice where anyone who has been reading the news
for the last 7 years wants  to choose either option, is it ?

Quote

It's worth mentioning that no email is stored on Postini servers.

where 'stored' is defined as ? clearly the mail is routed to and analysed by Postini's
servers

Quote from: shutter

Quote I don't want Bush's anti-terror thugs reading my e-mail ! Wonder why

surely you  must have your own list of 'Mickey Mouse' countries where you
wouldn't want your e-mail sent just in case it fell into the hands of people
who only had their selfish best interests at heart ?
The US is a competing foreign government.

I wondered why? on three counts...
1..... why should  "Bush's anti-terror thugs" want to read your emails?
2......Why should "Bush's anti-terror thugs" pick out your emails from the zillionz & zillionz in the system?
3... Why you should be so worried?  What have you got to hide? Are you a terrorist in disguise?

Explicit informed prior consent is clearly required according to this
http://ec.europa.eu/justice_home/fsj/privacy/thridcountries/background-info_en.htm#transfert

---
"When can personal data be processed?"
Personal data can be processed (i.e. collected and further used) if:
The data subject has unambiguously given his or her consent (i.e. if he or she as agreed freely and specifically after being adequately informed), or
Data processing is necessary for the performance of a contract or in order to enter into a contract requested by the data subject (e.g. processing of data for billing purposes or processing of data relating to an applicant for a job or for a loan) or
Processing is required by law or
Processing of data is necessary to protect a vital interest of the data subject or
Processing is necessary in the performance of tasks carried out in the public interest or by official authorities (such as the government, the tax authorities, the police etc.) where this is necessary for the accomplishment of their tasks.
Finally data can be processed whenever the controller or a third party has a legitimate interest in doing so and this interest is not overridden by the interest of protecting the fundamental rights of the data subject, particularly the right to privacy. This provision basically establishes the need to strike a reasonable balance in practice between the business interest of the data controllers and the need for privacy of data subjects. This balance has to be struck in the first place by the data controllers under the control of the data protection authorities, although ultimately it will be for the courts to decide.
More stringent rules apply to processing of sensitive data relating to racial or ethnic origin, political opinions , religious or philosophical beliefs, trade union membership and the processing of data concerning health or sex life. Such data cannot be processed unless the data subject has given his or her explicit consent. Member States may prohibit altogether some forms of processing of these data. A number of derogations, however do apply which allow for the processing of these data in certain cases subject to particular safeguards. These cases include the processing of data mandated by employment law, the cases in which it is impossible for the data subject to consent (e.g. blood testing of the victim of a road accident), processing of data manifestly made public or processing of data about members by trade unions, political parties or churches).
---

clearly unencryped e-mail may routinely fall into the 'sensitive' category referred to in the last para.

This seems to hinge on whether your 'personal data' is 'processed'
I think the definition of 'Personal Data' above pretty much excludes email. 
Of course, unless you have a personal agreement with every email server and relay server in the world to transmit email on your behalf.
One might argue that there is a reasonable belief that any email sent to a .co.uk address would be kept within the UK.  In practice, this is often not the case (where .co.uk domains are hosted in remote datacentres for example).  Again, would you contact the remote company before sending an email to ensure that this would be the case?  How would you contact them?  By email?
The Postini system is used by lots of companies worldwide.  I'm fairly sure the legal ramifications will have been explored?
B.

Hi Barry: "...I'm fairly sure the legal ramifications will have been explored?"  Mmm, unless confirmed I doubt that that is so. 
In the meantime, "..I have returned with Peace in our time" I'm fairly sure he was right too!

Quote from: Barry

This seems to hinge on whether your 'personal data' is 'processed' I think the definition of 'Personal Data' above pretty much excludes email.

you mean (from your first link)
---
The Data Protection Act gives the following definition [of Personal Data]:
"Data which relates to a living individual who can be identified [-] from those data, or [...]
---
can't be construed to refer to an e-mail ? I would have said this definition is so basic
it _must_ refer to e-mail.

Quote

[] One might argue that there is a reasonable belief that any email sent to a .co.uk address would be kept within the UK.  In practice, this is often not the case (where .co.uk domains are hosted in remote datacentres for example).  []

but - you are replacing a system where some ( in practice, most) of your e-mail stays within the UK and thus enjoys the legal protection of RIPA and other legal safeguards, with a system where none (0%) does.

Quote

The Postini system is used by lots of companies worldwide.

whether the EU users of the Postini system properly notified their customers prior to use is not listed here,
and, in a sense, isn't relevant if the legality rests on such notification. In which event, only whether PlusNet got informed consent is relevant.

Quote

I'm fairly sure the legal ramifications will have been explored? B.

I note the parent company's actions
http://www.theregister.co.uk/2008/04/17/ripa_phorm_shambles/
and take a different view.

Quote from: disfroot

I just noticed that Plusnet are now routing my incoming e-mail via a server in the US without my permission.

and....

Quote from: disfroot

Isn't this illegal under EU Data Protection Law ?

Well, as I understand it your ISP should not allow other parties access to your data.
Exactly what Postini are doing with the data has never been made explicit. There is clearly processing at some level. Whether this is just a 'passive' filtering exercise against signatures derived by some process outside of users email traffic, or , whether there is also some storage of 'signature data' (as distinct from the emails themselves) we don't know.
Personally I've not felt too excited about this since I assume that all email is 'wide open' anyway. However, since Postini are owned by Google who seem intent on indexing the planet I do wonder if some signature data or analysis of it is being stored. To simply say 'no email is being stored' doesn't really say very much at all.
Phorm have protested that no user identifiable data is stored yet look at the stink being caused there.
So whats so different about Postini?

All  UK Mobile phones conversions are listened to by The US goverment
and
My web page has been visted by them to

puddy
c/o Camp Delta
    Guantanamo Bay
      Cuba