Data Protection Act, 1988

Provisions in relation to certain non-residents and to data kept or processed outside State.

23.—(1) Subject to the provisions of this section, this Act does not apply to a data controller in respect of data kept, or to a data processor in respect of data processed, outside the State.

(2) For the purposes of this section, data shall be deemed to be—

(a) kept by a data controller in the place where he controls their contents and use, and

(b) processed by a data processor in the place where the relevant data equipment is located.

(3) Where a person who is not resident in the State controls the contents and use of personal data kept within the State, or processes any such data, through an employee or agent in the State, this Act shall apply as if that control was exercised or, as the case may be, the data were processed by the employee or agent acting on his own account.

(4) This Act does not apply to data processed wholly outside the State unless the data are used or intended to be used in the State.

(5) Section 19 (2) (e) of this Act does not apply to the transfer of data that are already outside the State.