On Monday, 19 August 2019 17:26:06 UTC+3, Mathew Hodson  wrote:
> If these situations were common, it could create a chilling effect on
> problem reporting that would hurt the WebPKI ecosystem. Are specific
> procedures and handling of contact information in these situations
> covered by the BRs or Mozilla policy?

>From my experience if something is already covered by legislation there 
>doesn't need to be a separate procedure for "complying with the law".

Since that researcher is an EU citizen from Netherlands, the GDPR applies for 
his personal contact data and both Sectigo's and that "angry" company's actions 
are (possible) GDPR violations.

Was there explicit consent given to Sectigo to forward his contact details to 
that company? Is that "angry" company even aware of the GDPR?
(GDPR, article 6 and 7)
dev-security-policy mailing list

Reply via email to